Jump to content


Photo

svchost


  • Please log in to reply
6 replies to this topic

#1 cheesecake

cheesecake

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 May 2004 - 03:33 PM

After starting my pc I keep getting this error.
SVCHOST
An error has occured in your program.To keep working anyway,click ignore and save your work in a new file.
To quit this program,click close.You will loose all information you entered since your last save.
What can I do about this,is this a worm or a virus that I cannot seem to detect with ad-aware or spy-bot sd.
I also have read all the FAQ's to find out what this was and for a way to stop it.
I also can't seem to be able to shut down my PC,it keeps telling me that another program is running.

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 23 May 2004 - 05:31 PM

We need a closer look at what's happening.

Please download Hijack this . Unzip it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 cheesecake

cheesecake

    Member

  • New Member
  • Pip
  • 4 posts

Posted 24 May 2004 - 06:04 AM

This is the log file after the scan.



Logfile of HijackThis v1.97.7
Scan saved at 6:42:49 AM, on 5/24/04
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 SP1 (5.00.3105.0105)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KAVSCAN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SICHOST.EXE
C:\WINDOWS\RFV\MODULE32.EXE
C:\WINDOWS\2.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE
C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE\REMOTE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\SICHOSTS.EXE
C:\WINDOWS\SYSTEM\SICHOSTC.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\PROGRAM FILES\PHOTODELUXE 2.0\EZPHOTO\EZPHOTO.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
F0 - system.ini: Shell=Explorer.exe msbkup.com
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Adline Ssystem] C:\WINDOWS\sichost.exe
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\WINDOWS REGISTRY REPAIR PRO.exe -X
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KAVScan] KAVScan.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Shockwave Init.lnk = C:\WINDOWS\SYSTEM\Macromed\Shockwave\SwInit.exe
O4 - Startup: SlipStream Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\SLIPSTREAM WEB ACCELERATOR\SLIPACCEL.EXE/250
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .cgi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 May 2004 - 04:15 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

F0 - system.ini: Shell=Explorer.exe msbkup.com

O4 - HKLM\..\Run: [Adline Ssystem] C:\WINDOWS\sichost.exe
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE

O13 - WWW. Prefix: http://


Reboot, search for, and delete

files
C:\WINDOWS\sichost.exe
C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 cheesecake

cheesecake

    Member

  • New Member
  • Pip
  • 4 posts

Posted 25 May 2004 - 04:25 AM

Deleated all that you said and checked for hidden files and there were none but still have some of the same problem but not as bad.
Now I am getting error messages from KAVSCAN.

KAVSCAN
An error has occured in your program.To keep working anyway,click ignore and save your work in a new file.
To quit this program,click close.You will loose all information you entered since your last save.

After I cleaned everything the 04 HKLM\..\Run[jopa]C:\windows\system\Sysstartup.exe
came back so I fixed it again.

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 25 May 2004 - 02:26 PM

From your log, it looks as if you have two antivirus programs running. KAV, and Norton. This is not good, as the they end up fighting each other, rather than viruses!! Have two by all means, but only run one at a time. Keep the other as backup.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 cheesecake

cheesecake

    Member

  • New Member
  • Pip
  • 4 posts

Posted 25 May 2004 - 02:46 PM

The only antivirus that I was aware of was MacAvee that I put in myself I never put in Norton or Kavscan, what should I do,take one out or?
I have been thinking about upgrading MacAvee.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button