HUGE problem !

hi, i've got a major problem, first of all, when i boot up, windows his SVCHOST.EXE is on 100%, next, java fails, windows installer fails, RPC seems to be failing in 1 way or another, copy-paste fails, hyper-links fail... as u can see a lot of faillures .. is somebody plzzz able to help ??

 

ok, i've done what u said, dont know how to attach... when trying to insert a picture, the screen scrolls up and thats it ... copy/paste engine or something fails either ... any suggestions ??

 

hmm .. maybe i'm so stupid, but for what i can see, there is only being told what is allowed, such as bmp, gif, jpe, these are the exact words:

Attach Files
Valid file extension: bmp gif bla bla bla

no buttons :S

 

i want to, but i cant copy/paste, it doesnt work, is it possible to send it trought email? i can attach it with email ....

 

Edit by chaslang: Inline log attached

yeah! somehow it worked, anyway, this is the log

 

ok, i've done what u said, but no changes :S here's a new log:

Edit by chaslang: Inline log attached

 

i tried, but when i want to reboot, it is going to verify some register keys but then i got this message: PendingFileRenameOperations Registery Data Has Been Revomed By External Process ! ... i have no idea what is means ... :S

So i have removed it with HiJacker .. its gone i guess

 

Edit by chaslang: Inline log attached

 

i'm so sorry, but i cant find the 'go advanced' buttons as well the 'Manage Attachments' button, as far as i can see, there's only a field wich sais 'Additional Options' with a text in it:

Attach files:
Valid file extensions: bmp doc gif jpe jpeg jpg log pdf png psd txt zip

 

Edit by Halo: Inline log attached

 

however, i did manage to use the killbox correctly, i guess its gone now (see my last log) With a program named: Process Explorer, i can see the windows taskmanager and the process SVCHOST.EXE is skyhigh, a 100%, so i click on it and see that the file ADVAPI32.DLL is using this much memory. When i kill SVCHOST.EXE in windows taskmanager, RPC service is going to cry and is going to restart within 60 seconds.. but when i kill ADVAPI32.DLL in process explorer, it will be stable ...

 

I tried that before, but when i go to: http:\\windowsupdate.microsoft.com the screen turns white and stops loading :s even when managed to install SP2 my internet is almost not working at all, i have tried that twice a few months ago. However, i bought my pc in the store, packard bell, so everything is original. No piracy

 

well, that didnt work somehow, but i managed to obtain some info about the file on the net, here's the link:

www.spywareaid.com/index.php?file=o23&action=view&id=1032

it sais that it is malware, so i asume to get rid of it asap so i'll try that, somehow, using killbox or something.

 

well, HiJacker indeed said there is no 'msecure' nor 'mcsecure', the 2 names i want to get rid of... but in services, its not started, but is set on automated start, however, when i try to start manually, he gives me a message who sais the service cannot be found or something like that, property's button wont work either ... my pc is really a big shithole !

 

Logfile of HijackThis v1.99.1
Scan saved at 10:29:03, on 19-9-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msea32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sonique\sqstart.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.nl/center
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1036056249436
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner -

C:\WINDOWS\msea32.exe" /s (file missing)
O23 - Service: msecure (mcsecure) - Logitech Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

i've noticed that the svchost.exe is at 100% memory usage because of the file ADVAPI.DLL, dont know what that is, but maybe you guys do...