Arctic_Rat
asked on
Svchost - Dnscache, CPU usage
Using a Sony Laptop, Windows XP home, Linksys Router, Cable Modem
I had the problem in the past of Svchost - DNSCache using up to 96 to 98 percent of cpu, forcing a shutdown and reboot to clear it.
Did the
START | RUN | SERVICES.MSC
STOP AND DISABLE
DNS Client
It cleared the cpu usage problem, but the problem now is no internet connection after a certian amount of time that my system seems to decide on on its own, anywhere from 10 minutes to two or three hours. I can repair the network connection and it comes back as operation completed, but still no connection.
Restarted DNS client, set it back to automatic. Now don't have the cpu usage problem anymore.
Cleared my Hosts file for what its worth.
Using Log off and log on to clear network connection problem, even though im the only one using the laptop
I had the problem in the past of Svchost - DNSCache using up to 96 to 98 percent of cpu, forcing a shutdown and reboot to clear it.
Did the
START | RUN | SERVICES.MSC
STOP AND DISABLE
DNS Client
It cleared the cpu usage problem, but the problem now is no internet connection after a certian amount of time that my system seems to decide on on its own, anywhere from 10 minutes to two or three hours. I can repair the network connection and it comes back as operation completed, but still no connection.
Restarted DNS client, set it back to automatic. Now don't have the cpu usage problem anymore.
Cleared my Hosts file for what its worth.
Using Log off and log on to clear network connection problem, even though im the only one using the laptop
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jgiordano
is the IP address just dropped? Is it a wireless connection?
ASKER
No, its a cable connection, from router to laptop. Though it seems like the ip is just dropped. everything i check shows it there. network repair comes back as complete.
SheharyaarSaahil i did try the program above, got quite a few errors though. Generic Host Process for Win32 services error, Ip address failing tro renew. so i reloaded the backed up registry.
SheharyaarSaahil i did try the program above, got quite a few errors though. Generic Host Process for Win32 services error, Ip address failing tro renew. so i reloaded the backed up registry.
that shudn't be happen..... are u sure ur system is clean enough and there is no problem with ur router or modem,,,,, i means the common compatibility or setup issues u know..... :-?
Also can u Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
Also can u Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
ASKER
I run adware, spybot, and norton utilities at least once a week if not more. Router has the current firmware upgrade. Problem seemed to start when an automatic update downloaded a security update and i installed it. Then i started getting the svchost cpu problem.
Hijack logs as follows
Here is the startup.txt
StartupList report, 8/24/2004, 3:08:16 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\XXXXXX\Desktop\Hi
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==========================
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\mcafee\SPAMKI~
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\Taskmo
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\USBSircs\usbsir
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\GENOVA~1\MICRO
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\tcpsvc
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Documents and Settings\XXXXXX XXXXXX\Desktop\HijackThis.
--------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\XXXXXX XXXXXX\Start Menu\Programs\Startup]
xload627.lnk = C:\Program Files\Genovation\Micropad 627 Version 5.33\load627.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
PowerPanel.lnk = ?
Remocon Driver.lnk = ?
Shorcut To GenCalc.lnk = C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
Shortcut to Numlock Commander.lnk = C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
--------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\W
UserInit = C:\WINDOWS\system32\userin
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_P
VAIO Recovery = C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
PHIME2002ASync = C:\WINDOWS\System32\IME\TI
PHIME2002A = C:\WINDOWS\System32\IME\TI
MSPY2002 = C:\WINDOWS\System32\IME\PI
MSKExe = c:\PROGRA~1\mcafee\SPAMKI~
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IM
HKSERV.EXE = C:\Program Files\Sony\HotKey Utility\HKserv.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MCUpdateExe = C:\PROGRA~1\mcafee.com\age
systray driver = systray.exe
Taskmon driver = Taskmon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
SigmaTel StacMon = C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
--------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\Sy
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH
(no name) - C:\PROGRA~1\SPYBOT~1\SDHel
(no name) - c:\program files\google\googletoolbar
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-F
--------------------------
Enumerating Task Scheduler jobs:
McAfee.com Update Check (NBS2-XXXXXX XXXXXX).job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Registration reminder 1.job
Registration reminder 2.job
Registration reminder 3.job
Symantec Drmc.job
Symantec NetDetect.job
--------------------------
Enumerating Download Program Files:
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab
[PCInfo.CMClass]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCInfo.dll
CODEBASE = http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macrom
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\WINDOWS\system32\pnrpns
NameSpace #5: C:\WINDOWS\system32\pnrpns
--------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperation
--------------------------
Enumerating ShellServiceObjectDelayLoa
PostBootReminder: C:\WINDOWS\system32\SHELL3
CDBurn: C:\WINDOWS\system32\SHELL3
WebCheck: C:\WINDOWS\System32\webche
SysTray: C:\WINDOWS\System32\stobje
UPnPMonitor: C:\WINDOWS\System32\upnpui
--------------------------
End of report, 7,720 bytes
Report generated in 0.062 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
And the Log
Logfile of HijackThis v1.98.2
Scan saved at 3:03:08 PM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\mcafee\SPAMKI~
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\Taskmo
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\USBSircs\usbsir
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\GENOVA~1\MICRO
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\tcpsvc
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\Documents and Settings\xxxxxx xxxxxx\Desktop\HijackThis.
R1 - HKLM\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI
O4 - HKLM\..\Run: [MSKExe] c:\PROGRA~1\mcafee\SPAMKI~
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IM
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [systray driver] systray.exe
O4 - HKLM\..\Run: [Taskmon driver] Taskmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Startup: xload627.lnk = C:\Program Files\Genovation\Micropad 627 Version 5.33\load627.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Shorcut To GenCalc.lnk = C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
O4 - Global Startup: Shortcut to Numlock Commander.lnk = C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A305FBA3-4A87-483D-A53B-1
O17 - HKLM\System\CCS\Services\T
Hijack logs as follows
Here is the startup.txt
StartupList report, 8/24/2004, 3:08:16 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\XXXXXX\Desktop\Hi
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==========================
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\mcafee\SPAMKI~
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\Taskmo
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\USBSircs\usbsir
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\GENOVA~1\MICRO
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\tcpsvc
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Documents and Settings\XXXXXX XXXXXX\Desktop\HijackThis.
--------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\XXXXXX XXXXXX\Start Menu\Programs\Startup]
xload627.lnk = C:\Program Files\Genovation\Micropad 627 Version 5.33\load627.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
PowerPanel.lnk = ?
Remocon Driver.lnk = ?
Shorcut To GenCalc.lnk = C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
Shortcut to Numlock Commander.lnk = C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
--------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\W
UserInit = C:\WINDOWS\system32\userin
--------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_P
VAIO Recovery = C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
PHIME2002ASync = C:\WINDOWS\System32\IME\TI
PHIME2002A = C:\WINDOWS\System32\IME\TI
MSPY2002 = C:\WINDOWS\System32\IME\PI
MSKExe = c:\PROGRA~1\mcafee\SPAMKI~
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IM
HKSERV.EXE = C:\Program Files\Sony\HotKey Utility\HKserv.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MCUpdateExe = C:\PROGRA~1\mcafee.com\age
systray driver = systray.exe
Taskmon driver = Taskmon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
SigmaTel StacMon = C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
--------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\Sy
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH
(no name) - C:\PROGRA~1\SPYBOT~1\SDHel
(no name) - c:\program files\google\googletoolbar
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-F
--------------------------
Enumerating Task Scheduler jobs:
McAfee.com Update Check (NBS2-XXXXXX XXXXXX).job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Registration reminder 1.job
Registration reminder 2.job
Registration reminder 3.job
Symantec Drmc.job
Symantec NetDetect.job
--------------------------
Enumerating Download Program Files:
[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab
[PCInfo.CMClass]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCInfo.dll
CODEBASE = http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macrom
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\WINDOWS\system32\pnrpns
NameSpace #5: C:\WINDOWS\system32\pnrpns
--------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperation
--------------------------
Enumerating ShellServiceObjectDelayLoa
PostBootReminder: C:\WINDOWS\system32\SHELL3
CDBurn: C:\WINDOWS\system32\SHELL3
WebCheck: C:\WINDOWS\System32\webche
SysTray: C:\WINDOWS\System32\stobje
UPnPMonitor: C:\WINDOWS\System32\upnpui
--------------------------
End of report, 7,720 bytes
Report generated in 0.062 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
And the Log
Logfile of HijackThis v1.98.2
Scan saved at 3:03:08 PM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\mcafee\SPAMKI~
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\Taskmo
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\USBSircs\usbsir
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\GENOVA~1\MICRO
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\tcpsvc
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\Documents and Settings\xxxxxx xxxxxx\Desktop\HijackThis.
R1 - HKLM\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI
O4 - HKLM\..\Run: [MSKExe] c:\PROGRA~1\mcafee\SPAMKI~
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IM
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [systray driver] systray.exe
O4 - HKLM\..\Run: [Taskmon driver] Taskmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Startup: xload627.lnk = C:\Program Files\Genovation\Micropad 627 Version 5.33\load627.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Shorcut To GenCalc.lnk = C:\Program Files\Genovation\GenCalc 6.0\GenCalc.exe
O4 - Global Startup: Shortcut to Numlock Commander.lnk = C:\Program Files\Genovation\Numlock Commander\NumLcmdr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A305FBA3-4A87-483D-A53B-1
O17 - HKLM\System\CCS\Services\T
u are right, there is nothing BAD present on ur system !!!!
so if u know that this problem was caused by a Specific update,,,, cant u try to uninstall it, or restoring ur system to the date before all this started ??
so if u know that this problem was caused by a Specific update,,,, cant u try to uninstall it, or restoring ur system to the date before all this started ??
ASKER
Is it possible that the original problem with svchost - dnscache is still the problem but just not tying up the cpu? Symtoms are the same except for the cpu usage
does Start>Run>eventvwr.msc shows anything un usal in Application and System areas,..... like any service is failing or restarting again and again ??
ASKER
Application area corrupt so no listings, reset it
under system one error seems to happen about the time connection fails
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 8/25/2004
Time: 5:19:30 PM
User: NBS2\Harold Lackey
Computer: NBS2
Description:
The server {9F92FFA3-40D1-475A-9323-A
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
under system one error seems to happen about the time connection fails
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 8/25/2004
Time: 5:19:30 PM
User: NBS2\Harold Lackey
Computer: NBS2
Description:
The server {9F92FFA3-40D1-475A-9323-A
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
Downloaded SP2, thought maybe that would fix problem, unless you have any other sugestions. I really dont want to load it untill they have all the bugs worked out.
u are using Norton..... right ??
then why this entry for Mcafee >> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
fix it !!!!
Also u have a Startup program, this one >> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
(this is basically a Symantec security update built for WinXP SP2 new security feature)
what if u disable it in Start>Run>msconfig>Startup
restart and now check for the problem ??
then why this entry for Mcafee >> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
fix it !!!!
Also u have a Startup program, this one >> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
(this is basically a Symantec security update built for WinXP SP2 new security feature)
what if u disable it in Start>Run>msconfig>Startup
restart and now check for the problem ??
ASKER
Loaded SP2, Problem is fixed. Dont know if it was SP2 and winsock repair. But you were the only one to take a stab at the question. Thanks
no the problemw as actually this file of NAV >> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
it was meant for SP2 but as SP2 was not installed, it was creating problems,,, and now as SP2 has been installed,,,, this file is working like a charm and thus no problems :)
i researched on this file and problem..... and that's why i asked to disable it =)
But glad u got it solved, and thanx for the points !!!!
Cheers ^_^
it was meant for SP2 but as SP2 was not installed, it was creating problems,,, and now as SP2 has been installed,,,, this file is working like a charm and thus no problems :)
i researched on this file and problem..... and that's why i asked to disable it =)
But glad u got it solved, and thanx for the points !!!!
Cheers ^_^
ASKER
interesting, one thing though - it's still disabled, ill try enabling it and see what happens if anything. Ill make a restore point before that though.
I notice that glb1a2b.exe is mentioned in this thread. I just ran the new Yahoo Anti-Spy on my machine and this was identified as an unknown Trojan key logger. It was not on my system a week ago, and during the last week I have had several I.E. shutdowns due to 'memory block not found' errors. I am hoping those errors disappear now that glb1a2b.exe has been removed.
I have not been able to find anymore info on glb1a2b.exe, but you may wish to look into this as a possible contributor to your problem.
I have not been able to find anymore info on glb1a2b.exe, but you may wish to look into this as a possible contributor to your problem.