1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe

Discussion in 'Windows XP' started by sirsleepy, Jan 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. sirsleepy

    sirsleepy Thread Starter

    Joined:
    Sep 12, 2001
    Messages:
    200
    i have 5 svchost.exe running right now i don't know why i had kazaa but got rid of it too many popups and used adaware nothing else found..no viruses..any help?
     
  2. Bryan

    Bryan

    Joined:
    Jul 3, 1999
    Messages:
    11,943
    First Name:
    Bryan
    It's perfectly normal to have multiple instances of that Windows component running. It's nothing to worry about. <a href=http://www.igknighttec.com/Windows/WindowsXP/svchost_exe.php> This</a> explains that .exe in a little more detail.
     
  3. Yankee Rose

    Yankee Rose

    Joined:
    Jul 14, 1999
    Messages:
    1,861
    Hi there -

    See if <a href="http://www.sophos.com/virusinfo/analyses/trojunreala.html">this</a> link provides any help.

    Good luck. :)
     
  4. sirsleepy

    sirsleepy Thread Starter

    Joined:
    Sep 12, 2001
    Messages:
    200
    here is whats on my startup

    StartupList report, 1/19/2003, 4:00:23 PM
    StartupList version: 1.50
    Started from : C:\Documents and Settings\Owner\Desktop\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\xcommsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\socks.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    UltraMon.lnk = ?

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    hpsysdrv = c:\windows\system\hpsysdrv.exe
    KBD = C:\HP\KBD\KBD.EXE
    Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    IgfxTray = C:\WINDOWS\System32\igfxtray.exe
    HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
    PS2 = C:\WINDOWS\system32\ps2.exe
    HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    UpdReg = C:\WINDOWS\Updreg.exe
    Speed racer = C:\Program Files\Creative\SBPCI5122k\PlayCenter\CTSRReg.exe
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
    Popup Ad Filter = C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    WebCamRT.exe =

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

    (Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=scorillont.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    *Registry value not found*
    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry key not found*
    HKLM\..\Policies: *Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\DAP\DAPIEBar.dll - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}
    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\WINDOWS\System32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}
    (no name) - C:\Program Files\Failsafe\GuardIE\PnIE.dll - {D2F719F3-106A-402B-9996-3A5B12ACA564}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    ISP signup reminder 2.job
    ISP signup reminder 3.job
    Norton AntiVirus - Scan my computer.job
    Registration reminder 1.job
    Registration reminder 3.job
    Symantec NetDetect.job
    {F897AA24-BDC3-11D1-B85B-00C04FB93981}_SLEEP1_Owner.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

    [AcDcToday Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX
    CODEBASE = file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

    [RegConfig Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregcfg.dll
    CODEBASE = http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37619.8940393519

    [YahooYMailTo Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
    CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

    [NOXLATE-BANR]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\InstBanr.ocx
    CODEBASE = file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

    [InstaFred]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
    CODEBASE = file://C:\Program Files\AutoCAD 2002\InstFred.ocx

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [AcPreview Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX
    CODEBASE = file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

    --------------------------------------------------
    End of report, 10,209 bytes
    Report generated in 0.531 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  5. JackNaylorPE

    JackNaylorPE

    Joined:
    Jan 22, 2003
    Messages:
    8
    Run AdAware (www.lavasoftusa.com) or another spyware tool to remove any Kazaa leftovers. Svchost basically serves as a marker for other window services, one of which is Windows Update 2.0 which gets installed w/ SP3 and you can NOT uninstall it.

    WU basically gives Mr. Bill root level access to your hard drive for whatever reasons MS deems appropriate. You can STOP the WU service from running by following the hack descrbed here.

    http://212.100.234.54/content/archive/26750.html
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114178

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice