1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is Svhost a problem? Internet struggling..

Discussion in 'Virus & Other Malware Removal' started by tn_ashton, Feb 8, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. tn_ashton

    tn_ashton Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    54
    My broadband has been suffering last couple of days and only thing that keeps popping up is svhost.exe. The connection keeps quitting and makes pc slow.

    Please help!! Many Thanks, Tim

    HT Log Attached.

    Logfile of HijackThis v1.99.0
    Scan saved at 21:06:38, on 08/02/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\Svhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
    C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
    C:\Program Files\BT Broadband Basic Help\bin\mad.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dixons\My Documents\My eBooks\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL
    O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
    O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
    O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
    O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7C7EF9-3214-4504-9BC5-58587CC736B2}: NameServer = 194.72.9.34 194.74.65.68
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Panda Antispam Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
    O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    O23 - Service: Panda Imanager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
     
  2. tn_ashton

    tn_ashton Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    54
    Please can someone check the HT log. Many Thanks.
     
  3. pinntech

    pinntech

    Joined:
    Aug 25, 2004
    Messages:
    893
    Hello,

    Yes, the SVHOST.EXE is a problem. It is the [email protected] worm. You definitely need to rid yourself of it.

    I prefer to use the following tools to remove viruses. You can download the main cleanup program here:

    The name is SYSCLEAN

    http://www.trendmicro.com/download/dcs.asp

    You also have to download the updated pattern files, which are in a ZIP file. You can do that here:

    http://www.trendmicro.com/download/pattern.asp

    The current pattern file is: lpt398.zip

    Download both of these files, create a folder. Put SYSCLEAN.COM in the new folder. Open the ZIP file and extract the files from it into the same directory you put SYSCLEAN.COM in.

    Reboot your computer into SAFE MODE (do not restore your computer).

    Open the folder where SYSCLEAN.COM is, and double click SYSCLEAN.COM. If a warning appears about running DOS programs in safe mode and video corruption can occur, just ignore them and tell it to run anyway.

    This will take a while to run, but it will get rid of the first part of your problems.

    When that is done, reboot your computer in normal mode. Disable System Restore and reboot. After rebooting, re-enable system restore.

    AFter you do all that, post a new HJT log. You really need to update your AV software also.

    Hope this helps a little.

    Shane
     
  4. tn_ashton

    tn_ashton Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    54
    Cheers for the info mate.

    Done as you said. new HT Log attached.

    Many thanks!
    Logfile of HijackThis v1.99.0
    Scan saved at 13:01:26, on 09/02/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
    C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
    C:\Program Files\BT Broadband Basic Help\bin\mad.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Dixons\My Documents\My eBooks\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL
    O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
    O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Panda Antispam Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
    O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    O23 - Service: Panda Imanager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
     
  5. pinntech

    pinntech

    Joined:
    Aug 25, 2004
    Messages:
    893
    Well, it looks like you are clean now. You might want to check for Adware and so forth. Of course, I am assuming that you are setup for PROXY as indicated by the following:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

    Which would also explain this entry:

    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm

    As long as your proxy is the right one, then you are good to go. So, you don't have to change anything else.

    Have a good one and keep that AV software up to date!

    Shane
     
  6. tn_ashton

    tn_ashton Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    54
    Thanks! I have recently installed bt broadband. Freeserve used to be the dial up connection. Am i right in thinking that i should be changing some properties for internet connection?
    Thanks....Tim
     
  7. pinntech

    pinntech

    Joined:
    Aug 25, 2004
    Messages:
    893
    Yes, very much so. Check to see if you can remove the software from Freeserve via the ADD/REMOVE SOFTWARE. If not, get it out of your I.E. and then get rid of the rest via HJT.

    Other than that, you should be good to go.
     
  8. SagaLore

    SagaLore

    Joined:
    Jan 28, 2003
    Messages:
    5
    That particular version of Svhost.exe is actually a variant of Spybot (a.k.a. Agobot, Gaobot, SDBot, Rbot). I ran into this a few days ago:

    Spybot variant - Svhost.exe and Microsoft Update

    You can remove it but it may come back again. You will need to run Windows Update and install all critical fixes to prevent whatever exploit from being used that installs it in the first place. I still haven't identified which exploit it uses - and Symantec finally yesterday started detecting it, but labeled it generically with Spybot.worm.
     
  9. tn_ashton

    tn_ashton Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    54
    Many Thanks for all your help! Much appreciated.

    Tim
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328239

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice