SVCHost.exe (HJT log posted)

SVCHost.exe

SVCHost seems to be causing me some problems. When i boot my pc it randomly decides not to play ball and when i access the internet the page never loads. No 404 message or "page cannot be found "..just a blank page with egg timer.
When i look at the taskmanager i have 6 (yes, 6!!) instances of SVCHost running. Usernames are "SYSTEM" (3), "NETWORK SERVICE" (2) and "LOCAL SERVICE "(1). when i end the task of the one using most memory, normally with a "system" username my machine can access the net with no problems. But the trade off is that my sound stops working - "Please install drivers ".
I use Spysweeper, Spybot, adaware and have AVG Antivisur and ZoneAlarm firewall and none of those programs ever picks it up as a virus or ad.

Can i remove SVCHost from my machine permanently or is it critical for it to run?
If I have to leave it on there, how do i make it work and not cause so many problems. As it stands I'm typing this with no sound (thanks to the above file) and have rebooted my machine 4times - each time with the same problem

can anyone help me????
thanks
David

 

darich--Not sure what you mean "it decides not to play ball" and how you singled out svchost as the cause.
Anyway, svchost.exe is a very legitimate and necessary MS Windows file when it is in C:\Windows\System32. If located elsewhere you could have the Welchia or some other worm.
http://support.microsoft.com/?kbid=314056
http://windowsxp.mvps.org/svchost.htm
http://www.neuber.com/taskmanager/process/svchost.exe.html
Have you updated to WinXP SP2?

 

In a command (dos) window type tasklist /svc an note the numerous files SVCHost.exe is running. Google any you don't recognize, or copy and paste the list here.

Also suggest you run one or two online virus scans, three of which are listed at the bottom of this page. Then if you still have the problem, post a hijackthis output here also.

 

By "not playing ball" i mean that the machine isn't behaving/acting as it should. ie it wont view any webpage or check email until i shutdown SVCHost. When i do, the pc runs fine...as long as i dont need sound for anything. When i do it tells me to install drivers or use another device.

I've ran an online virus scan (HouseCall) and it found no virus.

I've searched my pc for svchost and it found the file in 2 locations.
c:\windows\system32
c:\windows\prefetch

I've been running SP2 for a while.....not sure if thats the problem, since the problem is intermittent.

I've ran HiJack this and pasted the logfile below

Logfile of HijackThis v1.98.2
Scan saved at 21:07:48, on 11/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Winamp\winamp.exe
F:\maintenance\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...4a81e4edb7c2:1494e4a51933efb79fe3bba631960d34
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab