Newbie needs a hand... is it malware or hardware

svchost.exe is a valid Windows process (as long as running from the system32 folder) and it requires internet access but does not need to be a server.

Are you saying this is not your PC and that you do not have the administrator priviledges to boot into safe mode? If so, get the person who is the Admin to fix the PC. The steps that we would be giving you require adminstrator priviledges and typically will require that you have to be able to boot into safe mode. If you are not the owner of this PC, it is not a good idea for us to be helping you.

You never completed step 6 of the READ ME! Please complete step 6 and attach the two requested logs. Your HJT logs shows not real malware issues. Just some minor stuff to cleanup.

 

What kind of keyboard are you using that does not allow use in safe mode. I would not use whatever it is since that is a major short coming.

 

You need to finish what I requested at the end of message number 2!

 

Okay! This are very important logs to see. Especially in cases like your since your HJT log does not show anything of major concern. If you are really having problems, they may not be malware. Seeing the two logs from the online scanners will help us determine that.

 

Well as previously stated, your don't have any malware issues that are of major concern. There are a few things I will give below to fix with HJT and I'll also suggest you fix some other un-necessary items to help free system resources.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

The below are not necessary to load at startup. You can fix them to save system resources.
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

After clicking Fix, exit HJT.:
Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Other than this the above there have been no other problems showing in your log. I will suggest you run one more scan but I'm doubting it will reveal anything else.

Please download & run Blacklight Beta

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the Blacklight log file here.

 

Are you allowing svchost.exe (called Generic Host Process for Win32 Services in your ZoneAlarm Program Control --> Programs list) to be set as follows?

Access should allow Trusted and Internet
Server should be blocked for Trusted and Internet

When configuring your firewall for applications you must tell it what to do and whether you always want to do the samething, otherwise it will keep asking you.

 

With it adjusted that way, exactly what problems are you still having. Make sure you provide specific information. I don't think you have a problem other than possibly misunderstanding what your firewall is telling you and also how you are suppose to respond. You must make sure for things you do not want to have internet access that you deny it and also tell it to ALWAYS take the same action.

 

Be careful with what application names. I believe you mean Internet Explorer which is iexplore.exe (your browser). Explorer is explorer.exe which is the Windows Shell and what you see when you double click My Computer.

How long ago did the problems start and how long ago did you install CA\eTrust EZ Armor


Yes provide me with as much detail as possible but right now, I don't suspect that you are having malware issues.


Also please attach a new HJT log so I can see your current status.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

This still may or may not be a malware issue. While malware can create similar problems, often time it can also be legit software causing similar issues.

No we never think people are crazy. We know something is wrong, it is just a matter of determining the true root cause of the problems. As I said above, it may not be malware.

Goto Add/Remove programs and uninstall the below:
Java 2 Runtime Environment, SE v1.4.2_03
Notifier

Do you know what the below item in Add/Remove programs is?
Banctec Service Agreement


Now please download this 2 week trial version of WebRoot SpySweeper

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post.

Now ollow the directions for Running WinPfind by OldTimer.

Attach the WinPFind.txt log.

 

Something that you should consider trying is to use MSconfig to disable all Startup processes and Services related to CA\eTrust EZ Armor and then reboot and let me know if things are still working slow. Save a HJT log from this mode so I can see that you got everything disabled. DO NOT remain connected to the internet for too long in this mode. Just stay connected long enough to quickly checkout browsing. Then disconnect from the internet (unplug cable) and check out your other issues like playing videos etc. Then you can re-run MSconfig and select Normal Startup on the General tab and that will bring you back to normal.

 

You did not disable everything for CA with MSconfig. You must disable all the processes and all the Services too. Look at your HJT log and you will see the below still running.

Try it again and make sure you disable ALL processes and services from loading. If you cannot figure out how to do this, uninstall the program completely. You can always reinstall it later if we determine that it is not a problem.

 

Did you purchase Spy Sweeper? If so, keep it and uninstall Windows Defender.
If Spy Sweeper is a free trial and you are not going to buy it, uninstall it and keep Windows Defender.

Did you uninstall the below when I asked in message number 19?
Java 2 Runtime Environment, SE v1.4.2_03
Notifier


When you boot in safe mode do you still have problems?

I'm really starting to believe that your problems are not related to malware, but let's check a little further.


I want to see if anything is attaching itself to Internet Explorer. Please download ProcessExplorer

• Unzip it to its own folder somewhere you can locate it.
• Now run procexp.exe by double clicking on it.
• Let's configure some options first:
  • Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked.
  • Now click on iexplore.exe.
  • Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
• Now click on File and then Save As. And save the process list.
• Post it back here as an attachment.

Now I want to run Kaspersky Online Virus Scanner! It is only a scanner, it will not fix anything. Follow the below steps:

[/quote]
Make sure all browsers are closed except for the one needed to run this procedure.

1. Click on this link: http://www.kaspersky.com/virusscanner
2. Click the "Kaspersky Online Scanner" button (Do NOT Click "Kaspersky File Scanner").
3. In the next window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
4. When you see the Windows dialog asking if you want to install this software, click the "Install" button.
5. The scanner will download the latest definition files. When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
6. Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
7. Under "Please select a target to scan:", click My Computer to start the scan.
8. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop.
9. Close the Kaspersky On-line Scanner window.
10. Please attach the kavscan.txt file to your next message!

[/quote]

 

That is not a malware related problem. Try the Software or Hardware Forum fo that error message.

 

You are better off starting a new thread and explain your current problem exactly. You can use the below to reference this thread:

http://forums.majorgeeks.com/showthread.php?t=93765


But since there are already 28 messages here, it is better to only state your exact problem and clearly tell them you already worked thru the Malware Forum cleaning steps.

 

You're welcome! And good luck with your remaining problems.