Jump to content

Slow startup after removing svchost.agent


Recommended Posts

Short of a reinstall and 4 days work.....I have given up....

Svchost is taking 9:05 cpu time apon startup everthing works ok after 10 min used to be 4 min.

I am running a few extra services for my home mp3 server.

My system specs are P4 1.8 512 ram and its running slower than my retired Pentium-Pro 233.

I have run the latest updated and scan and it says it removed it but the startup time is too long and svchost is using 99% of cpu until everthing is started.

From log file

Files Detected: 1

C:\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I am setting up a home mp3 server using shoutcast to broadcast mp3's privatly over the net or to ipod etc

Has been working fine for awhile with 3-4 min start up time now over 10 min.

I have uninstallled some software but makes no difference.

The BIG F is waiting to kick in but we dont learn anything that way!!!!....

hijack log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:39:32 AM, on 8/4/2012

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\1sc_serv.exe

C:\Program Files\SHOUTcast\2sc_serv.exe

C:\Program Files\SHOUTcast\0sc_serv.exe

C:\Program Files\SHOUTcast\3sc_serv.exe

C:\Program Files\SHOUTcast\10sc_serv.exe

C:\Program Files\TSSI\Auto Mail Sender\ServiceExe.exe

C:\Program Files\SHOUTcast\7sc_serv.exe

C:\Program Files\SHOUTcast\6sc_serv.exe

C:\Program Files\SHOUTcast\4sc_serv.exe

C:\Program Files\SHOUTcast\5sc_serv.exe

C:\Program Files\SHOUTcast\9sc_serv.exe

C:\Program Files\SHOUTcast\8sc_serv.exe

C:\WINNT\system32\svchost.exe

C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe

C:\WINNT\system32\nvsvc32.exe

C:\Program Files\OpenVPN\bin\openvpnserv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\MSTask.exe

C:\Program Files\Virgin Mobile\Virgin Mobile.exe

C:\Program Files\OpenVPN\bin\openvpn.exe

C:\Program Files\OpenVPN\bin\openvpn.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\TSSI\Auto Mail Sender\AMSSE.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Winamp0\ServiceExe.exe

C:\Program Files\Winamp1\ServiceExe.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Winamp0\Winamp0.exe

C:\Program Files\Winamp1\Winamp1.exe

C:\WINNT\system32\MsPMSPSv.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\SHOUTcast\ServiceExe.exe

C:\Program Files\AM Server\ServiceExe.exe

C:\Program Files\Dyn Updater\DynUpSvc.exe

C:\Program Files\SHOUTcast\10mp3sc_serv.exe

C:\Program Files\SHOUTcast\1mp3sc_serv.exe

C:\Program Files\SHOUTcast\7mp3sc_serv.exe

C:\Program Files\SHOUTcast\5mp3sc_serv.exe

C:\Program Files\SHOUTcast\2mp3sc_serv.exe

C:\Program Files\SHOUTcast\4mp3sc_serv.exe

C:\Program Files\SHOUTcast\6mp3sc_serv.exe

C:\Program Files\SHOUTcast\0mp3sc_serv.exe

C:\Program Files\SHOUTcast\3mp3sc_serv.exe

C:\Program Files\SHOUTcast\8mp3sc_serv.exe

C:\Program Files\SHOUTcast\9mp3sc_serv.exe

C:\WINNT\system32\inetsrv\inetinfo.exe

C:\Program Files\AM Server\AMServer_1.2.0.exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINNT\system32\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\WINNT\system32\CTHELPER.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\FreeDNS Update\FreeDNSUpdate.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Apps\Software\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Apps/Home%20Pages/Gregs%20page%201%20centred%20open%20office.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')

O4 - .DEFAULT User Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')

O4 - Global Startup: FreeDNS Update.lnk = C:\Program Files\FreeDNS Update\FreeDNSUpdate.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mp3streetparty.mooo.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mp3streetparty.mooo.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mp3streetparty.mooo.com

O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\WinLogoutNotifier.dll

O23 - Service: Shoutcast Secure Server 0 (0mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 0 (0shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 10 (10mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 10 (10shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 1 (1mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 1 (1shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 2 (2mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 2 (2shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 3 (3mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 3 (3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 4 (4mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 4 (4shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 5 (5mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 5 (5shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 6 (6mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 6 (6shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 7 (7mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 7 (7shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 8 (8mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 8 (8shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Secure Server 9 (9mp3shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: Shoutcast Server 9 (9shoutcast) - Unknown owner - C:\Program Files\SHOUTcast\ServiceExe.exe

O23 - Service: AM Server (AMServer) - Unknown owner - C:\Program Files\AM Server\ServiceExe.exe

O23 - Service: Auto Mail Sender (Automailsender) - Unknown owner - C:\Program Files\TSSI\Auto Mail Sender\ServiceExe.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Drop Box (DropBox) - Unknown owner - C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\ServiceExe.exe

O23 - Service: Dyn Updater - Dyn, Inc. - C:\Program Files\Dyn Updater\DynUpSvc.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: Winamp Feed ch 0 (WinampFeed0) - Unknown owner - C:\Program Files\Winamp0\ServiceExe.exe

O23 - Service: Winamp Feed ch 1 (WinampFeed1) - Unknown owner - C:\Program Files\Winamp1\ServiceExe.exe

O23 - Service: Winamp Feed ch 2 (WinampFeed2) - Unknown owner - C:\Program Files\Winamp2\ServiceExe.exe

O23 - Service: Winamp Feed ch 3 (WinampFeed3) - Unknown owner - C:\Program Files\Winamp3\ServiceExe.exe

O23 - Service: Winamp Feed ch 4 (WinampFeed4) - Unknown owner - C:\Program Files\Winamp4\ServiceExe.exe

O23 - Service: Winamp Feed ch 5 (WinampFeed5) - Unknown owner - C:\Program Files\Winamp5\ServiceExe.exe

--

End of file - 11283 bytes

Link to post
Share on other sites

Hello and welcome to Malwarebytes

Sorry to hear your infected, it is probably the infection itself that is making your computer run slow, see below to get your computer cleaned up.

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

IMPORTANT: Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the

Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions >>Right HERE<<, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
  • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk by filling out the form located >>Right HERE<<

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site >>Right HERE<<

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Reply to this Topic" or "More Reply Options" buttons (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums. That will make your topic easier to follow. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.