why r so many processes with same name runnin???

Discussion in 'Software Q&A' started by ssk_the_gr8, Mar 5, 2006.

Thread Status:
Not open for further replies.
  1. ssk_the_gr8

    ssk_the_gr8 Make Way the LORD is Here

    Joined:
    Dec 12, 2005
    Messages:
    2,474
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    Old Trafford - The Theatre of Dreams
    please check out the image and tell me if there is any problem as my pc nowaday takes 7-8 minutes to start
    there are nearly 4-5 programs named svchost .exe running what r these

    [img=http://img90.imageshack.us/img90/2620/error28xt.th.jpg]

    here is the hijack this report

    please tell me if there is any problem


    Logfile of HijackThis v1.99.1
    Scan saved at 8:09:49 AM, on 3/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\AntiVir PersonalEdition Classic\sched.exe
    D:\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Microsoft AntiSpyware\gcasServ.exe
    E:\D-Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    D:\NetMeter\NetMeter.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    D:\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
    D:\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Opera\Opera.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Administrator\Desktop\clutter\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O2 - BHO: LF3_BHO Class - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: Helper Class - {6E28339B-7A2A-47B6-AEB2-197004272379} - C:\WINDOWS\vchelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
    O3 - Toolbar: YiSou Toolbar - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [gcasServ] "D:\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avgnt] "D:\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "D:\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [D:\NetMeter\NetMeter.exe] D:\NetMeter\NetMeter.exe
    O4 - Startup: Yahoo! Desktop Search System Tray.lnk = D:\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://D:\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\Program Files\YiSou\yisou.dll/232
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131361398546
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{703572E3-4629-4AA9-B8FE-9189C224CA3C}: NameServer = 218.248.255.145 61.1.96.69
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - D:\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - D:\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. devarajan

    devarajan New Member

    Joined:
    Feb 26, 2006
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    NEVER STOP'S....
    No problem with svchost .exe.....
     
  3. OP
    OP
    ssk_the_gr8

    ssk_the_gr8 Make Way the LORD is Here

    Joined:
    Dec 12, 2005
    Messages:
    2,474
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    Old Trafford - The Theatre of Dreams
    what is svchost .exe and someone could plz find a problem with my hijackthis log file
     
  4. devarajan

    devarajan New Member

    Joined:
    Feb 26, 2006
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    NEVER STOP'S....
    Svchost, which is short for "service host", is a core part of the operating system that provides support to many of the required services that are Windows. You can see all the copies of svchost and what services they are running by typing "tasklist /svc" in a command window.... :p :wink:
     
  5. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    your following entries are classified as nasty :

    O2 - BHO: LF3_BHO Class - {43D29D14-460E-4F3A-9037-E60F11EF12F0}
    C:\WINDOWS\system32\LightFrame3IECOM.dll

    O8 - Extra context menu item: Quick Search (Yisou.com)
    res://C:\Program Files\YiSou\yisou.dll/232

    copy paste your hijackthis logfile in the space provided in www.hijackthis.de and click on analyze. it will analyse and post solns. :)

    if u want to reduce ur startup time, remove ur starups, asle check out
    MAKE WINXP STARTUP/SHUTDOWN FASTER !
    http://www.thinkdigit.com/forum/viewtopic.php?t=17845&highlight=services
     
Thread Status:
Not open for further replies.

Share This Page