svchost.exe error HJT log attached

[Dave8603]

Hi,

Everything was fine with my computer. Then I tried to install a downloaded version of spysweeper. After seeing that I needed a subscription and deleting the program I now get an error message when I start up my computer. All it says is that sv_chost.exe has encountered a problem and needs to close. Sorry for the inconvenience. I went to msconfig and unchecked everything but it still shows up. Also, when I try to run CCleaner, it says I must close IE or Firefox so it can scan it even though I have not opened it. Also, I use a version of McAfee as my antivirus software so I can't attach an AVG log or anything like that. I have attached a HiJackThis log though. Thanks to anyone who can help me.

 

[Dave8603]

Right after posting I thought to restore my system to yesterday and it fixed it right up. Things are still running a little slow so maybe someone can glance at my HJT log but otherwise the error message is gone and CCleaner is running like normal.

 

[N3051M]

there might be some residual effect of the virus. You can disable Mcafee temporarily while running the scans in the instructions.

Just incase you forgot where it is:
preliminary removal instructions

 

[Dave8603]

PLEASE HELP!!! Tons of errors!

I recently posted in this forum that I had an error message saying sv_chost.exe could not start, sorry for the inconvenience. This was most likely a virus since svchost.exe is the actual process not sv_chost.exe. So, I system restored my computer to yesterday and it got rid of the error message. The people helping me in this forum told me there could be residual effects of the virus and to look into running various scans to get rid of it. Per the instructions on one of the announcements or stickies here, I downloaded AVG and ZoneAlarm Pro. I ran these and smitFraudfix in safe mode and thought everything was fine. I planned on deleting ZoneAlarm since its only a 15 day trial and deleting AVG since I have McAfee. I restarted in normal mode and tried to delete both but it wouldn't let me. When I exit out of the programs I can't access any programs on my computer. It tells me I don't have authority to access them or something. Also, since running the scans I've lost the icons to my D, E, and virtual F drives. My computer boots up very very slowly and only when these programs are running can I actually use the computer. Can anyone suggest how I could get back to having a normal computer without totally restoring. Also, all of the system restore points are gone so I can't even restore to a previous day. Thanks to anyone who can help.

 

[howard_hopkinso]

I have merged your new thread into this one.

Please post a HJT log as an attachment into this thread as per these instructions HERE.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

Thanks for the help. Sorry for starting a new thread. HJT log attached.

 

[howard_hopkinso]

Your HJT log looks fairly clean.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://helpdesk.cc.binghamton.edu/magictsd/wspell.cab

O16 - DPF: {25B82430-A083-4C36-9D72-A4868E744CE2} (MGCSpellCheckAM.MDictionaryAM) - http://helpdesk.cc.binghamton.edu/magictsd/wspellAM.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44FE1F41-9F09-4ED7-8768-B9A6CB56DB3E}: NameServer = 167.206.3.220<Only fix this if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT and reboot your system.

Other than the above, your HJT log is clean.

Go HERE and see if you can download, install and run AVG Antispyware, then post the AVG Antispyware log.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

I deleted those keys and nothing changed. I have AVG on my computer but when I tried to uninstall it, like I said, it told me it wasn't even installed so it couldn't get rid of it. It is clearly installed and able to run. I ran it before all of these problems came up and it didn't even detect anything. I can try to run it again but I'm not sure what it means if it tells me its not installed but still runs. There has to be other stuff I can do besides running HiJackThis and AVG. I'd rather not totally restore my computer and all of my system restores are somehow gone. Also, when booting up my computer kind of stalls at the welcome screen and takes a pretty long time to get to the desktop. The icon is missing from the welcome screen. All it says is welcome. These are really strange symptoms...Also, itl'l take forever to scan with AVG. Before, it took me over 2 hours.

 

[howard_hopkinso]

I`m not talking about AVG free, but AVG Antispyware, which is a different programme entirely.

I want to see an AVG Antispyware log as per the instructuions in the link I gave you.

I`m trying to see if your system is clean or not. If it is, then your problems may well be caused by something else. When you say you can`t delete AVG, do you mean you can`t uninstall it from add remove programmes in your control panel?

