1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Svhost.exe

Discussion in 'Virus & Other Malware Removal' started by realrisk2, Feb 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. realrisk2

    realrisk2 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    3
    SVHOST.EXE

    Hello everybody. My name is Andy and I wouldn't be here if I had no problem.

    About ten days ago I noticed my internet was getting slower and slower. I checked my connection and I found out that I was uploading (sending packages) a lot, even when I was not active on the internet.
    My AVG scanner found the usual rubbish on my hard drive but this wasn't the solution to my problem. So I downloaded and uninstalled a lot of anti-virus programs, none of them really helping. On the web I found out that maybe I had a SVHOST.EXE problem. And yes, that might be, especially since my computer was showing a startup message warning like: 'Windows cannot find svhost.exe. Make sure you typed the name correctly....blahblahblah.'
    I searched for svhost.exe and I found it in Windows/Prefetch (brotherly near svchost.exe).

    Now some forums on the web say svhost is no good: delete it immediately.
    Is this true?
    And how about the start up message?
    Yet the funny thing is, after downloading, installing and uninstalling all these anti-virus/spyware programs (but also after defragmenting my hard drive and registry), my internet connection wasn't that slow any more.
    But it's still 'uploading' something...

    I also downloaded Hijack This to create a log file of running processes. I found out that some instance of Logitech (like: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll) is running wild on my machine.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:49:15 PM, on 2/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\System32\lvhidsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    D:\Program Files\YCIII\YankClip.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.exe
    D:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    F2 - REG:system.ini: Shell=Explorer.exe svhost.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\TEXTTO~1\WEBSTE~1\plugins\IE.ifp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Program Files\Free Download Manager\iefdmcks.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UninstallAbility] "D:\Program Files\SYSTOOLS\UninstallAbility\uability.exe" /AUTO
    O4 - Startup: Calenz Startup.lnk = D:\Tools\Calenz\Calenz.exe
    O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
    O4 - User Startup: Calenz Startup.lnk = D:\Tools\Calenz\Calenz.exe
    O4 - User Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O15 - Trusted Zone: *.stumbleupon.com
    O18 - Protocol: bw+0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


    SVHOST.EXE is there!
    And how come none of all the anti-this/anti-that programs (I must have tried seven, eight of them: avg, Kaspersky, spybot, and more but I forgot their names) never detected svhost.exe??

    So I think I should delete svhost.exe but how about all these logitech registry files? (One month ago I installed a webcam from logitech. But with Kaspersky peeping, every click with my mouse triggers a warning from Kaspersky that Logitech is 'invading' some application).

    OK guys, a lot of questions for a newcomer.
    Thanks for answering (?).

    Andy
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, realrisk2 :)

    Welcome to TSG.

    Please create a Restore point:
    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
    2. In the System Restore dialog box, click Create a restore point, and then click Next.
    3. Type a description for your restore point, such as "Before VirusScan", then click Create.

    The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

    Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

    Backing Up Your Registry
    1. Go Here and download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    2. Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    3. Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    4. Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    5. Make sure that at least the first two check boxes are ticked
    6. Press OK
    7. Press YES to create the folder.
    Registry Modifications

    Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Don't do anything with it yet. We will run it shortly.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=Explorer.exe svhost.exe
    O18 - Protocol: bw+0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {02F19B88-8A0F-46AE-8FFF-354741A554B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Logitech Desktop Messenger

    Please note any other programs that you dont recognize in that list in your next response

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\Logitech\Desktop Messenger

    Restart the computer.

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     

    Attached Files:

  3. realrisk2

    realrisk2 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    3
    Wow!
    Thank you for your prompt and extensive answer.
    Yet I feel that the cure might be worse than the disease (at least in the hands of an unqualified doctor like me). There are too many steps and I'm afraid I'll do something wrong.

    So I just deleted the registry reference to svhost.exe in HijackThis (and some other stuff, also uninstalled that horrible Logitech Desktop Messenger).

    And now I sit back and watch what happens (rebooted my computer a few times already. No sign of startup screen asking me for svhost.exe).
    Maybe I'm naive in doing this - but I'm pretty sure that I will do something wrong in the cure you described for me.

    Thanks again - and yes, I DO feel guilty, for you going through all the trouble. But I will keep you posted (if my computer is still running...).

    Andy
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  5. realrisk2

    realrisk2 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    3
    I WILL DONATE!
    But first I have to reformat my hard drive to be 100% sure our friendly sv(g)host is not around anymore.
    I think your site is great and that any help/contribution of its users is welcome.

    Thanks again for your help.
    Andy
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, realrisk2 :)

    C:\WINDOWS\system32\svchost.exe is a legit file. Malware is just exploiting the file by placing it on the wrong place. There is no need to reformat. Let me see the reports requested above.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541449

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice