Solved

How can I repair a very bad SVCHOST.EXE error?   System becoming increasingly unstable

Posted on 2007-12-01
20
3,110 Views
Last Modified: 2013-12-01
I do not know what caused this.  It has been present for the last three days.  I was browsing when it happened and I also get the alerts frequetly after booting and arriving at my desktop.  I am running Windows XP Media Edtion.   Suddenly I started getting errors that read svchost.exe error 0x00000000 can not be written at 0x00000000.  This alternates with the more commonly 0x7c9105f8 cannot be written at 0x00000010.   I have read everywhere I can and found that somehow it is an automatic update problem with Microsoft.  I called Microsoft (India) was transferred to three different people.  They finally installed a hotfix and directed me to housecall.trendmicro.com. I have run my stystem through the check several times. I have used Registry Mechanic, Reg Cure, Ccleaner.  I have done a system restore to two weeks ago.  No the problem is even worse.  I was afraid I wasn't even going to be able to get into my browser to post this.  I am flabbergasted. I have read that lots of people of had the error, but no real fix.  Could some wonderful person help me with this?   Thank you so much in advance.  I have a Dell XPS 4000, 2 gigs RAM, Creative Sound  Blaster X-FI , 40 gig, etc... I'm desparate.
0
Comment
Question by:mrwayyne
  • 9
  • 5
  • 4
  • +2
20 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
 Hi mrwayyne
    Please check the following
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22570293.html

Regards
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Are you sure this has something to do with windows updates? sometimes nasties can camouflage

svchost.exe.  It won't hurt to make sure that the system is free from any nasties, you can also try either of these tools.

1. SUPERAntispyware:
http://www.superantispyware.com/

2.  Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.


3.  Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please or attch the logfile using "Attach Code Snippet"

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 
LVL 10

Expert Comment

by:Cro0707
Comment Utility
I think that after all, you will need to re-format your HDD and install OS again. This is best thing that you can do.

It seams that your system files are badly demaged.

Hope this help!
0
 

Author Comment

by:mrwayyne
Comment Utility
Here is the HiJack This scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\W Blakely\Local Settings\Temporary Internet Files\Content.IE5\6P1GU6IP\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175995627421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12804 bytes
0
 

Author Comment

by:mrwayyne
Comment Utility
HERE IS THE LOG FROM COMBOFIX
ComboFix 07-12-02.5 - W Blakely 2007-12-01 23:21:27.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1279 [GMT -8:00]

Running from: C:\Documents and Settings\W Blakely\Local Settings\Temporary Internet Files\Content.IE5\6SETYUVW\ComboFix[1].exe

 * Created a new restore point

.
 

(((((((((((((((((((((((((   Files Created from 2007-11-02 to 2007-12-02  )))))))))))))))))))))))))))))))

.
 

2007-12-01 10:33 . 2007-12-01 10:33	<DIR>	d--------	C:\Program Files\Smartparts

2007-12-01 08:13 . 2007-12-01 08:23	<DIR>	d--------	C:\Program Files\RegCure

2007-12-01 08:03 . 2007-12-01 08:11	<DIR>	d--------	C:\Program Files\XoftSpySE

2007-12-01 06:40 . 2007-12-01 07:54	<DIR>	d--------	C:\Program Files\PC Doc Pro

2007-11-30 18:44 . 2007-11-30 18:45	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller

2007-11-29 17:51 . 2007-11-29 17:51	<DIR>	d--------	C:\Program Files\Windows Live Favorites

2007-11-28 18:25 . 2007-11-28 18:25	<DIR>	d--------	C:\Program Files\TeamViewer3

2007-11-28 18:25 . 2007-11-28 18:25	<DIR>	d--------	C:\Documents and Settings\W Blakely\Application Data\TeamViewer

2007-11-28 18:24 . 2007-11-28 18:24	<DIR>	d--------	C:\Documents and Settings\W Blakely\temp

2007-11-17 09:46 . 2007-11-17 09:54	<DIR>	d--------	C:\WINDOWS\system32\MappedUp dir

2007-11-17 09:46 . 2007-11-17 09:46	532,480	--a------	C:\WINDOWS\system32\MappedUp.scr

2007-11-13 18:58 . 2007-11-13 19:03	<DIR>	d--------	C:\Program Files\Opera

2007-11-09 16:55 . 2007-11-09 16:55	<DIR>	d--------	C:\Program Files\iTunes

2007-11-09 16:55 . 2007-11-09 16:55	<DIR>	d--------	C:\Program Files\iPod

2007-11-09 16:54 . 2007-11-09 16:54	<DIR>	d--------	C:\Program Files\Common Files\Apple

2007-11-09 10:33 . 2007-11-30 18:53	54,156	--ah-----	C:\WINDOWS\QTFont.qfn

2007-11-09 10:33 . 2007-11-09 10:33	1,409	--a------	C:\WINDOWS\QTFont.for

2007-11-09 07:19 . 2007-11-09 07:20	<DIR>	d--------	C:\Program Files\QuickTime

2007-11-09 07:19 . 2007-11-09 07:19	<DIR>	d--------	C:\Program Files\Apple Software Update

2007-11-07 17:54 . 2007-11-07 17:54	<DIR>	d--------	C:\Documents and Settings\W Blakely\vw

2007-11-07 17:53 . 2007-11-07 17:57	<DIR>	d--------	C:\Program Files\VisualRoute Lite Edition

2007-11-07 17:32 . 2004-08-10 02:00	35,328	--a------	C:\WINDOWS\system32\iprip.dll

2007-11-07 17:32 . 2004-08-10 02:00	35,328	--a------	C:\WINDOWS\system32\dllcache\iprip.dll

2007-11-07 17:32 . 2004-08-10 02:00	18,944	--a------	C:\WINDOWS\system32\simptcp.dll

2007-11-07 17:32 . 2004-08-10 02:00	18,944	--a------	C:\WINDOWS\system32\dllcache\simptcp.dll

2007-11-07 17:23 . 2007-11-07 17:26	<DIR>	d--------	C:\Program Files\MSECACHE

2007-11-04 07:26 . 2007-11-04 07:26	<DIR>	d--------	C:\Documents and Settings\W Blakely\Application Data\Apple Computer

2007-11-04 07:24 . 2007-11-04 07:42	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-11-04 07:24 . 2007-11-04 07:24	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple

2007-11-03 17:07 . 2007-02-06 15:03	129,784	---------	C:\WINDOWS\system32\pxafs.dll

2007-11-03 17:07 . 2007-02-02 02:00	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe

2007-11-03 17:07 . 2007-01-09 00:00	116,472	---------	C:\WINDOWS\system32\pxcpyi64.exe

2007-11-03 17:06 . 2007-11-03 17:06	<DIR>	d--------	C:\Program Files\muvee Technologies

2007-11-03 17:06 . 2007-11-03 17:07	<DIR>	d--------	C:\Program Files\Common Files\muvee Technologies

2007-11-03 17:06 . 2007-11-03 17:06	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\muvee Technologies

2007-11-03 13:49 . 2007-11-03 16:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Corel
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-02 07:27	---------	d-----w	C:\Program Files\Symantec AntiVirus

2007-12-02 07:20	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\MSN6

2007-12-01 03:55	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-01 03:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-01 02:46	---------	d-----w	C:\Program Files\Windows Live

2007-12-01 02:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller

2007-11-30 21:23	---------	d-----w	C:\Program Files\Spyware Terminator

2007-11-30 21:23	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2007-11-30 19:00	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\Spyware Terminator

2007-11-30 01:52	---------	d-----w	C:\Program Files\Windows Live Toolbar

2007-11-28 02:10	4,390	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys

2007-11-27 03:43	579,312	----a-w	C:\WINDOWS\AppPatch\WindowsXP-KB909918-v2-x86-ENU.exe

2007-11-23 17:54	---------	d-----w	C:\Program Files\Lavasoft

2007-11-22 01:33	---------	d-----w	C:\Program Files\360Share Pro

2007-11-10 20:12	---------	d-----w	C:\Program Files\Jasc Software Inc

2007-11-04 01:06	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2007-11-04 01:06	---------	d-----w	C:\Program Files\Corel

2007-11-03 23:06	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\Corel

2007-11-03 23:05	---------	d-----w	C:\Program Files\Common Files\Corel

2007-11-01 01:59	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\Jasc

2007-10-27 17:38	---------	d-----w	C:\Program Files\HP Photosmart 11

2007-10-26 15:51	---------	d-----w	C:\Program Files\Hp

2007-10-26 03:34	8,460,288	----a-w	C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-21 23:15	---------	d-----w	C:\Program Files\Paltalk Messenger

2007-10-21 15:21	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\Paltalk

2007-10-21 05:21	---------	d-----w	C:\Program Files\Java

2007-10-19 01:22	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\Viewpoint

2007-10-19 01:22	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-10-18 19:31	51,224	----a-w	C:\WINDOWS\system32\sirenacm.dll

2007-10-13 14:50	---------	d-----w	C:\Program Files\MTV Networks

2007-10-13 03:13	---------	d-----w	C:\Program Files\DFX

2007-10-13 03:13	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard

2007-10-13 03:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DFX

2007-10-11 00:43	584,704	----a-w	C:\WINDOWS\WLXPGSS.SCR

2007-10-07 15:33	---------	d--h--w	C:\Program Files\Creative Installation Information

2007-10-07 15:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Creative

2007-10-07 15:23	---------	d-----w	C:\Program Files\Creative

2007-10-05 02:17	---------	d-----w	C:\Program Files\Last.fm

2007-10-05 02:17	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Last.fm

2007-10-05 02:09	---------	d-----w	C:\Documents and Settings\All Users\Application Data\LogiShrd

2007-10-05 02:03	0	-c-ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-10-05 02:03	0	-c-ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2007-10-05 02:03	0	-c-ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2007-10-05 02:02	---------	d-----w	C:\Program Files\Common Files\Logitech

2007-10-05 02:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logitech

2007-10-04 00:32	---------	d-----w	C:\Documents and Settings\W Blakely\Application Data\LimeWire

2007-09-17 09:10	356,352	----a-w	C:\WINDOWS\system32\NVUNINST.EXE

2007-09-17 09:10	356,352	----a-w	C:\WINDOWS\system32\nvudisp.exe

2007-09-17 08:07	81,920	----a-w	C:\WINDOWS\system32\nvwddi.dll

2007-09-17 08:07	81,920	----a-w	C:\WINDOWS\system32\nvmctray.dll

2007-09-17 08:07	8,491,008	----a-w	C:\WINDOWS\system32\nvcpl.dll

2007-09-17 08:07	753,664	----a-w	C:\WINDOWS\system32\nvcplui.exe

2007-09-17 08:07	6,853,088	----a-w	C:\WINDOWS\system32\dllcache\nv4_mini.sys

2007-09-17 08:07	6,746,112	----a-w	C:\WINDOWS\system32\nvoglnt.dll

2007-09-17 08:07	6,344,704	----a-w	C:\WINDOWS\system32\nvdisps.dll

2007-09-17 08:07	5,783,040	----a-w	C:\WINDOWS\system32\nv4_disp.dll

2007-09-17 08:07	466,944	----a-w	C:\WINDOWS\system32\nvshell.dll

2007-09-17 08:07	45,056	----a-w	C:\WINDOWS\system32\nvmccsrs.dll

2007-09-17 08:07	442,368	----a-w	C:\WINDOWS\system32\nvappbar.exe

2007-09-17 08:07	425,984	----a-w	C:\WINDOWS\system32\keystone.exe

2007-09-17 08:07	364,544	----a-w	C:\WINDOWS\system32\nvapi.dll

2007-09-17 08:07	36,864	----a-w	C:\WINDOWS\system32\nvcodins.dll

2007-09-17 08:07	36,864	----a-w	C:\WINDOWS\system32\nvcod.dll

2007-09-17 08:07	307,200	----a-w	C:\WINDOWS\system32\nvexpbar.dll

2007-09-17 08:07	3,551,232	----a-w	C:\WINDOWS\system32\nvvitvs.dll

2007-09-17 08:07	3,334,144	----a-w	C:\WINDOWS\system32\nvgames.dll

2007-09-17 08:07	286,720	----a-w	C:\WINDOWS\system32\nvnt4cpl.dll

2007-09-17 08:07	229,376	----a-w	C:\WINDOWS\system32\nvmccs.dll

2007-09-17 08:07	2,371,584	----a-w	C:\WINDOWS\system32\nvwss.dll

2007-09-17 08:07	188,416	----a-w	C:\WINDOWS\system32\nvmccss.dll

2007-09-17 08:07	155,716	----a-w	C:\WINDOWS\system32\nvsvc32.exe

2007-09-17 08:07	147,456	----a-w	C:\WINDOWS\system32\nvcolor.exe

2007-09-17 08:07	1,703,936	----a-w	C:\WINDOWS\system32\nvwdmcpl.dll

2007-09-17 08:07	1,626,112	----a-w	C:\WINDOWS\system32\nwiz.exe

2007-09-17 08:07	1,478,656	----a-w	C:\WINDOWS\system32\nview.dll

2007-09-17 08:07	1,339,392	----a-w	C:\WINDOWS\system32\nvdspsch.exe

2007-09-17 08:07	1,150,976	----a-w	C:\WINDOWS\system32\nvmobls.dll

2007-09-17 08:07	1,019,904	----a-w	C:\WINDOWS\system32\nvwimg.dll

.
 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]

"Power2GoExpress"="" []

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 02:00 C:\WINDOWS\system32\rundll32.exe]

