Boot problem in Windows 2000 (svchost)

Status
Not open for further replies.
vwad

vwad

In the zone
Hello Digit Team

Writing after long time :p

I am facing a problem while booting my home PC.

I am able to boot it normally but afterwards, a window pops up on my desktop which I have to close each time.

This is being happening only recently ( 10-15 days )

No function is disturbed on PC and I am able to do all the things well and nicely but its kinda wierd to see this window and having to close it every time :mad:

Please suggest me a way to get read of it.

Here is the window screenshot to give you an idea

*img6.picsplace.to/img6/27/svchost.jpg

Please help !!

Reagrds,
Hotvins
 
Choto Cheeta

Choto Cheeta

Rebooting
May be you have an extra svchost in your start up object, do check that ... if possible post you hijackThis Log file here !!
 
OP
vwad

vwad

In the zone
thanks saurav_cheeta for the response.

but I am able to understand how to use hijackthis ?

can u help me step by step please ?

also is there any easier way to do this for us non-geek mortals :p:p:p:p
 
Last edited:
Choto Cheeta

Choto Cheeta

Rebooting
also is there any easier way to do this for us non-geek mortals
Click to expand...

Sorry for the Misstake...

HijackThis is a tool which will scan your system and will produce a log for analysis, just download from that link I have given, its a modest 250KB zip or EXE file, unzip and run with option Do a System Scan and Save a log file,

The log file is a simple TXT file, just copypest the content here at the forum... let us take a look at it.. :)
 
anandk

anandk

Distinguished Member
looks like uv been infected with the mail worm turta.a

the legit svchost occurs only in the system folder. any other location, inclu the startup folder cud mean a posbl malware infection. sugest u go 2 ur startup folder, rt click on the file n c its (or its targets) props.

run ur av and as in safe mode. download and use 'ccleaner' to clear up residual pc junk. reboot. and the as sgstd above u can post ur hjt logfile here or get it auto-analysed at www.hijackthis.de
 
OP
vwad

vwad

In the zone
The Log File Contents (Whole) are as below !!

Thanks for your help friends !! :)

Logfile of HijackThis v1.99.1
Scan saved at 9:03:42 AM, on 05/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\o2vnkhce.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\o2vnkhce.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll (file missing)
O2 - BHO: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - C:\WINNT\system32\winload.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download using ReGet - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download All by Re&Get - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ReGet - {38AAF320-C5B4-11D1-B75E-111111111111} - C:\Program Files\ReGet\ReGet.exe (HKCU)
O9 - Extra 'Tools' menuitem: &Re&Get - {38AAF320-C5B4-11D1-B75E-111111111111} - C:\Program Files\ReGet\ReGet.exe (HKCU)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - *sifyimg.speedera.net/sify.com/eot/tdserver.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - *ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - *community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} (icePlayer Class) - *www.flashants.com/codebase/iceplayer.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - *update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF3AA83-5CEC-4F9A-AC69-82243A9CF114}: NameServer = 202.54.10.2,203.197.12.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC7B87F-1CA3-4716-AA13-03518FA9F461}: NameServer = 202.54.10.2 202.54.29.5
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - F:\Backup\TALLY\spnsrvnt.exe
Click to expand...
 
Status
Not open for further replies.
Top Bottom