mrwayyne
asked on
How can I repair a very bad SVCHOST.EXE error? System becoming increasingly unstable
I do not know what caused this. It has been present for the last three days. I was browsing when it happened and I also get the alerts frequetly after booting and arriving at my desktop. I am running Windows XP Media Edtion. Suddenly I started getting errors that read svchost.exe error 0x00000000 can not be written at 0x00000000. This alternates with the more commonly 0x7c9105f8 cannot be written at 0x00000010. I have read everywhere I can and found that somehow it is an automatic update problem with Microsoft. I called Microsoft (India) was transferred to three different people. They finally installed a hotfix and directed me to housecall.trendmicro.com. I have run my stystem through the check several times. I have used Registry Mechanic, Reg Cure, Ccleaner. I have done a system restore to two weeks ago. No the problem is even worse. I was afraid I wasn't even going to be able to get into my browser to post this. I am flabbergasted. I have read that lots of people of had the error, but no real fix. Could some wonderful person help me with this? Thank you so much in advance. I have a Dell XPS 4000, 2 gigs RAM, Creative Sound Blaster X-FI , 40 gig, etc... I'm desparate.
Are you sure this has something to do with windows updates? sometimes nasties can camouflage
svchost.exe. It won't hurt to make sure that the system is free from any nasties, you can also try either of these tools.
1. SUPERAntispyware:
http://www.superantispyware.com/
2. Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
3. Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please or attch the logfile using "Attach Code Snippet"
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
svchost.exe. It won't hurt to make sure that the system is free from any nasties, you can also try either of these tools.
1. SUPERAntispyware:
http://www.superantispyware.com/
2. Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
3. Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please or attch the logfile using "Attach Code Snippet"
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
I think that after all, you will need to re-format your HDD and install OS again. This is best thing that you can do.
It seams that your system files are badly demaged.
Hope this help!
It seams that your system files are badly demaged.
Hope this help!
ASKER
Here is the HiJack This scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.ex
C:\WINDOWS\system32\CTHELP
C:\WINDOWS\system32\CTXFIH
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DL
C:\Program Files\Common Files\InstallShield\Update
C:\WINDOWS\SYSTEM32\CTXFIS
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MediaLife\M
C:\Program Files\Java\jre1.5.0_08\bin
C:\Program Files\Movielink\MovielinkM
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\WINDOWS\system32\hphmon
C:\WINDOWS\system32\ctfmon
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.e
C:\WINDOWS\eHome\ehSched.e
C:\WINDOWS\System32\svchos
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MOVIEL~1\MOVIE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\system32\PSISer
C:\WINDOWS\system32\tcpsvc
C:\WINDOWS\System32\snmp.e
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(
C:\WINDOWS\system32\dllhos
C:\WINDOWS\system32\HPHipm
C:\WINDOWS\eHome\ehmsas.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\MSN\MSNCoreFiles\msn
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaem
C:\Documents and Settings\W Blakely\Local Settings\Temporary Internet Files\Content.IE5\6P1GU6IP
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\M
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.h
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {54BE6B6F-3056-470B-97E1-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-4
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSISer
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12804 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.ex
C:\WINDOWS\system32\CTHELP
C:\WINDOWS\system32\CTXFIH
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DL
C:\Program Files\Common Files\InstallShield\Update
C:\WINDOWS\SYSTEM32\CTXFIS
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MediaLife\M
C:\Program Files\Java\jre1.5.0_08\bin
C:\Program Files\Movielink\MovielinkM
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\WINDOWS\system32\hphmon
C:\WINDOWS\system32\ctfmon
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.e
C:\WINDOWS\eHome\ehSched.e
C:\WINDOWS\System32\svchos
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MOVIEL~1\MOVIE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\system32\PSISer
C:\WINDOWS\system32\tcpsvc
C:\WINDOWS\System32\snmp.e
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(
C:\WINDOWS\system32\dllhos
C:\WINDOWS\system32\HPHipm
C:\WINDOWS\eHome\ehmsas.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\MSN\MSNCoreFiles\msn
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaem
C:\Documents and Settings\W Blakely\Local Settings\Temporary Internet Files\Content.IE5\6P1GU6IP
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\M
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.h
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {54BE6B6F-3056-470B-97E1-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-4
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSISer
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12804 bytes
ASKER
HERE IS THE LOG FROM COMBOFIX
ComboFix 07-12-02.5 - W Blakely 2007-12-01 23:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279 [GMT -8:00]
Running from: C:\Documents and Settings\W Blakely\Local Settings\Temporary Internet Files\Content.IE5\6SETYUVW\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-01 10:33 . 2007-12-01 10:33 <DIR> d-------- C:\Program Files\Smartparts
2007-12-01 08:13 . 2007-12-01 08:23 <DIR> d-------- C:\Program Files\RegCure
2007-12-01 08:03 . 2007-12-01 08:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-01 06:40 . 2007-12-01 07:54 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-11-30 18:44 . 2007-11-30 18:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-29 17:51 . 2007-11-29 17:51 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-28 18:25 . 2007-11-28 18:25 <DIR> d-------- C:\Program Files\TeamViewer3
2007-11-28 18:25 . 2007-11-28 18:25 <DIR> d-------- C:\Documents and Settings\W Blakely\Application Data\TeamViewer
2007-11-28 18:24 . 2007-11-28 18:24 <DIR> d-------- C:\Documents and Settings\W Blakely\temp
2007-11-17 09:46 . 2007-11-17 09:54 <DIR> d-------- C:\WINDOWS\system32\MappedUp dir
2007-11-17 09:46 . 2007-11-17 09:46 532,480 --a------ C:\WINDOWS\system32\MappedUp.scr
2007-11-13 18:58 . 2007-11-13 19:03 <DIR> d-------- C:\Program Files\Opera
2007-11-09 16:55 . 2007-11-09 16:55 <DIR> d-------- C:\Program Files\iTunes
2007-11-09 16:55 . 2007-11-09 16:55 <DIR> d-------- C:\Program Files\iPod
2007-11-09 16:54 . 2007-11-09 16:54 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-09 10:33 . 2007-11-30 18:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-09 10:33 . 2007-11-09 10:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-09 07:19 . 2007-11-09 07:20 <DIR> d-------- C:\Program Files\QuickTime
2007-11-09 07:19 . 2007-11-09 07:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-07 17:54 . 2007-11-07 17:54 <DIR> d-------- C:\Documents and Settings\W Blakely\vw
2007-11-07 17:53 . 2007-11-07 17:57 <DIR> d-------- C:\Program Files\VisualRoute Lite Edition
2007-11-07 17:32 . 2004-08-10 02:00 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2007-11-07 17:32 . 2004-08-10 02:00 35,328 --a------ C:\WINDOWS\system32\dllcache\iprip.dll
2007-11-07 17:32 . 2004-08-10 02:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-11-07 17:32 . 2004-08-10 02:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
2007-11-07 17:23 . 2007-11-07 17:26 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-04 07:26 . 2007-11-04 07:26 <DIR> d-------- C:\Documents and Settings\W Blakely\Application Data\Apple Computer
2007-11-04 07:24 . 2007-11-04 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-04 07:24 . 2007-11-04 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-03 17:07 . 2007-02-06 15:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-03 17:07 . 2007-02-02 02:00 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-11-03 17:07 . 2007-01-09 00:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-11-03 17:06 . 2007-11-03 17:06 <DIR> d-------- C:\Program Files\muvee Technologies
2007-11-03 17:06 . 2007-11-03 17:07 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-11-03 17:06 . 2007-11-03 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-03 13:49 . 2007-11-03 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 07:27 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-02 07:20 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\MSN6
2007-12-01 03:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 02:46 --------- d-----w C:\Program Files\Windows Live
2007-12-01 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-30 21:23 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-30 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-30 19:00 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\Spyware Terminator
2007-11-30 01:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 02:10 4,390 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-27 03:43 579,312 ----a-w C:\WINDOWS\AppPatch\WindowsXP-KB909918-v2-x86-ENU.exe
2007-11-23 17:54 --------- d-----w C:\Program Files\Lavasoft
2007-11-22 01:33 --------- d-----w C:\Program Files\360Share Pro
2007-11-10 20:12 --------- d-----w C:\Program Files\Jasc Software Inc
2007-11-04 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 01:06 --------- d-----w C:\Program Files\Corel
2007-11-03 23:06 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\Corel
2007-11-03 23:05 --------- d-----w C:\Program Files\Common Files\Corel
2007-11-01 01:59 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\Jasc
2007-10-27 17:38 --------- d-----w C:\Program Files\HP Photosmart 11
2007-10-26 15:51 --------- d-----w C:\Program Files\Hp
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 23:15 --------- d-----w C:\Program Files\Paltalk Messenger
2007-10-21 15:21 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\Paltalk
2007-10-21 05:21 --------- d-----w C:\Program Files\Java
2007-10-19 01:22 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\Viewpoint
2007-10-19 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-13 14:50 --------- d-----w C:\Program Files\MTV Networks
2007-10-13 03:13 --------- d-----w C:\Program Files\DFX
2007-10-13 03:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2007-10-11 00:43 584,704 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-07 15:33 --------- d--h--w C:\Program Files\Creative Installation Information
2007-10-07 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-10-07 15:23 --------- d-----w C:\Program Files\Creative
2007-10-05 02:17 --------- d-----w C:\Program Files\Last.fm
2007-10-05 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-10-05 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-10-05 02:03 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-05 02:03 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-05 02:03 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-10-05 02:02 --------- d-----w C:\Program Files\Common Files\Logitech
2007-10-05 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-04 00:32 --------- d-----w C:\Documents and Settings\W Blakely\Application Data\LimeWire
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 09:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-09-17 08:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 08:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 08:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 08:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 08:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-17 08:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 08:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 08:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 08:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 08:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 08:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 08:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 08:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 08:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 08:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 08:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 08:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 08:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 08:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 08:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 08:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 08:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 08:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 08:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 08:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 08:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 08:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 08:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 08:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 08:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Power2GoExpress"="" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 02:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 09:46 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 09:46 C:\WINDOWS\system32\Ctxfihlp.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 04:56]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 08:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 15:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 04:46]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"PCMService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2004-09-09 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03]
"LoadMSvcmm"="C:\Program Files\Movielink\MovielinkManager\Movielink User.exe" [2006-11-03 12:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 06:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 17:34]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-12 17:41:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 01000000
"NoSetFolders"= 0 (0x0)
"NoRecentDocsHistory"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 14:34 106496 --a------ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EntriqMediaTray]
2006-05-01 09:56 122880 --a------ C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 00:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-02 07:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-01-25 01:41:56 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2007-12-02 07:28:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 07:27:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-12-01 16:13:31 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-02 07:27:15 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-12-01 16:03:26 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 23:31:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 23:31:45 - machine was rebooted
.
--- E O F ---
Your HijackThis log file looks pretty clean, although it's still *conceivable* there is a rootkit. Checking ComboFix log now.
Hopefully a re-format will not be necessary, there 's a lot of good people out here helping!
You'll find some further suggestions here, for example, the problem in this previous thread proved to be Spyware >
"The service SVchost is using the 100 % of my processor":
https://www.experts-exchange.com/questions/22990995/The-service-SVchost-is-using-the-100-of-my-processor.html
Hopefully a re-format will not be necessary, there 's a lot of good people out here helping!
You'll find some further suggestions here, for example, the problem in this previous thread proved to be Spyware >
"The service SVchost is using the 100 % of my processor":
https://www.experts-exchange.com/questions/22990995/The-service-SVchost-is-using-the-100-of-my-processor.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ComboFix log 'appears' clean, although expert rpggamergirl may possibly spot something 'nasty'!
Inclined therefore to believe that it may well be the 'update issue', as first suggested by MrHusy, so you could try Process Explorer, the details of which are included in the previous two comments.
Please post back whenever you need further assistance from us.
Inclined therefore to believe that it may well be the 'update issue', as first suggested by MrHusy, so you could try Process Explorer, the details of which are included in the previous two comments.
Please post back whenever you need further assistance from us.
"Are you sure this has something to do with windows updates? sometimes nasties can camouflage "
and sometimes easiests are missed :)
mrwayyne, did you have time to follow my steps?
and sometimes easiests are missed :)
mrwayyne, did you have time to follow my steps?
ASKER
MrHusy I did not implement that batch file. I'm not sure how to do that. I need step by step instructions. I don't want to make the wrong move and mess it up more.
ASKER
This is really getting complex. The computer no longer recognizes when outside memory objects are inserted. ie: camera, flash memory, inserted CD's.
Also, when I go to print off pages with your individual instructions, a blank page prints, regardless what my page set up is. Obviously I would need these instructions printed to follow each of the steps precisely.
Also sound does not work if I go to an onsite music service such as Pandora.
Also, when I go to print off pages with your individual instructions, a blank page prints, regardless what my page set up is. Obviously I would need these instructions printed to follow each of the steps precisely.
Also sound does not work if I go to an onsite music service such as Pandora.
ASKER
I fear I am going to have to scrap my whole computer, losing pictures, word documents, etc. I can't believe this is happening.
mrwayyne:
there is no need for a batch file. Please follow step by step
Verify Windows Update Service Settings
* Click on Start, Run and type the following command in the open box and click OK
services.msc
* Find the Automatic Updates service and double-click on it.
* Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.
* Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.
* On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.
* Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.
* Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)"
Re-Register Windows Update DLLs
* Click on Start, Run, and type CMD and click ok
* In the black command window type the following command and press Enter
REGSVR32 WUAPI.DLL
* Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK
* Repeat the last two steps above for each of the following commands (I know you already did but please repeat again after above)
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
Remove Corrupted Windows Update Files
* At the command prompt, type the following command and press Enter
net stop WuAuServ
* Still at the command prompt,
type cd %windir% and press Enter
* In the opened folder, type the following command and press Enter to rename the SoftwareDistribution Folder
ren SoftwareDistribution SD_OLD
* Restart the Windows Update Service by typing the following at the command prompt
net start WuAuServ
* type Exit and Press Enter to close the command prompt
Reboot Windows
* click on Start, Shut Down, and Restart to reboot Windows XP
Regards
there is no need for a batch file. Please follow step by step
Verify Windows Update Service Settings
* Click on Start, Run and type the following command in the open box and click OK
services.msc
* Find the Automatic Updates service and double-click on it.
* Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.
* Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.
* On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.
* Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.
* Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)"
Re-Register Windows Update DLLs
* Click on Start, Run, and type CMD and click ok
* In the black command window type the following command and press Enter
REGSVR32 WUAPI.DLL
* Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK
* Repeat the last two steps above for each of the following commands (I know you already did but please repeat again after above)
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
Remove Corrupted Windows Update Files
* At the command prompt, type the following command and press Enter
net stop WuAuServ
* Still at the command prompt,
type cd %windir% and press Enter
* In the opened folder, type the following command and press Enter to rename the SoftwareDistribution Folder
ren SoftwareDistribution SD_OLD
* Restart the Windows Update Service by typing the following at the command prompt
net start WuAuServ
* type Exit and Press Enter to close the command prompt
Reboot Windows
* click on Start, Shut Down, and Restart to reboot Windows XP
Regards
If above doesnt work, I would recommend
Start>Run> sfc /scannow and insert windows cd when asked
Start>Run> sfc /scannow and insert windows cd when asked
ASKER
Ok... I have followed your instructions. I have not gotten another warning. However I am having problems with nothing printing from my printer. The stystems does not regcognize where it is and will not print anything. It seems that either in the bios... or somewhere... the computer has been told not to recognize any external devices. So when I insert a cd ... nothing happens, camera, printer ...etc.
Now that I have followed your instructions, do I need to go to the windows update site and do anything?
Now that I have followed your instructions, do I need to go to the windows update site and do anything?
ASKER
I spoke too soon. On a reboot, the same svchost.exe 0x7c9105f8 at 0x00000010 is referenced. Dang this is frustrating. Seems like Microsoft should be responsible for this if it is a Update error caused by Microsoft. Thank you for all of your help and suggestions. I am very grateful. It's just not looking good.
Wayne
Wayne
ASKER
ok... System Idle Process stays at about 98% when I hover over the svchost.exe places listed, I get things like DCOM Server Process Launcher [DcomLaunch] Terminal Services [TermService] and Remote Procedure Call (RPC) and DNS Client [Dnscache] and Remote Registry [RemoteRegistry] TCP/IP NetBIOS Helper [LmHosts] Universal Plug and Play Device Host [upnphost] Web Client [WebClient] and HTTP SSL [HTTP Filter] and SSDP Discovery Service [SSDPSRV] and.... this one... Background Intelligent Transfer Service [BITS] COM+Even System[EventSystem] Help and Support [helpsvc] Network Connections [Netman] Network Location Awareness ([NLA) [Nla] Remote Access Connection Manager [RasMan] System Event Notification [SENS] Task Scheduler [Schedule] Tellephone [TapiSrv] Themes [Themes] Windows Management Instrumentation [winmgmt]
Those are all the svchost.exe refereneces to my system.
Lordie!!!!!! my reference... ha! Thank you for helping
Those are all the svchost.exe refereneces to my system.
Lordie!!!!!! my reference... ha! Thank you for helping
ASKER
I ran Process Explorer and listed those references above... those were all the svchost.exe references.
What do you think?
What do you think?
>svchost.exe 0x7c9105f8 at 0x00000010<
Have you (or can you?) temporarily change your Automatic update from Auto to Manual, and see if problem resolved? Control panel > double click "System" icon. Select Auto updates tab, and check(tick). Reboot.
If resolved there's no problem remaining in 'manual', except your need to regularly check for updates, every week(?) or so.
This may be your *best* option!
You could also review your update history & look for obvious problems.
You could check for the hotpack fix KB927891 which was probably the one you referred to earlier.
Further help>
"A description of Svchost.exe in Windows XP Pro":
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056
also ..
" ... system may appear to become unresponsive when you try to install an update from Windows Update ..."
http://support.microsoft.com/kb/927891/en-us
There are some temporary Solutions listed here together with some good advice >
http://ask-leo.com/how_do_i_fix_this_high_cpu_usage_svchost_virus_or_whatever_it_is.html
Finally, and failing all else, you may wish to consider a repair install although there would be *no* guarantees of an 'update fix'.
"How to Perform a Windows XP Repair Install":
http://www.michaelstevenstech.com/XPrepairinstall.htm
Or, as a last resort this >
"Clean Install Windows XP":
http://www.michaelstevenstech.com/cleanxpinstall.html
Have you (or can you?) temporarily change your Automatic update from Auto to Manual, and see if problem resolved? Control panel > double click "System" icon. Select Auto updates tab, and check(tick). Reboot.
If resolved there's no problem remaining in 'manual', except your need to regularly check for updates, every week(?) or so.
This may be your *best* option!
You could also review your update history & look for obvious problems.
You could check for the hotpack fix KB927891 which was probably the one you referred to earlier.
Further help>
"A description of Svchost.exe in Windows XP Pro":
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056
also ..
" ... system may appear to become unresponsive when you try to install an update from Windows Update ..."
http://support.microsoft.com/kb/927891/en-us
There are some temporary Solutions listed here together with some good advice >
http://ask-leo.com/how_do_i_fix_this_high_cpu_usage_svchost_virus_or_whatever_it_is.html
Finally, and failing all else, you may wish to consider a repair install although there would be *no* guarantees of an 'update fix'.
"How to Perform a Windows XP Repair Install":
http://www.michaelstevenstech.com/XPrepairinstall.htm
Or, as a last resort this >
"Clean Install Windows XP":
http://www.michaelstevenstech.com/cleanxpinstall.html
Scroll to "Step 6 - Services" for information on some of those XP Services you are running >
"Optimize XP":
http://mywebpages.comcast.net/SupportCD/OptimizeXP.html
"Optimize XP":
http://mywebpages.comcast.net/SupportCD/OptimizeXP.html
Please check the following
https://www.experts-exchange.com/questions/22570293/SVCHOST-EXE-causing-CPU-to-run-at-100.html
Regards