"CTHelper"="CTHELPER.EXE" [2006-12-12 09:46 C:\WINDOWS\system32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 09:46 C:\WINDOWS\system32\Ctxfihlp.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 04:56]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 08:01]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 15:07]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 04:46]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]

"PCMService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2004-09-09 19:58]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03]

"LoadMSvcmm"="C:\Program Files\Movielink\MovielinkManager\Movielink User.exe" [2006-11-03 12:33]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 06:37]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18]

"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 11:07]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 17:34]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-12 17:41:11]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsMenu"= 01000000

"NoSetFolders"= 0 (0x0)

"NoRecentDocsHistory"= 1 (0x1)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-06 22:46	57344	--a------	C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2006-02-09 14:34	106496	--a------	C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

			C:\Program Files\Dell Support\DSAgnt.exe /startup

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EntriqMediaTray]

2006-05-01 09:56	122880	--a------	C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
 

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys

S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc	p2psvc p2pimsvc p2pgasvc PNRPSvc
 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-01 00:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-12-02 07:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2007-01-25 01:41:56 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"

- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1

"2007-12-02 07:28:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2007-12-02 07:27:16 C:\WINDOWS\Tasks\RegCure Program Check.job"

"2007-12-01 16:13:31 C:\WINDOWS\Tasks\RegCure.job"

- C:\Program Files\RegCure\RegCure.exe

"2007-12-02 07:27:15 C:\WINDOWS\Tasks\XoftSpySE 2.job"

"2007-12-01 16:03:26 C:\WINDOWS\Tasks\XoftSpySE.job"

- C:\Program Files\XoftSpySE\XoftSpy.exe

.

**************************************************************************
 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-01 23:31:10

Windows 5.1.2600 Service Pack 2 NTFS
 

scanning hidden processes ... 
 

scanning hidden autostart entries ...
 

scanning hidden files ... 
 

scan completed successfully 

hidden files: 0 
 

**************************************************************************

.

Completion time: 2007-12-01 23:31:45 - machine was rebooted

.

	--- E O F ---

Open in new window

0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Your HijackThis log file looks pretty clean, although it's still *conceivable* there is a rootkit.  Checking ComboFix log now.
 
Hopefully a re-format will not be necessary, there 's a lot of good people out here helping!

You'll find some further suggestions here, for example, the problem in this previous thread proved to be Spyware >  
"The service SVchost is using the 100 % of my processor":
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22990995.html
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 500 total points
Comment Utility
Meanwhile here's a very good article >

"How to fix svchost.exe errors and problems with high CPU usage":
http://www.online-tech-tips.com/computer-tips/how-to-fix-svchostexe-errors-and-problems-with-high-cpu-usage/
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
ComboFix log 'appears' clean, although expert rpggamergirl may possibly spot something 'nasty'!
Inclined therefore to believe that it may well be the 'update issue', as first suggested by MrHusy, so you could try Process Explorer, the details of which are included in the previous two comments.  
Please post back whenever you need further assistance from us.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
"Are you sure this has something to do with windows updates? sometimes nasties can camouflage "
and sometimes easiests are missed :)
   mrwayyne, did you have time to follow my steps?
0
 

Author Comment

by:mrwayyne
Comment Utility
MrHusy I did not implement that batch file.  I'm not sure how to do that. I need step by step instructions. I don't want to make the wrong move and mess it up more.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:mrwayyne
Comment Utility
This is really getting complex.  The computer no longer recognizes when outside memory objects are inserted. ie: camera, flash memory, inserted CD's.  

Also, when I go to print off pages with your individual instructions, a blank page prints, regardless what my page set up is.  Obviously I would need these instructions printed to follow each of the steps precisely.

Also sound does not work if I go to an onsite music service such as Pandora.
0
 

Author Comment

by:mrwayyne
Comment Utility
I fear I am going to have to scrap my whole computer, losing pictures, word documents, etc.  I can't believe this is happening.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
mrwayyne:
  there is no need for a batch file. Please follow step by step

Verify Windows Update Service Settings

    * Click on Start, Run and type the following command in the open box and click OK

      services.msc

    * Find the Automatic Updates service and double-click on it.
    * Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.
    * Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.
    * On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.
    * Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.
    * Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)"

Re-Register Windows Update DLLs

    * Click on Start, Run, and type CMD and click ok
    * In the black command window type the following command and press Enter

      REGSVR32 WUAPI.DLL

    * Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK
    * Repeat the last two steps above for each of the following commands (I know you already did but please repeat again after above)

      REGSVR32 WUAUENG.DLL
      REGSVR32 WUAUENG1.DLL
      REGSVR32 ATL.DLL
      REGSVR32 WUCLTUI.DLL
      REGSVR32 WUPS.DLL
      REGSVR32 WUPS2.DLL
      REGSVR32 WUWEB.DLL

Remove Corrupted Windows Update Files

    * At the command prompt, type the following command and press Enter

      net stop WuAuServ
    * Still at the command prompt,

      type cd %windir% and press Enter
    * In the opened folder, type the following command and press Enter to rename the SoftwareDistribution Folder

      ren SoftwareDistribution SD_OLD
    * Restart the Windows Update Service by typing the following at the command prompt

      net start WuAuServ

    * type Exit and Press Enter to close the command prompt

Reboot Windows

    * click on Start, Shut Down, and Restart to reboot Windows XP

Regards
     
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
If above doesnt work, I would recommend
   Start>Run> sfc /scannow   and insert windows cd when asked
0
 

Author Comment

by:mrwayyne
Comment Utility
Ok... I have followed your instructions.  I have not gotten another warning.  However I am having problems with nothing printing from my printer.  The stystems does not regcognize where it is and will not print anything.  It seems that either in the bios... or somewhere... the computer has been told not to recognize any external devices. So when I insert a cd ... nothing happens, camera, printer ...etc.
Now that I have followed your instructions, do I need to go to the windows update site and do anything?
0
 

Author Comment

by:mrwayyne
Comment Utility
I spoke too soon. On a reboot, the same svchost.exe 0x7c9105f8 at 0x00000010  is referenced.  Dang this is frustrating.  Seems like Microsoft should be responsible for this if it is a Update error caused by Microsoft.   Thank you for all of your help and suggestions.  I am very grateful.  It's just not looking good.
Wayne
0
 

Author Closing Comment

by:mrwayyne
Comment Utility
ok... System Idle Process stays at about 98% when I hover over the svchost.exe places listed, I get things like DCOM Server Process Launcher [DcomLaunch] Terminal Services [TermService]   and   Remote Procedure Call (RPC)  and DNS Client [Dnscache] and Remote Registry [RemoteRegistry] TCP/IP NetBIOS Helper [LmHosts] Universal Plug and Play Device Host [upnphost] Web Client [WebClient] and HTTP SSL [HTTP Filter] and SSDP Discovery Service [SSDPSRV]   and.... this one...  Background Intelligent Transfer Service [BITS]  COM+Even System[EventSystem]  Help and Support [helpsvc] Network Connections [Netman] Network Location Awareness ([NLA) [Nla] Remote Access Connection Manager [RasMan] System Event Notification [SENS] Task Scheduler [Schedule] Tellephone [TapiSrv]  Themes [Themes]  Windows Management Instrumentation [winmgmt]

Those are all the svchost.exe refereneces to my system.

Lordie!!!!!!  my reference... ha!  Thank you for helping
0
 

Author Comment

by:mrwayyne
Comment Utility
I ran Process Explorer and listed those references above... those were all the svchost.exe references.
What do you think?
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
>svchost.exe 0x7c9105f8 at 0x00000010<
Have you (or can you?) temporarily change your Automatic update from Auto to Manual, and see if problem resolved?   Control panel > double click "System" icon.  Select Auto updates tab, and check(tick).  Reboot.
If resolved there's no problem remaining in 'manual', except your need to regularly check for updates, every week(?) or so.  
This may be your *best* option!

You could also review your update history & look for obvious problems.  
You could check for the hotpack fix KB927891 which was probably the one you referred to earlier.

Further help>
"A description of Svchost.exe in Windows XP Pro":
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056
also ..
" ... system may appear to become unresponsive when you try to install an update from Windows Update ..."
http://support.microsoft.com/kb/927891/en-us

There are some temporary Solutions listed here together with some good advice >
http://ask-leo.com/how_do_i_fix_this_high_cpu_usage_svchost_virus_or_whatever_it_is.html

Finally, and failing all else, you may wish to consider a repair install although there would be *no* guarantees of an 'update fix'.
"How to Perform a Windows XP Repair Install":
http://www.michaelstevenstech.com/XPrepairinstall.htm

Or, as a last resort this >
"Clean Install Windows XP":
http://www.michaelstevenstech.com/cleanxpinstall.html
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Scroll to "Step 6 - Services" for information on some of those XP Services you are running >
"Optimize XP":
http://mywebpages.comcast.net/SupportCD/OptimizeXP.html
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
I wrote an article (http://www.experts-exchange.com/articles/2245/Anti-rootkit-software.html) some time ago with a reference to nLite  (http://www.nliteos.com/)slipstreaming software.  I recently changed that link to point to NTLite (https://www.ntl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now