1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Svchost.exe Error Message

Discussion in 'Web & Email' started by karenmcd, Sep 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. karenmcd

    karenmcd Thread Starter

    Joined:
    Sep 27, 2003
    Messages:
    5
    Everytime I log onto the net the error message svchost.exe pops up and says it has created an error log and the system needs to be shut down. Consequently, after the message I am unable to log onto most sites including opening up my msn hotmail. What is svchost.exe and can it be repaired?
     
  2. Shadow2531

    Shadow2531

    Joined:
    Apr 30, 2001
    Messages:
    2,636
    Check for viruses, check for spyware and use event viewer to check the properties of the each of the svchost errors.
     
  3. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Karen
    Welcome to TSG!
    As Shadow mentioned you need to run some security programs to eliminate any problems on your system.
    Follow this Security Drill doing the following listed there:
    1) Run free online scan
    2) Download, setup and run per instruction Spybot S&D and remove all it finds.
    3) Download, setup and run per instruction HiJack but this time do not take action on any items found but post the resulst back here so they can be reviewed.

    Dave
     
  4. karenmcd

    karenmcd Thread Starter

    Joined:
    Sep 27, 2003
    Messages:
    5
    Logfile of HijackThis v1.97.2
    Scan saved at 6:29:36 PM, on 10/3/2003
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\ati2plab.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\WINNT\CPQDIAG\CPQDFWAG.EXE
    C:\PROGRA~1\Compaq\COMPAQ~4\CPQWEB~1\WebDmi.exe
    C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
    C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\PROGRA~1\Compaq\COMPAQ~4\cpqdmi.exe
    C:\WINNT\Explorer.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
    C:\WINNT\System32\Promon.exe
    C:\WINNT\System32\ltmsg.exe
    C:\WINNT\System32\Atiptaxx.exe
    C:\Program Files\Compaq\HotKey Software\hkss.exe
    C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe
    C:\PROGRA~1\Compaq\Security\Secure32.exe
    C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
    C:\WINNT\System32\PRPCUI.exe
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\WINNT\loadqm.exe
    C:\PROGRA~1\Compaq\COMPAQ~4\CHKADMIN.EXE
    C:\WINNT\System32\qttask.exe
    C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\windows\mp3[1].exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\drwtsn32.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bussolaweb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
    O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe
    O4 - HKLM\..\Run: [Compaq Computer Security] C:\PROGRA~1\Compaq\Security\Secure32.exe
    O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~3\defalert.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~4\CHKADMIN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [cursor] "C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [zzz3101v] c:\windows\mp3[1].exe r
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat1.virgin.net/chat/data/html/user/msie/msichat.ocx
    O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (Interconnect Resources) - https://www.ib.albb.co.uk/ebs/ie/gic.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD468FD8-4D64-4203-9263-1FAA455DD24F}: NameServer = 62.104.191.241 62.104.196.134
     
  5. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Karen

    Here is what I found. Let hold off until I get verification of the bottom two.

    C:\windows\mp3[1].exe<---- Not sure what this is! All related I find is linked to hacking.
    If you do not know what it is you may want to change it to a .old extension or remove it.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bussolaweb.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de

    Same as above in red ---> O4 - HKLM\..\Run: [zzz3101v] c:\windows\mp3[1].exe r

    O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de

    No clue what these two are so lets hold off until I can get verification of these two!
    O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (Interconnect Resources) - https://www.ib.albb.co.uk/ebs/ie/gic.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD468FD8-4D64-4203-9263-1FAA455DD24F}: NameServer = 62.104.191.241 62.104.196.134

    Dave
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,185
    First Name:
    Derek
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,185
    First Name:
    Derek
    I woukd suspect this to have something to do with your problems
    C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168015

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice