Boot problem in Windows 2000 (svchost)

vwad · 03-04-2007, 12:40 PM

Hello Digit Team

Writing after long time

I am facing a problem while booting my home PC.

I am able to boot it normally but afterwards, a window pops up on my desktop which I have to close each time.

This is being happening only recently ( 10-15 days )

No function is disturbed on PC and I am able to do all the things well and nicely but its kinda wierd to see this window and having to close it every time

Please suggest me a way to get read of it.

Here is the window screenshot to give you an idea

Please help !!

Reagrds,
Hotvins

Choto Cheeta · 03-04-2007, 12:47 PM

May be you have an extra svchost in your start up object, do check that ... if possible post you hijackThis Log file here !!

vwad · 03-04-2007, 06:43 PM

thanks saurav_cheeta for the response.

but I am able to understand how to use hijackthis ?

can u help me step by step please ?

also is there any easier way to do this for us non-geek mortals

Choto Cheeta · 03-04-2007, 07:22 PM

Quote:

also is there any easier way to do this for us non-geek mortals

Sorry for the Misstake...

HijackThis is a tool which will scan your system and will produce a log for analysis, just download from that link I have given, its a modest 250KB zip or EXE file, unzip and run with option Do a System Scan and Save a log file,

The log file is a simple TXT file, just copypest the content here at the forum... let us take a look at it..

anandk · 03-04-2007, 07:32 PM

looks like uv been infected with the mail worm turta.a

the legit svchost occurs only in the system folder. any other location, inclu the startup folder cud mean a posbl malware infection. sugest u go 2 ur startup folder, rt click on the file n c its (or its targets) props.

run ur av and as in safe mode. download and use 'ccleaner' to clear up residual pc junk. reboot. and the as sgstd above u can post ur hjt logfile here or get it auto-analysed at www.hijackthis.de

vwad · 05-04-2007, 09:04 AM

The Log File Contents (Whole) are as below !!

Thanks for your help friends !!

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 9:03:42 AM, on 05/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\o2vnkhce.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\o2vnkhce.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll (file missing)
O2 - BHO: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - C:\WINNT\system32\winload.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download using ReGet - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download All by Re&Get - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ReGet - {38AAF320-C5B4-11D1-B75E-111111111111} - C:\Program Files\ReGet\ReGet.exe (HKCU)
O9 - Extra 'Tools' menuitem: &Re&Get - {38AAF320-C5B4-11D1-B75E-111111111111} - C:\Program Files\ReGet\ReGet.exe (HKCU)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://sifyimg.speedera.net/sify.com/eot/tdserver.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} (icePlayer Class) - http://www.flashants.com/codebase/iceplayer.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF3AA83-5CEC-4F9A-AC69-82243A9CF114}: NameServer = 202.54.10.2,203.197.12.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC7B87F-1CA3-4716-AA13-03518FA9F461}: NameServer = 202.54.10.2 202.54.29.5
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - F:\Backup\TALLY\spnsrvnt.exe

vwad · 07-04-2007, 09:26 AM

anybody home ?

03-04-2007, 12:40 PM	#1 (permalink)
vwad In The Zone Join Date: Mar 2005 Location: Why ? Are you coming for dinner ? Pls. Don't. Posts: 434	Boot problem in Windows 2000 (svchost) Hello Digit Team Writing after long time I am facing a problem while booting my home PC. I am able to boot it normally but afterwards, a window pops up on my desktop which I have to close each time. This is being happening only recently ( 10-15 days ) No function is disturbed on PC and I am able to do all the things well and nicely but its kinda wierd to see this window and having to close it every time Please suggest me a way to get read of it. Here is the window screenshot to give you an idea Please help !! Reagrds, Hotvins __________________ An Old Lady Died In Her Childhood.

03-04-2007, 12:47 PM	#2 (permalink)
Choto Cheeta Rebooting Join Date: Aug 2004 Location: 220.225.82.33 Posts: 6,200	Re: Boot problem in Windows 2000 (svchost) May be you have an extra svchost in your start up object, do check that ... if possible post you hijackThis Log file here !! __________________ rebooting ChotoCheeta.com

03-04-2007, 06:43 PM	#3 (permalink)
vwad In The Zone Join Date: Mar 2005 Location: Why ? Are you coming for dinner ? Pls. Don't. Posts: 434	Re: Boot problem in Windows 2000 (svchost) thanks saurav_cheeta for the response. but I am able to understand how to use hijackthis ? can u help me step by step please ? also is there any easier way to do this for us non-geek mortals __________________ An Old Lady Died In Her Childhood. Last edited by vwad; 03-04-2007 at 06:43 PM. Reason: Automerged Doublepost

03-04-2007, 07:32 PM	#5 (permalink)
anandk Distinguished Member Join Date: Mar 2005 Location: Pune Posts: 3,783	Re: Boot problem in Windows 2000 (svchost) looks like uv been infected with the mail worm turta.a the legit svchost occurs only in the system folder. any other location, inclu the startup folder cud mean a posbl malware infection. sugest u go 2 ur startup folder, rt click on the file n c its (or its targets) props. run ur av and as in safe mode. download and use 'ccleaner' to clear up residual pc junk. reboot. and the as sgstd above u can post ur hjt logfile here or get it auto-analysed at www.hijackthis.de __________________ > www.TheWindowsClub.com < = www.WinVistaClub.com = Microsoft® MVP

07-04-2007, 09:26 AM	#7 (permalink)
vwad In The Zone Join Date: Mar 2005 Location: Why ? Are you coming for dinner ? Pls. Don't. Posts: 434	Re: Boot problem in Windows 2000 (svchost) anybody home ? __________________ An Old Lady Died In Her Childhood.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Windows 2000 & XP network problem	Mangal Pandey	Networking	1	29-03-2006 02:14 AM
win 2000 boot problem	Saharika	Software Q&A	4	21-09-2005 08:15 AM
Windows 2000 Pro Boot errer of SYSTEMced currept ??	pr@k@sh	Software Q&A	13	14-08-2005 10:46 AM
PROBLEM IN WINDOWS 2000	sandesh.rawal	Software Q&A	6	18-07-2005 08:02 PM