| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64466 | 2005-12-15 21:43:00 | Strange startup item - syachost | Greg (193) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 413035 | 2005-12-15 21:43:00 | Anyone ever heard of syachost (not svchost)? A google didn't bring anything up. It's in my startup list in msconfig. I disable it but it returns after reboot. Currently doing an AVG scan of course, which will be followed by the usual tools. But meantime this is really bugging me. WinXP Pro SP1 |
Greg (193) | ||
| 413036 | 2005-12-15 21:49:00 | It will be a virus / spyware. Run all the usual scans in 'Safe Mode' |
CYaBro (73) | ||
| 413037 | 2005-12-15 22:00:00 | Post a hijackthis log here. | Speedy Gonzales (78) | ||
| 413038 | 2005-12-15 22:11:00 | Post a hijackthis log here.Thx maestro - will do. | Greg (193) | ||
| 413039 | 2005-12-15 22:28:00 | Logfile of HijackThis v1.99.1 Scan saved at 11:17:17 a.m., on 16/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Programs\Security\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Java\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] D:\Programs\AVG\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AdobeReaderPro] syachost.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [AdobeReaderPro] syachost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\npjpi150_06.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Programs\AVG\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Programs\AVG\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
Greg (193) | ||
| 413040 | 2005-12-15 22:33:00 | There's some strange behaviour happening at the same time - non of my regular startup items, eg Zonealarm and AVG and volume control icons are appearing in the processes notification area. Also when I plug in my thumb drive it doesn't show there either. And strangely that machine can no longer connect to the Internet. :confused: This is one weird bug. Incidently, this all happened after I installed a free app that was sent to me. It was scanned prior to install and was clean. |
Greg (193) | ||
| 413041 | 2005-12-15 22:39:00 | Reboot into safe mode, and turn system restore off for now . And run HJT and tick these, and tick fix checked . Then reboot . R3 - Default URLSearchHook is missing O4 - HKLM\ . . \Run: [AdobeReaderPro] syachost . exe O4 - HKLM\ . . \RunServices: [AdobeReaderPro] syachost . exe I'm using Adobe Reader Pro 7, but I cant see any service for this, and I havent got this syachost . exe file . And neither of the above 2 entries are in my startup . I would also get this ( . simplysup . com/tremover/" target="_blank">www . simplysup . com) update it, and click on scan, and then select the 3rd - 7th option under the utilities menu . |
Speedy Gonzales (78) | ||
| 413042 | 2005-12-15 22:48:00 | Thanks mate. Reboot into safe mode, and turn system restore off for now.I'm just a bit unsure... turning off System Restore deletes all old restore points, right? Was just wondering if restoring an old point might be a better first step? |
Greg (193) | ||
| 413043 | 2005-12-15 22:50:00 | Well u can leave system restore enabled, if u want . BUT it may or may not stop those files from running, next time u reboot . Thats why u turn system restore off . |
Speedy Gonzales (78) | ||
| 413044 | 2005-12-15 22:58:00 | Yeah gotcha. | Greg (193) | ||
| 1 2 | |||||