SvcHost.exe

Everytime i log in on xp home. I get an error saying windows can't find svchost.exe. I remember a while ago a worm duplicated it or something. But now my computer is running horribly slow. Have any ideas????

Also. If it hit control alt delete. My task manager wont come up. I went and checked the code and i had 0000 31000 0000 or something along that range. I need to get this fixed. Also.

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here Ya Go.

 

First, lets start by running the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you complete these scans, reboot and post a fresh HJT log.

 

I did all the scans except one. My stupid active x control wouldn't allow it. So i ran a scan with the other three. They all picked up about 3 viruses each. All different. A2 picked up 95 malware. I'm currently downloading the program and running the scan to get rid of them.


Also. The task manager came back. I have 55 running process. like crs.exe and crss.exe. i'll post my log when i get this scan done.

 

Okay ! Will be awaiting fresh HJT log.

 

Here ya go fresh.

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\svchost.exe

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O4 - HKLM\..\RunServices: [Windows Services] scmsg.exe
O4 - HKCU\..\RunServices: [Windows Services] scmsg.exe

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/aolim/install.cab

O20 - Winlogon Notify: csrs - csrs.dll (file missing)

O23 - Service: Savsengmnssr - Symantec Corporation - (no file)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\WINDOWS\svchost.exe

scmsg.exe <-- Search for this file and delete when found!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

final. Hopefully

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O4 - HKLM\..\RunServices: [Windows Services] scmsg.exe
O4 - HKCU\..\RunServices: [Windows Services] scmsg.exe

O20 - Winlogon Notify: csrs - csrs.dll (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

NOW:
Do a search for the following file. Look in the following directories for this file, be sure you have the viewing of hidden files and folders enabled per the tutorial.

C:\WINDOWS

C:\WINDOWS\System

C:\WINDOWS\System32

Search for this file csrs.dll and delete when found!

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

everything worked cept, 04 - hkcu\..runservices

That wasn't in the list with the other hklm.

I couldn't find the csrs.dll anywhere. i checked all the folders.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/aolim/install.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

After doing the above, your HJT log will be clean! Are you having any further problems?

 

Hey, everything was going great after the last reply. But now it seems to be bogged down alot. Something was left behind or something of that region.

 

Attach a current HJT log.

 

New Log.

 

CCleaner should not run at startup, so have HJT fix the below entries:

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O23 - Service: Savsengmnssr - Symantec Corporation - (no file)

After you remove the 2 above entries your log will be clean!

Are you having any further problems?