Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection and excessive svchost.exe memory usage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirection and excessive svchost.exe memory usage

Unread postby Cypher » October 2nd, 2011, 5:58 am

Hi drjbg,
Continue with the instructions below, once done give me an update on the computers performance.

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    [2011/09/11 11:29:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RDIADMIN\LOCAL SETTINGS\APPLICATION DATA\{D69C9FCF-9CA3-487D-86A3-37CCBCC8CC78}
    O15 - HKU\S-1-5-21-4274134260-3623583512-2864591513-1005\..Trusted Domains: aecium.com ([cffc.peak] https in Trusted sites)
    O15 - HKU\S-1-5-21-4274134260-3623583512-2864591513-1005\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
    O20 - Winlogon\Notify\dimsntfy32: DllName - (dimsntfy32.dll) - C:\WINDOWS\System32\dimsntfy32.dll ()
    O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll ()
    C:\Documents and Settings\rdiadmin\Local Settings\Application Data\ApplicationHistory
    [2011/09/17 10:35:55 | 000,479,232 | ---- | C] (WatanabeBudweiser Talmud Castro MalaysiaBurchDanbury Wilhelmina EdnaSocrates) -- C:\WINDOWS\System32\ihzp.exe
    [2011/09/14 20:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2011/09/11 11:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rdiadmin\Local Settings\Application Data\{D69C9FCF-9CA3-487D-86A3-37CCBCC8CC78}
    [2011/06/23 13:36:30 | 001,136,337 | -H-- | C] (Qjam evfg hlmfa p) -- C:\Documents and Settings\All Users\Application Data\asotocomfo.dat
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/10/01 16:11:33 | 076,004,920 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ofmocotosa.dat
    [2011/10/01 16:01:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\837401196
    [2011/09/26 19:03:25 | 000,296,374 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
    [2011/09/21 20:51:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    [2011/09/21 20:47:45 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\sname
    [2011/09/21 20:46:53 | 000,013,248 | ---- | M] () -- C:\WINDOWS\System32\0.045629815589275036.exe
    [2011/09/21 20:34:45 | 000,000,077 | ---- | M] () -- C:\WINDOWS\System32\dimsntfy.ocx
    [2011/09/21 20:32:08 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll
    [2011/09/21 20:31:55 | 000,135,680 | ---- | M] () -- C:\WINDOWS\System32\dimsntfy32.dll
    [2011/09/21 20:31:29 | 000,013,248 | ---- | M] () -- C:\WINDOWS\System32\0.8686894774185765.exe
    [2011/09/17 10:36:00 | 000,479,232 | ---- | M] (WatanabeBudweiser Talmud Castro MalaysiaBurchDanbury Wilhelmina EdnaSocrates) -- C:\WINDOWS\System32\ihzp.exe
    [2011/09/14 18:18:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Plitevul.bin
    [2011/09/21 20:51:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    [2011/09/21 20:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\837401196
    [2011/09/21 20:47:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sname
    [2011/09/21 20:46:52 | 000,013,248 | ---- | C] () -- C:\WINDOWS\System32\0.045629815589275036.exe
    [2011/09/21 20:32:11 | 000,296,374 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
    [2011/09/21 20:32:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mdhcp32.dll
    [2011/09/21 20:31:55 | 000,135,680 | ---- | C] () -- C:\WINDOWS\System32\dimsntfy32.dll
    [2011/09/21 20:31:29 | 000,013,248 | ---- | C] () -- C:\WINDOWS\System32\0.8686894774185765.exe
    [2011/09/11 11:29:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pvakucow.dat
    [2011/09/11 11:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Plitevul.bin
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\837401196:2470778574.exe
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.


Logs/Information to Post in your Next Reply

  • OTL log.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Redirection and excessive svchost.exe memory usage

Unread postby drjbg » October 3rd, 2011, 10:42 pm

I hate to say this, but the OTL.exe just caused my desk top to disappear (except the wallpaper) and then nothing happened. I tried this 3 times with the same results. Is this a lost cause or should I run the TDSSKiller.
JG
drjbg
Regular Member
 
Posts: 48
Joined: September 16th, 2011, 7:57 pm

Re: Redirection and excessive svchost.exe memory usage

Unread postby Cypher » October 4th, 2011, 6:06 am

Hi drjbg,
At this point i think the quickest and safest option is for you to reformat this computer and reinstall windows.
We can keep trying other options if you wish but there is no guarantee we will be successful.
Let me know what you think.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection and excessive svchost.exe memory usage

Unread postby drjbg » October 4th, 2011, 10:06 pm

I think you're right. Do you have any links or general advice as to how to reinstall? I've done this before, but I just thought you may have some tips. Also, what program would you recommend to "test" or scan the computer once the re-install is finished?
Thanks for all yours and Maxie's attempts at trying to fix this.
JG
drjbg
Regular Member
 
Posts: 48
Joined: September 16th, 2011, 7:57 pm

Re: Redirection and excessive svchost.exe memory usage

Unread postby Cypher » October 5th, 2011, 5:14 am

Hi drjbg,
Thanks for all yours and Maxie's attempts at trying to fix this.

You're most welcome, you have made the right choice to reformat.
what program would you recommend to "test" or scan the computer once the re-install is finished?

You will be restoring the computer to factory setting so there will be no need to scan it, the computer will be clean of infection.
I can give you some recommendations on how to better secure your computer once the reformat is done.
Do you have any links or general advice as to how to reinstall? I've done this before, but I just thought you may have some tips.

Yes no problem see Formatting and Installing from the Windows XP CD

Here are some free programs I recommend that could help you improve your computer's security.

Anti-virus

You should download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection and excessive svchost.exe memory usage

Unread postby drjbg » October 5th, 2011, 11:42 pm

The help and information you've provided has been excellent. Thank you for the service you provide. The computerized world is a better place for it.
JG
drjbg
Regular Member
 
Posts: 48
Joined: September 16th, 2011, 7:57 pm

Re: Redirection and excessive svchost.exe memory usage

Unread postby Cypher » October 6th, 2011, 5:26 am

Hi drjbg,
Again you're most welcome, good luck and stay safe.
As the resolution of this issue requires a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware