Author Topic: SOLVED on page 3! svchost.exe (during boot, especially)  (Read 22165 times)

0 Members and 1 Guest are viewing this topic.

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #25 on: May 30, 2014, 01:26:42 PM »
Have you done combofix yet? There have been a TON of times where combofix was the only thing that found and cleaned anything. Just make sure to do a registry backup first :-)

http://www.bleepingcomputer.com/download/combofix/

Shane

I will do this!  Tweaking.com's  Windows Repair has a wonderful Registry Backup service!  Thank you, Shane!!!

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #26 on: May 30, 2014, 01:59:35 PM »
Have you done combofix yet? There have been a TON of times where combofix was the only thing that found and cleaned anything. Just make sure to do a registry backup first :-)

http://www.bleepingcomputer.com/download/combofix/

Shane

I will do this!  Tweaking.com's  Windows Repair has a wonderful Registry Backup service!  Thank you, Shane!!!


WOW! WOW!! WOW!!!  ComboFix did it!!!!  It did give about a 5 minute fuss over "AutoRun Eater", however.  ~~~Ha~~~!  BUT, the boot time was back to normal and the SVCHOST.EXE was so short I didn't even see it using CPU time.  I did not have the chance to write down the programs/.exe that ComboFix deleted, but I'm going to find them (log?) and post them for y'all. 

Wow.  Whew.  Golly, geewhiz.  I am so thankful.  Oh, and not a flicker from the DARK Screen on this re-boot.  What fun and what relief. 

Offline Shane

  • Lead Developer - Coder
  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9279
  • Location: USA
  • Karma: 138
  • "Knowledge should be shared not hidden."
    • View Profile
    • Tweaking.com
Re: svchost.exe (during boot, especially)
« Reply #27 on: May 30, 2014, 02:36:49 PM »
Good to hear it is fixed :-)

The it was a rootkit or infection that was doing it and once again combofix was the only one to find it, man I would love to talk to the fellow programmer of that tool lol

Shane

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #28 on: May 30, 2014, 03:30:34 PM »
Good to hear it is fixed :-)

The it was a rootkit or infection that was doing it and once again combofix was the only one to find it, man I would love to talk to the fellow programmer of that tool lol

Shane

I'd be a fly-on-the-wall...

Combofix downloaded to the desktop.  Couldn't find any logs or files, since it wasn't installed, per se.  I need to post the files that were causing the consternation!?!?  As I recall, there were three.  Maybe, four?!?  They disappeared quickly, as it were. 

Where would these deleted files (remnants ?) be located so that I can post them for other users?

Offline Shane

  • Lead Developer - Coder
  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9279
  • Location: USA
  • Karma: 138
  • "Knowledge should be shared not hidden."
    • View Profile
    • Tweaking.com
Re: svchost.exe (during boot, especially)
« Reply #29 on: May 30, 2014, 03:46:17 PM »
The log file is normally on the root of the C: drive :-)

Shane

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #30 on: May 30, 2014, 04:22:23 PM »
The log file is normally on the root of the C: drive :-)

Shane

Here's a Zip File of what was under the heading on C:/

If this isn't the correct file, please let me know.  I want to help as many people as I can. 


Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #31 on: May 30, 2014, 04:45:15 PM »
The log file is normally on the root of the C: drive :-)

Shane

Here's a Zip File of what was under the heading on C:/

If this isn't the correct file, please let me know.  I want to help as many people as I can.

Re-booted.  Less than 2.5 minutes!!!!!!!!   Before, it was 4.5 to 5.5 minutes!   No SVCHOST.EXE hogging the CPU.  I hope that the zip file I sent will help everyone, from now on. 

What a relief and weight off my shoulders.  If the ZIP file didn't have the info that is needed, please let me know.  I'll search and find it and post it for everyone. 

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2255
  • Location: india
  • Karma: 17
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #32 on: May 30, 2014, 09:03:54 PM »
Hi,
        Is combofix a root kit killer program or combined malware, trojan removal tool.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Shane

  • Lead Developer - Coder
  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9279
  • Location: USA
  • Karma: 138
  • "Knowledge should be shared not hidden."
    • View Profile
    • Tweaking.com
Re: svchost.exe (during boot, especially)
« Reply #33 on: May 30, 2014, 09:46:23 PM »
It deleted these files

C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)

Shane

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #34 on: May 31, 2014, 06:45:12 AM »
It deleted these files

C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)

Shane

This morning, Boot time was under 2 minutes for Windows 7 x64!!!  Still have the DARK screen during and after Boot (just now, in fact!!  ~Ha~!)  I can live with that.  To recover the screen, I double-click Fn/F6 combination.  It is wonderful to have a responsive computer, again. 

Thank you!  Social Security on Tuesday!!!! YeeHah!!

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #35 on: May 31, 2014, 01:11:29 PM »
Hi,
        Is combofix a root kit killer program or combined malware, trojan removal tool.

Jraju, looks to me like it's a "root killer".  I performed many A/V scans, multiple sources,with no "catches" or "snags". 

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #36 on: May 31, 2014, 01:16:34 PM »
It deleted these files

C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)

Shane

Boy, Howdy!  Powerful program in ComboFix!!  If you do get an interview, I want to be a fly on the wall...!  ~Ha~!

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #37 on: May 31, 2014, 02:35:31 PM »
It deleted these files

C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)

Shane

This morning, Boot time was under 2 minutes for Windows 7 x64!!!  Still have the DARK screen during and after Boot (just now, in fact!!  ~Ha~!)  I can live with that.  To recover the screen, I double-click Fn/F6 combination.  It is wonderful to have a responsive computer, again. 

Thank you!  Social Security on Tuesday!!!! YeeHah!!


"Only a life lived for others is a life worthwhile"
Honor & Respect is all that matters.  AMEN!

Offline scarsxp

  • Newbie
  • *
  • Join Date: Apr 2014
  • Posts: 49
  • Karma: 1
    • View Profile
Re: svchost.exe (during boot, especially)
« Reply #38 on: June 02, 2014, 03:34:14 PM »
It deleted these files

C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)

Shane

This morning, Boot time was under 2 minutes for Windows 7 x64!!!  Still have the DARK screen during and after Boot (just now, in fact!!  ~Ha~!)  I can live with that.  To recover the screen, I double-click Fn/F6 combination.  It is wonderful to have a responsive computer, again. 

Thank you!  Social Security on Tuesday!!!! YeeHah!!


"Only a life lived for others is a life worthwhile"
Honor & Respect is all that matters.  AMEN!

Maybe if you can do a little digging you can figure out where you got these files from. I wish it wouldn't have deleted those files automatically until you could have uploaded to virustotal.com and scan it, see what kind of rootkit/virus it was.

Offline Bubba Euler

  • Full Member
  • ***
  • Join Date: Jan 2012
  • Posts: 106
  • Karma: 5
    • View Profile
Re: SOLVED on page 3! svchost.exe (during boot, especially)
« Reply #39 on: June 03, 2014, 07:12:18 AM »
Yes!  If I'd have known that the files were deleted, I'd have "isolated 'em" and sent them to you.  I am very impressed with the capabilities of ComboFix, though.  Windows 7 x64 Enterprise booted under 2 minutes, this morning!! 

I have no idea from where I got this infection.  Gmail, Hotmail, MajorGeeks, Breitbart, DrudgeReport, Chron.com, WND.com, Statesman.com, youtube.com, ....  and the various links from each of those. 

I use CCleaner.  This is the "downside" to cleaning the system, isn't it?

I placed VirusTotal.com in my Bookmarks!!! 

« Last Edit: June 03, 2014, 08:02:52 AM by Bubba Euler »