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

When I said I can't delete AVG I meant I uninstalled it from add/remove programs but its still on the computer, and not just some files, the entire program still runs. When I went to the folder and tried to uninstall using the uninstall icon it said the program is not installed. I downloaded and ran AVG Anti spyware and it detected a Trojan. I attached the log. I'm going to bed, please PM or leave instructions here on any further actions I should take. Thanks for all your help and hopefully you'll be around tomorrow to help me more. If not, thanks again.

 

[howard_hopkinso]

You have a trojan in system restore. Do the following.

Temporarily disable Spybots teatimer.

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AVG free<Not AVG Antispyware

Close your control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AVG7 Alert Manager Server
AVG7 Update Service
AVG E-mail Scanner

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

avgamsvr.exe
avgupsvc.exe
avgemc.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://helpdesk.cc.binghamton.edu/magictsd/wspell.cab

O16 - DPF: {25B82430-A083-4C36-9D72-A4868E744CE2} (MGCSpellCheckAM.MDictionaryAM) - http://helpdesk.cc.binghamton.edu/magictsd/wspellAM.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\PROGRA~1\Grisoft\AVGFRE~1<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

When I try to run services.msc it tells me one or more ActiveX controls could not load and the page will not display properly. Its been doing this for a while even before this virus and I never knew why. It won't load the local processes tab but I can get to the standard processes. When I went to that in safe mode it shows avgamsvr.exe, avgupsvc.exe and avgemc.exe as already disabled. I ran HJT and fixed everything there. That worked. But, when I tried to delete the AVG Free folder it told me it couldn't delete it, that it might be in use. I attached a new HJT log. Thanks.

Also, firefox wouldn't let me manage any attachments for the forum here so I had use IE. Not sure if this is a symptom but I've been using firefox this whole time..

 

[howard_hopkinso]

Ok, let`s see if you can get to your services another way.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Right click my computer and select manage, in the righthand pane double click services and applications and double click services. Maximise the window and see if you can follow the instructions in my post above.

Let me know the results.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

I tried that. It just says "One or more ActiveX controls could not be displayed because either: 1)Your current security settings prohibit running ActiveX controls on this page, or 2) You have blocked a publisher of one of these controls. As a result, the page may not display correctly." Its said this for over a year now and hasn't really affected anything else on my computer. Ive tried everything to fix it and talked to a few people. No one can fix it. Is there any way for me to get rid of this virus without using the services and without totally reformatting? Thanks.

 

[howard_hopkinso]

Somethings obviously not right.

Backup your important data, then try a Windows repair as per this thread HERE. See if that helps.

If it doesn`t, you might be as well doing a format and reinstall from scratch.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

The thing is I'm at home right now and my discs for this computer are at school which is almost 4 hours away. I wanted to try and fix this without formatting. I have a reinstallation disc for XP from Dell but its for a different computer. Like I said, I have the discs for this computer at school and it includes a reinstallation XP disc. Do you think I could use a reinstallation cd from a different computer on this one or would that cd be exclusive to the other computer? If I could use the cd I have here I could most likely just download whatever drivers I need.

 

[howard_hopkinso]

Don`t use the installation disk from another computer, it may screw things up. Wait till you get your disks from School.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Dave8603]

Thanks a lot for all your help. My last question is until I get back to school is there anyway to further fix things. ZoneAlarm is still only a trial and it'll expire in 14 days. After that I may not be able to access anything because now I can only access programs when that runs. All I really wanted to do was delete ZoneAlarm and AVG.

 

[howard_hopkinso]

Once the trial of Zonealarm runs out, it`ll carry on working minus a couple of features. In other words, it`ll just revert to the free version which is more than enough for most peoples needs.

AVG free is a very good antivirus programme. The fact that you installed it along side McAfee is what has probably caused your problem. Try uninstalling McAfee and see if that helps. You shouldn`t run more than one antivirus programme at the same time as it can cause serious conflicts.

Regards Howard

This thread is for the use of Dave8603 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.