Boot failed - netsvcs svchostl.exe loads of hard errors found in check log...

Viruses and worms
1

I found with Task Manager 2.007 hard errors through netsvcs svchost.exe, also 596 hard errors in Trusted Installer, consuming a lot of mem in Vista, I did a system repair to a previous reset point.
What is causing this boot problems? Software or hardware related?

polonus

2

Hi Pol,
Before you read:Don’t be concerned about my thoughts since i don’t have any great experience and i am not that trusted member here ;).
I would guess software,how would a hardware problem damage svchost,netsvcs?
My question,your answer :wink:
How about a malware installed as a service?Tdl4 is believed to cause problems to svchost.

3

Hi Left123,

These I find for svchost: Svchost.exe Modules (356 whitelisted)
C:\Program Files\Alwil Software\Avast5\snxhk.dll
c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddcmn.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
c:\windows\system32\hpzinw12.dll
c:\windows\system32\hpzipm12.dll
Also found remnants of ConduitEngine.dll ->Browser Helper Objects{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -HKLM\SOFTWARE\Classes\CLSID{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
and -C:\Program Files\Softonic-Eng7\tbSoft.dll
-HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
-HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {30F9B915-B755-4826-820B-08FBA6BD249D}
Open to debate?

pol

4

I am worried, because I read in task manager; physical mem MB 3069 In cache 1136 Available 29
Ridiculous values! When I close Google Chrome Available reads 882 MB
Where is that going/were did it go? CPU 5% Physical Mem 73% CPU 88% of max clock speed (see attached).
Is something melting away/overheating?

polonus

5

May be malware, but not TDL4.
We can look DDS diagnosis http://download.bleepingcomputer.com/sUBs/dds.scr

6

Hi argus,

Will do, the process id 1192 is the one consuming the physical mem, wait for the log,

polonus

7

polonus,

DDS shows no signs of infection. No malware is created by svchost.
For deeper analysis we need a CF, but I think it is not necessary. To me your computer is clean.

If you want we can run CF.

greeting

edit

============= SERVICES / DRIVERS ===============
.......

In this section, we would have to show the malware that creates svchost

My English is bad Sorry ;D