Svchost.exe Application Error Is This A Virus

By highbids
Feb 3, 2010
Topic Status:
Not open for further replies.
  1. I've been getting this error for about a week & I can't seem to stop it from
    popping up.

    svchost.exe Application Error

    The instructions at 0x00000000 referenced memory at 0x00000000
    The memory could not be read

    I've run Nod32,Malwarebytes & Superantispyware & no virus is picked up.

    I did a search for svchost.exe on my pc & it showed these files.

    C:WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf

    C:WINDOWS\system32\svchost.exe

    SMSvcHost C:WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

    SMSvcHost.exe.confix C:WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

    Here is my Hijackthis scan log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:17:52 PM, on 2/3/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Myself\Start Menu\Programs\Business\EssentialPIM Pro\EssentialPIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SmartBoardXP\Smtbrd32.exe
    C:\Program Files\SmartBoardXP\Smtbrd32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Compass\Compass.exe
    C:\Documents and Settings\Myself\Start Menu\Programs\Security\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Compass\CmpsIE.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CacheBoost] C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Documents and Settings\Myself\Start Menu\Programs\Business\EssentialPIM Pro\EssentialPIM.exe" /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Program Files\CyberScrub Privacy Suite\CSPSeraser.exe" "/R:C:\Documents and Settings\Myself\Application Data\CyberScrub\Privacy Suite"
    O4 - S-1-5-18 Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe (User 'Default user')
    O4 - Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: NewzCrawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
    O9 - Extra 'Tools' menuitem: NewzCrawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    A virus can't be determined from a HijackThis log. If you would like to be checked for malware, please follow the steps HERE.

    Be sure to check the lines in both Malwarebytes and Superantispyware to remove what is found.

    When through, attach all 3 of the logs for review. Repeat HijackThis AFTER running the other 2 programs and include new log.

    The term svchost.exe alone has no significance. It is normal to see multiple svchost.exe running in the Task Manager:
    [​IMG]
    Microsoft defined this process as:
    a generic host process name for services that run from dynamic-link libraries

    The files names you identified, again, have no special meaning by themselves. Prefetch is part of the OS. Are any malware? Possibly. But there is not sufficient information to determine that yet.

    You can find more specific information in a Google search.
  3. highbids

    highbids Newcomer, in training Topic Starter Posts: 28

    I scanned my pc with nod32, malwarebytes & superspyware
    here's the logs.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3694
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/5/2010 3:29:41 PM
    mbam-log-2010-02-05 (15-29-41).txt

    Scan type: Quick Scan
    Objects scanned: 118589
    Time elapsed: 5 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------------------------
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/05/2010 at 03:59 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4560
    Trace Rules Database Version: 2372

    Scan type : Complete Scan
    Total Scan Time : 00:22:11

    Memory items scanned : 376
    Memory threats detected : 0
    Registry items scanned : 5188
    Registry threats detected : 0
    File items scanned : 16691
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Documents and Settings\Myself\Cookies\myself@collective-media[1].txt
    ---------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:03:29 PM, on 2/5/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cacheman\CachemanServ.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cacheman\CachemanTray.exe
    C:\Program Files\Compass\Compass.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\SmartBoardXP\Smtbrd32.exe
    C:\Program Files\SmartBoardXP\Smtbrd32.exe
    C:\Documents and Settings\Myself\Start Menu\Programs\Security\HijackThis.exe

    O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Compass\CmpsIE.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Documents and Settings\Myself\Start Menu\Programs\Business\EssentialPIM Pro\EssentialPIM.exe" /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CachemanTray] C:\Program Files\Cacheman\CachemanTray.exe
    O4 - S-1-5-18 Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe (User 'Default user')
    O4 - Startup: SmartBoardXP.lnk = C:\Program Files\SmartBoardXP\Smtbrd32.exe
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: NewzCrawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
    O9 - Extra 'Tools' menuitem: NewzCrawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Cacheman Service (CachemanService) - Outertech - C:\Program Files\Cacheman\CachemanServ.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you. I appreciate your pasting the logs.- this makes any searching I need to do easier and faster.

    I do not see any indication of malware, but I have a question and an 'opinion':
    Question: are you using Client Service for NetWare.? It is a legitimate file. but if you are not, there is an entry to remove.

    The 'other': It's very possible that you are over optimized. You have two programs running, Tune Up Utilities and Cacheman. Both are high on resource use and have overlapping features.

    It's also possible that you desire to remain anonymous on the internet and the use of encryption can be causing a conflict.

    Is there a reason why there are 2 entries for this>
    C:\Program Files\SmartBoardXP\Smtbrd32.exe
    C:\Program Files\SmartBoardXP\Smtbrd32.exe


    Check the computer clock the next time you get the application error and see if there is an Error that corresponds to that time. this will help pin down the cause:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Right click on the Error> Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.
    Errors are time coded. I'll check the Error, but if there are too many, I'll refer you to the Windows OS forum for further help.

    If you are going to continue on with help here, it would be a nice gesture if you told these good people you don't require their help:
  5. highbids

    highbids Newcomer, in training Topic Starter Posts: 28

    I canceled the help request at the other forum, I checked both my LAN & WiFi settings
    & the Client Service for NetWare seems to not be installed.

    I removed cacheman, the Tune Up Utilities entry is one
    I've tried tried to remove & cannot.

    The smartboard entries are for all users & the other entry is my user
    name login I've never had a problem with smartboard.

    The eventvwr is showing theses two errors.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2/6/2010
    Time: 2:21:15 AM
    User: N/A
    Computer: PC
    Description:

    The Cacheman Service service failed to start due to the following error:
    The system cannot find the path specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ---------------------------------------------------------------------------------------

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7022
    Date: 2/6/2010
    Time: 2:22:45 AM
    User: N/A
    Computer: PC
    Description:

    The IPv6 Helper
    ervice service hung on starting.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    I'm going to go into the the registry & remove the cacheman entries
    I know how to do it correctly without messing up the registry.
  6. highbids

    highbids Newcomer, in training Topic Starter Posts: 28

    I ran a number of utilitie software programs to clean up my computer like Tune Up Utilities & ccleaner
    but before I ran the utilities I noticed an error for my monitor that said something did
    not load correctly, but the entry is no longer there after running the cleanup programs like ccleaner.

    I posted this because my monitor screen keeps moving up & down about once every two
    minutes or so.

    Before I posted this thread I reinstalled both the video & monitor drivers & thought
    I fixed it but I didn't.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is a system problem and should be posted in the Windows OS forum.

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Start> Run> type in services.msc> double-click on each Service below and set Startup site as instructed:
    Change these Service Startup as indicated:

    CachemanService>> Manual
    Terminal Services>> Manual
    IPv6 Helper >> Manual (may change to Disabled)
    TuneUp.Defrag >> Manual
    TuneUp.UtilitiesSvc>> Manual
    CachemanService >> Disabled


    For any program you have uninstalled: Use Windows Explorer> Windows key+E> navigate to My Computer> Double click on Local Drive (C)> Programs> do a right click> delete on the uninstalled program folder.

    Exit

    Reboot the system back into Normal Mode.

    Empty the Recycle Bin

    Update the NetFramework from v3.0 to v3.5
  8. highbids

    highbids Newcomer, in training Topic Starter Posts: 28

    Thank you for all the help all seems well now if it's not I will
    post back here.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. You can remove the cleaning tools:

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you want.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    Let me know if you need more help.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.