SVCHOST trojan

helloo
all went smooth ieplorer flash player works.
didnt update firefox.
the site i mostly use it for the older version allows option the newer doesnt.
pc has been running without the lag (except iexplorer which is their factory defect)
mbam had no select drives option, thjought it should..



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DAD :: DJJXF091 [administrator]

3/20/2012 7:12:38 PM
mbam-log-2012-03-20 (19-12-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222105
Time elapsed: 12 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
oops
forgot this happened when opening firefox after last instructions.

warning unresponsive script
A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: file:///C:/Program%20Files/Mozilla%20Firefox/components/nsAddonRepository.js:342
 
Hi musicalpulltoy,

Thank you for the log file and feedback, once again.

Regarding the Firefox unresponsive script warning, this Mozilla Help Page will help to provide a better understanding of the causes as well as possible solutions to such issues.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Re-Run ERUNT

Please backup the registry with ERUNT again before proceeding with the rest of the instructions.

Step 2:
Java Runtime Environment Update Needed!

Your Java Runtime Environment is out of date. The latest currently available version is Java 7 Update 3.
The program can be updated simply by using the Java control panel.

  1. Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup).
  2. Then under the Update tab click on the Update Now button.
  3. The update process should then commence.
    Note: There may be a short delay before the Update window appears. Please be patient.
  4. Just follow the prompts to complete the update.
  5. Repeat the instructions no further updates are available.
Step 3:
ESET NOD32 Online Scan

Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then double-click on it to install.
Click to expand...
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.

Please go to ESET Online Scanner - © ESET (All Rights Reserved) to run an online scan.
** Make sure you are using an account that has Administrative privileges **
  1. Click on the ESET Online Scanner button.
  2. Check the box next to "YES, I accept the Terms of Use."
  3. Click Start.
    A window will open. It may appear nothing is happening, but please be patient.
  4. Click Yes to the run ActiveX prompt.
  5. Click Install at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  6. Click on the Start button.
    Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are. If not set, please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  7. Click on the Start button.
    ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
  8. Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
  9. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
  10. Copy and Paste the entire contents of log.txt into your next reply.
Remember to re-enable your Anti-virus protection before continuing!

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. log.txt.
  3. How is the computer now running?

Scolabar
 
Hi musicalpulltoy,

It is not not uncommon for the Java update utility to erroneously report that the program is up-to-date. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Check Java RE Version

You can check the version as follows:

  1. Select Start > Control Panel > Programs.
  2. Double-click on the Java icon.
  3. Then under the General tab click on the About... button.
  4. Please post the version and build that is displayed in the pop-up window in your next reply.
If the version reported is Version 7 Update 3 please continue with Step 3 below.

Otherwise, please continue as follows:

Step 2:
Java Runtime Environment Update Needed!

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION:
  1. Get the latest version of Java Runtime Environment (JRE) © Oracle Corporation.
  2. Look for Java SE 7u3.
  3. Click on the JRE Download button to the right.
  4. Then check the Accept License Agreement option.
  5. Locate the entry for Windows x86 (32-bit) Offline, click on the file name jre-7u3-windows-i586.exe and save the file to your Desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS:
  1. Close any programs you may have running - especially your web browser.
  2. Click on Start > Control Panel > Programs.
    • Depending on your current view setting, then:
    • Double-click on Programs and Features.
    • Under Programs, click on Uninstall a program and remove all older versions of Java as follows:
  3. Scroll down to locate the following program(s):
    • Java(TM) 7

  4. Select the program and click on Uninstall to uninstall it.
  5. When finished Close the Control Panel window.
Delete Old Java Folder
  • Click on Start > Computer.
  • Then navigate to and find the following folder: if found, delete it.
    It is possible it may have been removed by the uninstall steps.
    C:\Program Files\Java\ <==== delete this entire folder
  • When finished, Close and Exit Explorer.
INSTALL UPDATED VERSION:
  1. Close all open applications (standard), especially your browser.
  2. From the Desktop double-click on jre-7u3-windows-i586.exe to install the latest version.
  3. Follow the on-screen instructions. When the installation has completed successfully, Reboot your computer normally.
  4. Once the computer has been restarted, you can delete the downloaded installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time:
  1. Click on Start > Control Panel > Programs and then click on the JAVA icon.
  2. Click on the Update tab and UNCHECK the Check for Updates Automatically option. (You can check for updates manually.)
    • Reply Never Check to the warning prompt.
  3. Now click on the Advanced tab and then click on the [+] to expand the Miscellaneous options.
  4. UNCHECK the Java Quick Starter option.
  5. Click on the Apply button and then the OK button to save the changes.
  6. Then Close the Java Control Panel and Close and Exit Control Panel.
Step 3:
ESET NOD32 Online Scan

Please complete the instructions to perform an ESET Online Scan ad return the conents of the log file as provided in my last post.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. What is the version and build of your existing Java Runtime Environment installation?
  3. log.txt.
  4. How is the computer now running?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
OMG
5 bugs!
java went ok , old version. version 7 (build 1.7.0-b147)
i had to shred files before i could delete java folder which brings to mind the lack of control over changes made to windows on restart it reverts back to old settings.
now the internet connection is visable in task bar, properties showed connections for a few skype, MANY teredo, 1 xbox.
these are not mine. (i connect through a neighbor sshh) deleted them but expect them to return.
firefox crashed first try to get eset scan.
scan ran fine.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:27:46
# local_time=2011-08-05 09:27:46 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695383 57695383 0 0
# compatibility_mode=1032 16777189 100 96 0 54898058 0 0
# compatibility_mode=3073 16777213 80 75 0 3864752 0 0
# compatibility_mode=8192 67108863 100 0 8844948 8844948 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:37:59
# local_time=2011-08-05 09:37:59 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695996 57695996 0 0
# compatibility_mode=1032 16777189 100 96 0 54898671 0 0
# compatibility_mode=3073 16777213 80 75 0 3865365 0 0
# compatibility_mode=8192 67108863 100 0 8845561 8845561 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 08:14:43
# local_time=2011-08-05 01:14:43 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57699660 57699660 0 0
# compatibility_mode=1032 16777189 100 96 0 54902335 0 0
# compatibility_mode=3073 16777213 80 75 0 3869029 0 0
# compatibility_mode=8192 67108863 100 0 8849225 8849225 0 0
# scanned=84663
# found=2
# cleaned=2
# scan_time=9363
C:\Documents and Settings\DAD\Desktop\sdsdSDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 06:22:14
# local_time=2011-09-04 11:22:14 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 60284175 60284175 0 0
# compatibility_mode=1032 16777189 100 96 0 57486850 0 0
# compatibility_mode=8192 67108863 100 0 11433740 11433740 0 0
# compatibility_mode=9217 16777214 75 70 0 13793770 0 0
# scanned=87571
# found=1
# cleaned=0
# scan_time=10101
E:\My Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 04:05:55
# local_time=2012-02-10 09:05:55 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 74018595 74018595 0 0
# compatibility_mode=1024 16777191 100 0 2321829 2321829 0 0
# compatibility_mode=8192 67108863 100 0 25168160 25168160 0 0
# compatibility_mode=9217 16777214 75 4 6708834 6708834 0 0
# scanned=95468
# found=0
# cleaned=0
# scan_time=5160
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-23 09:32:04
# local_time=2012-03-23 02:32:04 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 77666727 77666727 0 0
# compatibility_mode=1024 16777191 100 0 5969961 5969961 0 0
# compatibility_mode=8192 67108863 100 0 28816292 28816292 0 0
# compatibility_mode=9217 16777214 75 4 10356966 10356966 0 0
# scanned=95073
# found=5
# cleaned=0
# scan_time=5334
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
E:\MOVED DESKTOP\cnet_aports_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
 
Hi musicalpulltoy,

Thank you for the log and update.

musicalpulltoy said:
oh yea....it seems be running little better
Click to expand...
That's good news. :bigthumb:

A number of those ESET detections will be dealt with as part of the final instructions I provide.

In the meantime, again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Temporarily Disable Active Security Tools

Please temporarily disable your real-time security protection using the instructions provided previously before continuing.

Step 2:
OTL - Script

  1. Double-click on OTL.exe. If you receive a UAC prompt, please allow it.
  2. Copy and Paste the following code into the
    customFix.png
    textbox. Do not include the word Code.
    Code: 
    :files
E:\MOVED DESKTOP\cnet_aports_zip.exe
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe

:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[REBOOT]
  3. Then click the Run Fix button at the top.
  4. Click
    btnOK.png
    .
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Remember to re-enable your real-time security protection.

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL Fix Log.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
hello
all went smooth.

All processes killed
========== FILES ==========
E:\MOVED DESKTOP\cnet_aports_zip.exe moved successfully.
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: DAD
->Temp folder emptied: 3340012 bytes
->Temporary Internet Files folder emptied: 12891474 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49786143 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 990152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 995304 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1132540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.37.1 log created on 03242012_103929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Hi musicalpulltoy,

Congratulations! I can now confirm that your system now appears to be clean. :2thumb:

Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items:

Step 1:
Housekeeping

It's now time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer. :cleaning:
OTL - Cleanup

  1. Double-click on OTL.exe to launch the program. If you receive a UAC prompt, please allow it.
    This will remove most, if not all, of the tools we used to clean your PC.
  2. Close all other programs apart from OTL as this step will require a reboot.
  3. On the OTL main screen, press the CleanUp! button.
  4. Click on the Yes button at the prompt and then allow the program to reboot your computer.
Remove Tools Used

You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.

MBRCheck.exe
MGADiag.exe
RKUnhookerLE.exe
SecurityCheck.exe

Please Note: These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.​

Step 2:
Create Clean System Restore Point

Create a new, clean System Restore point which be used in the event of future system problems:

  1. Click on Start > All Programs > Accessories > System Tools > System Restore.
  2. Select the Create a restore point option then click on Next.
  3. You can name your new Restore Point something like All Clean, for example, and then select Create.
  4. Once the Restore Point has been created you can click on Close.
  5. Now remove old, infected System Restore points:
  6. Next click on Start > Run.
  7. Copy and Paste the following command into the text entry box:
    Code: 
    cleanmgr
  8. Then click on the OK button.
  9. Make sure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
  10. Select the More Options tab, under System Restore and click on the Clean up... button and reply Yes to the prompt.
  11. Click on the OK button and the Yes button to confirm.
Step 3:
Improve Your Computer's Security

MalwareBytes' AntiMalware
It is worth keeping MalwareBytes' AntiMalware on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

Anti-Spyware Programs
I notice you have both the Spybot - Search & Destroy and SUPERAntiSpyware Anti-Spyware products installed both of which have their active protection disabled. I presume these have just been used in stand-alone scanner mode. It would be advisable to remove one of them as running more than one Anti-Spyware product can be less than helpful. Of the two, I would be inclined to keep the Spybot - Search & Destroy program and turn on its active protection.

Below are additional (free) programs that can help improve your computer's security.
Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try. :)

SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from here .

Web of Trust (WOT)
Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
You can find more information about the program and download it from Here .

Panda USB Vaccine
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from Here.​

Step 4:
Further Guidelines

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Anti-virus program and other programs regularly.
Online Secunia Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - Copyright © FileHippo.com
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home

Read, stay informed.
To help minimize the chances of becoming re-infected, please read:
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly

Please let me know when you have read this post and I will arrange to have the topic closed.

Stay Safe! :bigthumb:

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Hi musicalpulltoy,

Please can clarify what you what you mean by:

musicalpulltoy said:
a svchost opens in and when shut down things pick up
Click to expand...

Try to describe exactly what happens and provide any error message(s) you receive.

Did this issue start immediately following the final cleanup instructions or has it started since following further use of the computer?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
hey..
when online page loading goes from good to super slow.
at a restart ( after finding the svchost fake) i wrote down the PID of each svchost running.
when it slowed id shut down the new one and things returned to normal.
go figure ..
 
Hi musicalpulltoy,

Does the slowdown issue recur each time you restart the computer?
If so, please complete the instructions below so we can get a handle on what might be causing the slowdown.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Tasklist Utility - XP Home

Please download the Tasklist Utility for Windows XP Home. Save the file to your Desktop.
Note: If the utility is not saved to the Desktop the following batch query will not work.

Step 2:
Batch - Query

Please follow the instructions below BEFORE killing off the "fake" new svchost process:

  1. Click on Start > Run.
  2. In the text entry box type:

    notepad
  3. Then click on the OK button.
  4. This will open an empty Notepad file.
  5. Copy and Paste the contents of the box below into the Notepad window:
    Code: 
    @echo off
cd "%userprofile%"\desktop
tasklist /svc /fi "imagename eq svchost.exe" > "%userprofile%"\desktop\svclook.txt
notepad.exe "%userprofile%"\desktop\svclook.txt
del %0
exit
  6. Click Format and ensure Wordwrap is Unchecked.
  7. Save as svcquery.bat to the Desktop.
  8. Save as file type All Files otherwise it will not work.
  9. Now double-click on svcquery.bat to allow it to run the query.
    (A command prompt window will flash on the screen briefly.)
  10. Please Copy and Paste the contents of the file svclook.txt into your next reply.
Step 3:
"Fake" New Svchost Process - Feedback

When you shutdown the "fake" new svchost process this time, please make a note of the PID and post that information into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Does the slowdown issue recur each time you restart the computer?
  3. svclook.txt.
  4. What was the PID of the "fake" new svchost process you needed to shutdown?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Hi musicalpulltoy,

It has been over 48 hours since my last post.

  1. Do you still need help?
  2. Do you need more time?
  3. Are you having problems following my instructions?
  4. In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
  5. If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
hi.,.
was busy
when running the query i got "access denied ".
there were 2 pid 672 and2880.
after query 2460 appeared.
no, the new svchost can appear at any time.


Image Name PID Services
========================= ====== =============================================
svchost.exe 1612 DcomLaunch, TermService
svchost.exe 1712 RpcSs
svchost.exe 1884 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 196 Dnscache
svchost.exe 364 LmHosts, SSDPSRV
svchost.exe 672 HTTPFilter
svchost.exe 2880 WudfSvc
svchost.exe 2460 stisvc
 
a second 1
pid 2052 and 3998


Image Name PID Services
========================= ====== =============================================
svchost.exe 1268 DcomLaunch, TermService
svchost.exe 1352 RpcSs
svchost.exe 1432 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 1484 WudfSvc
svchost.exe 1696 Dnscache
svchost.exe 1724 LmHosts, SSDPSRV
svchost.exe 2052 HTTPFilter
svchost.exe 3988 stisvc
 
Hi musicalpulltoy,

Were you logged into an account with administrative privileges when you tried to run the query?
Did you get the "access denied" error the second time you ran the query as well?
Was the "access denied" error a standard Windows error message dialogu box? Or was error generated by the AVG or ZoneAlarm software?

Regarding the second query do you actually mean you killed the services:

musicalpulltoy said:
pid 2052 and 3998
Click to expand...
or do you mean:
pid 2052 and 3988?

Please try running the steps for the query again with both AVG and ZoneAlarm temporarily dsabled.

Have you attached a scanner or camera recently to your computer?
Or have you installed scanner- or camera-related software?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
hiya
yes its an administrator.
3988.
got access denied every time "standard windows".
there is a scanner connected but no new installs.


Image Name PID Services
========================= ====== =============================================
svchost.exe 1268 DcomLaunch, TermService
svchost.exe 1352 RpcSs
svchost.exe 1432 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 1484 WudfSvc
svchost.exe 1696 Dnscache
svchost.exe 1724 LmHosts, SSDPSRV
svchost.exe 2052 HTTPFilter
svchost.exe 3988 stisvc
 
You must log in or register to reply here.
Back
Top