Looking for ideas & help

Hello,

I need some help.

My family has a computer running Windows XP Professional. Last night my brother booted the machine only to be told by Avast AntiVirus that it "is unable to protect SMTP protocolâ€. My brother immediately brought it too my attention since I am the resident computer technician (or so they seem to think).

Anyway, I pressed okay to the error message only to discover that the taskbar was frozen. I did a CTRL-ALT-DEL to bring up the Task Manager. Therein I noticed that a svchost.exe process was using an abnormal amount of CPU time. I promptly stopped the process, which fixed the problem with the taskbar.

Being a little concerned about the error message from Avast, I checked to see if I could use the Internet. I could not. I checked the network cable; it was secure on both ends. I checked the network card; the lights were still on and flashing as though it was trying to communicate with the router. I am writing this now on my own computer that is connected to that router, so I do not believe that it is the problem.

I did a thorough scan with Avast AntiVirus, which to my surprise caught a few viruses. Avast was supposed to be on full auto-protect. Regardless, I do not believe any of the viruses had actually infected the machine. There was nothing in memory and the viruses that it did catch appeared to be sitting in cache or quarantine. Avast had no problem deleting them all.

I did a deep scan with both Ad-Aware and SpyBot. SpyBot did one thing I had never seen before; near the end of its scanning it said "Repairing Network Driversâ€. Otherwise, there was nothing out of the ordinary. Ad-Aware, SpyBot, and Avast had all been updated within the past week.

I rebooted the computer after each scan only to discover the same problems. The taskbar is frozen until I stop the svchost.exe process, and I cannot connect to the Internet.

The next thing I do is disable all non-essential services and all startup entries via msconfig. The problems were all still present after a reboot. I started Windows XP in safe mode with networking, which fixed the taskbar and svchost issue, but not the Internet connectivity.

Thinking it may be a problem with network related files or drivers, I try a few more things. First, I use the SFC to make sure all the system files are fine. No apparent problems. Second, I remove the network connection and add it again. No help. Third, I uninstall and reinstall the drivers for the network card. It doesn’t fix the issues.

Near the end I start disabling, changing, and uninstalling random network components (What can I say, I was running out of ideas and getting frustrated). Surprisingly, when I went into the "Add & Remove Windows Components" and removed all the "networking servicesâ€, it fixed the svchost.exe / taskbar freezing issues. However, it didn’t fix the Internet connection.

Now I am out of ideas and looking for help. I did a search online and was not able to find anything relevant. Please help me, pretty please.

Nadia

 

Thanks for the response TonyT.

I tried all three of your links, but unfortunately, it did not solve the problem.

I followed the steps on PC Hell, but none of the Welchia entries were present. I used both the McAfee and the Symantec tool, neither of them found any viruses.

I wrote down all the viruses that Avast caught when I did my initial scan.

WIN32: Netsky-D
WIN32: Netsky-P
WIN32: Beagle-Y-UNP
WIN32: Beage-Z
WIN32: Damura-U

WIN32: Dumaru was listed on PC Hell as being a similar to WIN32: Welchia. I followed the instructions there, but again found no traces of a virus. I tried scanning the computer with Avast a second time, and it is no longer finding any viruses.

I am back to square one. The svchost.exe is still acting up causing the taskbar to freeze, and I am unable to connect to the Internet. I have no more ideas.

Is there a way to completely remove the networking components in Windows XP and re-install them? Maybe the viruses that were on the system corrupted the networking files. I tried the SFC. It didn't seem to help.

Any more ideas would be greatly appreciated.

Nadia

 

Check C:\Windows\system32\wins for a file named svchost.exe If present, delete it.

 

WIN32: Netsky-D, Netsky-P, Beagle-Y-UNP, Beagle-Z

At a guess, with that group giving you problems you are way behind on both service packs and hot fixes.

The svchost.exe is still acting up causing the taskbar to freeze

Svchost.exe - at least the legit app to be found in the system32 folder - isn't really a program in the sense that it isn't directly doing much on the PC. It acts as a 'wrapper' and will be running one or more applications within an instance of svchost.exe and you should have from two to six of them running. You can get a better idea if you open a cmd prompt (start => run cmd and OK) then from the command line

Code:

tasklist /svc

and ENTER. I've posted parts of a run from my PC to give you an idea. If possible, do one while things are working OK and send the results to a text file so you can print hard copy then next time things start acting badly, run one to the screen and compare the two. See exactly what new thing is causing problems. To send the results to c:\tasklist.txt you would do

Code:

tasklist /svc > c:\tasklist.txt

Is there a way to completely remove the networking components in Windows XP and re-install them?

With XP there is no way to remove networking. Several things you can try though. Most likely problem is that one of the critters did damage to parts of your networking files as you suspect. Download LSPFix to a working PC and copy it to a floppy or CD. Only 200Kb so will easily fit on either. Then to the problem PC and run the app. It will either cure the problem so you can get back to the internet or else it will do nothing but it will not make things any worse.

If that fails, you can set all networking pieces and settings back to the defaults and set up networking again from a clean start. Get to a command prompt again and run the following

Code:

netsh int ip reset c:\restlog.txt

Note that you must send the reset to a text file or the command will not work and it is nice to be able to look at details of what was done by the netsh reset command.

Picture of tasklist /svc from my PC is below.

 

Thanks for all your help.

In the end I was able to fix the problem using WinSockFix 1.1.0.13.

http://www.majorgeeks.com/download4372.html

Nadia

 

Glad you got it fixed.

I think WinSockFix and LSPfix do pretty much the same sort of repair job.

Additional note for anyone running XP SP2 and having this problem - just found out that netsh winsock reset from a cmd prompt will do the same fix without needing the additional program. They must have tweaked the function as part of the SP2 code.