Generic host for Win32 Svchost.exe error persistant -and I am stuck.

Can you download, install and run HijackThis from

http://www.spywareinfo.com/~merijn/programs.php#hijackthis

and post the log.

Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:02:30 AM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\Admin_IT\Downloads\Hijack_This\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rittercomputersolutions.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2833 bytes



This might be of use as well -Tasklist /SVC results

Tasklist /SVC produces a list all the below are the 6 different svchost entries and what is activated by each as the system starts:
svchost.exe    

1.)  DcomLaunch, TermService
2.)  RpcSs
3.)  AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC
4.)  Dnscache
5.)  LmHosts, RemoteRegistry, SSDPSRV, WebClient
6.)  stisvc

Can you fix this:

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Also, when you connect, are you connecting to a wired or wireless network? If wired, can you disable your wireless and report back?

fixed O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Disabled wireless and LAN -under Network adapters  -so, no adapters to go online.
>>Next reboot -before logging in to profile I get the svchost.exe error
>>After logging in (with adapters disabled) I get the Generic Host for Win32 Services encountered a problem error.

Dunno if this is related:  In Event Viewer with second of the error I found an entry that says: The server was unable to add the virtual root '/Family Drivers' for the directory 'C:\Documents and settings\Profile I don't use anymore\Family Drivers' due to the following error: The system cannot find the file specified. The data is the error code.
A printer error for suitable Capture Fax driver not being found
A parallel error because it is disabled or no enabled devices are associated with it.  -probably normal because there are no devices attached to it

Then there are several NLA (Network Location Awareness) entries that are NOT failures but have the same timestamp.

The Main Generic...Win32 error is reported 1 second after the Windows Security Center Service started.

10:51:08AM EVENT ID 1000
4 seconds later an error says Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.  

**There are 3 more repetitions of Events of "the Windows Security Center started"  and "Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. "

***Hmmn... the last entry adds the words svchost.exe

***Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.  

The Main Generic...Win32 error is reported 1 second after the Windows Security Center Service started.

I think this is the significant part but I don't know how to narrow down from here.  Maybe this and results from tasklist /SVC will give a clue.  I think I am stuck at this point though.

10:51:08AM EVENT ID 1000
4 seconds later an error says Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.  

**There are 3 more repetitions of Events of "the Windows Security Center started"  and "Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. "

***Hmmn... the last entry adds the words svchost.exe

***Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.  

I kept rebooting to see if I could get anything different in Event viewer  -got one that says:

Faulting application svchost.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address ox00081fea

I got several others that look like the ones I already listed above.

Except for the fact that you're on XP, this Microsoft article seems as though it would apply:

http://support.microsoft.com/default.aspx?scid=kb;en-us;910666

Can you go to Start | type in:

sfc /scannow

You will need your Windows XP CD for this.

The link you sent has almost identical error listed in it  -the below part IS identical.
**************************
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000

Event Type: Information
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Description:
Faulting application svchost.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.0, fault address 0x0000694e.
***********************

I think the event ID Stayed 1000 in both places though  -I see it changes to 1004 here -dunno if that matters.

I did a sfc /scannow earlier but I don't remember what restore point I moved to trying to fix this -I will run it again and reboot -just in case I wiped it out.  

I will see if the fix for the 2003 has any bearing on the boot.ini on my system and if it helps.

As seen on the link you provided from Microsoft I have this setting in the Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Key Name: PhysicalAddressExtension
Type: DWORD
Value: 1
I changed it to 0 but it always changes back to 1 on reboot -even though I added the /NOPAE into the boot.ini

sfc /scannow with Original XP w/SP2 media didn't provide any additional help -error still occurs.

are these two updates installed on your system?

Update for Windows XP (KB894391)
http://www.microsoft.com/downloads/details.aspx?FamilyID=A87B44B9-7A6A-49B6-BD89-AFAD4E049C48&displaylang=en

Security Update for Windows XP (KB921883)
http://www.microsoft.com/downloads/details.aspx?FamilyId=2996b9b6-03ff-4636-861a-46b3eac7a305

I did not have the KB921883 installed -but I brought it across on a USB stick and installed it.

System locks up and gives svchost.exe msg with either LAN or Wireless connection.

If I pull up task manager and list in order of memory usage and get rid of the largest svchost process -then I can surf.  However, if I do a IPCONFIG /RELEASE and /Renew I get an error saying that the RPC server cannot be found and I am no longer online.

Something of interest:
When I do an IPCONFIG I get a result like below -Extra IP ADRESS LINE??


IP ADDRESS:  192.168.1.104
SUBNET MASK: 255.255.255.0
IP ADDRESS: ?
DEFAULT GATEWAY 192.168.1.1

and then I get a tunnel adapter -don't have the exact msg on screen since I am using the same unit booted to Vista to try to fix the XP problem
But it's something like below:

Tunnel adapter
IP ADDRESS: ?

>>Error is still reoccurring

I just uninstalled IE7 in case that was an issue -I think that was installed a week or so before the problem occurred. I reinstalled by going to C:\windows\inf and right clicked on IE.inf and installed it with the XP CD in the drive.  

It didn't seem to help.

So, now I have IE6 Back on the unit.

>>I added comments just to be clear.  Not sure if I made this clear, but error is still reoccurring.
>>Error still occurs.

What if I deleted the svchost entries from the registry and deleted svchost.exe -then did a repair install -would that repair the things that are supposed to start with svchost ?  

Is there a way of figuring out which service(s) called by svchost is/are the problem and how to fix it/them?

can you check out the Workaround in this MSKB?
http://support.microsoft.com/kb/910666

also is your system restore enabled?
if yes then can you try restoring it to the date when this problem was not there?

This was the suggestion by  [ID:19850757Author:souseranDate:09.07.2007 at 03:28PM ] listed above -->seems to match almost exactly as I mentioned on my next post after this comment -I was excited because the message matches what shows up in event viewer almost exactly -however, it didn't seem to help though.

I have tried system restore to no avail.

I don't know the services called by svchost well enough to tell which ones I could turn off but my gut says that is probably the way to fix this -however I am open to any kind of fix.  I don't have the experience many of you have -especially SheharyaarSaahil, but it seems to me that if we can end a svchost process and get things moving again that we should be able to narrow it down to a specific process called by svchost.

btw -This also seems to match up (generally) with MSKB 927385  http://support.microsoft.com/kb/927385/en-us  -->but none of that helped either.

From my first 2 posts I will reprint this for reference:

Tasklist /SVC produces a list all the below are the 6 different svchost entries and what is activated by each as the system starts -each one of the groups below is across from a svchost service in the listing.
svchost.exe    

1.)  DcomLaunch, TermService
2.)  RpcSs
3.)  AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC
4.)  Dnscache
5.)  LmHosts, RemoteRegistry, SSDPSRV, WebClient
6.)  stisvc

From Post http://search.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22136817.html?sfQueryTermInfo=1+encount+failur+problem+servic+svchost+win32

I can see that to query a service within svchost I can do: sc qc servicename  
--> and to disable them i can do: sc config servicename start= disabled  and  sc stop servicename

As I troubleshoot what is the syntax to turn them back on?  I am guessing it is sc config servicename start= enabled and sc start servicename.

If I am going the wrong way and this can be solved a different way (I'm sure there is more than one way to go about this overall issue) please repoint me in the right direction.

The above post shows under Microsoft Operating Systems -I think I chose that as one of my three choices in posting this question -is this post in the right place for this type of question, -if not, let me know.

I just pulled up the Tasklist /SVC from a SIMILAR computer (that works fine) to see what it's svchost services are:
1.) DomLaunch, TermService
2.) RpcSs
3.) AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogin, SENS, SharedAccess, ShellHWDection, srservice, TapiSrv, Themes, TrkWks, w32time, winmgmt, wscsvc, wuauserv
4.) Dnscache
5.) Alerter, LmHosts, RemoteRegistry, SSDPSSRV, WebClient
6.) stisvc
7.) HTTPFilter

Comparing the two tasklists:
"WZCSVC" is listed separately on the system that is working -and not under svchost.
There is an "Alerter" on the system that is working.
There is a "HTTPFilter" on a separate svchost on the system that is working.

Of course I don't know that there might be a corrupted or infested file within the normal names of what is listed either -but I have run some pretty heavy-duty anti-malware listed above and it's not finding anything.

I turned off the WZCSVC service using the commands listed above and a new service appeared called 6to4 -says that is is a helper to convert IPv6 to IPv4 or something -disabled that as well.

On next boot programs were able to open and I could bring up and IE window but not surf.  I could however ping all over the internet sucessfully.

I uninstalled the software for Intel Pro Wireless that came with this machine as one of the MSCONFIG startup items for Intel was WZCSVC  -I also uninstalled SDK for Windows.

On reboot I seem to be surfing just fine with a wired connection but I am unsure of what will happen when I reinstall the wireless adapter.

I was only able to surf to a couple pages before it locked up again using Local Area Connection.  But the system isn't locked up for all functions -just doesn't surf -until now the whole machine would lockup after the svchost message and I couldn't even click on anything.  

I can still ping google and others.

Kinda looks like I'm moving slowly in the right direction...  I can use any help you would like to give.

I'm not getting many hits on this question -is it too hard or did I post it in the wrong place?

Please help, I am just floundering though this -I am trying stuff because I am not getting many other ideas -I may be going in the wrong direction or I may be onto something but don't have the experience to carry it to completion/ a fix.

im sorry for the late reply....got stuck in work yesterday.....

there is a program called Process Explorer which can tell you that which svchost process is calling which file
http://www.snapfiles.com/get/processexplorer.html

in that way, you can try finding out the one which is causing this issue, and then we can decide what to do with this particular service/file :)

OK -downloaded it but don't know how to use it -please give me tips

-I won't be able to try it out until the early AM -working night shift.

check the properties of the processes and see which file(s) they are calling.....

it looks identical to the tasklist /svc as far as I can tell.  svchost is calling the same stuff.

Is there some way of printing a report or is there some things you would like me to type out to be of help? -to help you help me?  

Current status:  Machine is not locked up with no internet connection (not hard-wired right now, and wireless is uninstalled) and with the processes I turned off a few posts ago.

What should be the next few trouble-shooting steps?  -I can tell from Googling that if we fix this it will be a great find -looks like most people (that had a similar problem) gave up around here -it seems like we have enough information to do it but I don't  know exactly how.

Bueller...?  

I only quickly read the whole thread, if it isn't hardware/software/drivers issue then try others.

If you're desperate, it doesn't hurt to run malware diagnostic tools.

1.  Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

 

2.  Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall



IF still no joy, scan for rootkits:
1.  Download (Download the GUI) version of BlackLight, and save it to your desktop.
https://europe.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.


2.  Rootkit Revealer:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to it own folder or to your desktop.
Run RootkitRevealer.exe and scan your system. When the scan is complete click on File, Save, and save the log file. Post the log here.
In order to minimize RKR log being polluted with legit data run RootkitRevealer on an idle system.


3.  Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.

Sorry, I checked several times and had no answer -I was really hoping to continue down the svchost processes path as SheharyaarSaahil had me download the process explorer thing -oh well guess he got busy or didn't want to close it.  It really felt like we were going in the right direction and we just had to zap the wrong process.

rpggamergirl, you have helped me in the past several times -I will try what you have posted tomorrow when I get home from work.  

Error msg for Svchost generic service no longer appears BUT SAME SYMPTOMS REMAIN
Cannot connect to internet via browser.   LOGS INCLUDED BELOW

 *sigh I can ping google.com but IE webpage won't come up.  

I still get a weird IPCONFIG result

Connection-Specific DNS suffix: hsd1.tn.comcast.net:
IP ADDRESS:  192.168.1.104
SUBNET MASK: 255.255.255.0
IP ADDRESS: ?
DEFAULT GATEWAY 192.168.1.1


Tunnel adapter
IP ADDRESS: ?

SDFix log:

***SDFix, Combofix and hijackthis logs removed by rpggamergirl, Zone Advisor***

Blacklight said it didn't find anything so it didn't print a log.

Rootkit Revealer seemed to get stuck after it got into the F drive (or at least after it scans the F drive it won't save to a file) which is the Vista installation -so I saved the part that will save and I will manually type in the other from what I saw on the Rootkit Revealer window.

I think that the entry that looks like HKLM\SECURITY\Policy\Secrets\SAC* looks suspect and I recall seeing this error first pop up once in late december -but I don't have experience looking at these logs so I will defer to those who know better.

HKU\.DEFAULT\Control Panel\International      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKU\S-1-5-21-842925246-861567501-839522115-1012\Control Panel\International      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKU\S-1-5-21-842925246-861567501-839522115-1012\Control Panel\International\Geo      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKU\S-1-5-18\Control Panel\International      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo      9/30/2007 9:37 AM      0 bytes      Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC*      12/27/2006 3:20 PM      0 bytes      Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*      12/27/2006 3:20 PM      0 bytes      Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1}*      1/3/2007 3:13 PM      0 bytes      Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName      2/2/2007 3:24 AM      58 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName      6/26/2007 11:49 AM      58 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Services\vax347s\Config\jdgg40      6/27/2007 11:02 PM      0 bytes      Hidden from Windows API.
******I am typing out the remainder maybe it didn't know how to represent a folder with no properties like the one below**********
No name folder (just an icon) No timestamp 0 bytes Hidden from API.
\$Repair:$Config       2/20/2007  3:52pm     8 bytes     Hidden from API.
\$Txf                          2/20/2007  3:52pm     0 bytes     Hidden from API.
\$Txflog                     2/20/2007  3:52pm     1MB          Hidden from API.
\$Txflog \$Tops:$T    2/20/2007  3:52pm      0bytes       Hidden from API.

gmer log:

  ***Gmer log removed by rpggamergirl, Zone Advisor***              
           
---- EOF - GMER 1.0.13 ----

>>I think that the entry that looks like HKLM\SECURITY\Policy\Secrets\SAC* looks suspect<<
the above key is part of the OS and is quite normal to show up in RKR log.

I had a quick looked in RKR log and don't find any suspicious or rootkits entries in the log(unless I missed something) anyone finds anything on the logfile before I remove it?


Do you recognize these files? likely came when you installed "Intel" app.
C:\WINDOWS\system32\AegisI5Installer.exe
C:\WINDOWS\system32\drivers\AegisP.sys
C:\WINDOWS\AegisP.sys


also know these?
C:\WINDOWS\SoftwareDist3
C:\WINDOWS\sdOld

The software distribution folder renames are my attempt to make sure updates wern't the problem with this issue.

I think you are right under the Aegis as Intel apps  -Again, I only have the problem when the Wireless is installed -though, even now, I can't surf even through the LAN connection.

What can we do next?

Also, any ideas on the weird ipconfig?
I still get a weird IPCONFIG result with the "?"

Ethernet adapter Wireless Network Connection 10:

Connection-Specific DNS suffix: hsd1.tn.comcast.net:
IP ADDRESS:  192.168.1.104
SUBNET MASK: 255.255.255.0
IP ADDRESS: ?
DEFAULT GATEWAY 192.168.1.1

I don't know if this makes any difference but when I turn on my wireless radio (from the button) I can get to one website before it starts getting "Page cannot be displayed" -I can get to any page -and it's not cached because it has current content -but the next address I try gets me nowhere.

What's next?

The Aegis was the intel Proset Wireless:
"Do you recognize these files? likely came when you installed "Intel" app.
C:\WINDOWS\system32\AegisI5Installer.exe
C:\WINDOWS\system32\drivers\AegisP.sys"

Just curious -Why was the GMER Log requested then removed?

Just posted the previous post -can an Advisor or moderator tell me if I have posted this question to the appropriate area and if there are others (I know I can choose 3) to post this to that might be better suited than the ones I chose?

I have followed each step and have posted logs and info requested -I am not seeing any posts -am I abandoned?

I am very sorry for failing to post back. I seem to have lost this one.
What's the update to your problem?

-as per above -I fixed it -what is the method of closing this out now?  

-Hope that info helps the next unfortunate person that gets this freak lockup.

can we set it to 0 points or something but leave it as a reference in case someone else gets this problem?  I would like it there in case I get a similar issure or an intermediate svchost issue.  I spent sooooo much time on this.  Thanks!  

I will look over your links in the next couple days -I gotta get back to work.

Yes, "FAQed and refunding your points" in this case means this question will have 0 point and will be added to EE database of solutions, with your comment  {http:#20432995} as the Accepted answer.

I clicked on all the links in the administrative comment above so that I could learn how to make this a 0 point question that could retain my answer for anyone who needed it but all the links brough me to EE help page with billing answers..? -I hit Ctrl-F to find the words "answered my question myself" but they were not found.  -Can someone walk me through that process or give me a link that explains it?

Thanks, I would like to not leave questions open but don't know how to really close them or submit them for 0 point value answered.