svchost.exe question, and other small things...

Hey guys, here's some questions I haven't been able to find answers to on my own. You've helped in the past, and I hoped you could help now:

- In my Windows Task Manager I've got about 6 listings for svchost.exe. Is that normal? And what do they all do?

- When I'm online are both "explorer.exe" and "IEXPLORE.EXE" supposed to be up?

- Why does my CPU Usage shoot way up sometimes at random for a minute or two and then drop back down?

- I've tried to eliminate McAfee but it still shows up in my Hjt logs. How do I get rid of it completely?

These things make me a little nervous, so I appreciate any info you can offer. I posted my Hjt log in case it could help shed any light on my problems.

Thanks for your help.


Logfile of HijackThis v1.99.1
Scan saved at 12:01:03 AM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\RANDOM~1\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\virusprotection\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wright.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://webmail.wright.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\PROGRA~1\RANDOM~1\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.apple.com
O15 - Trusted Zone: http://*.hell.com
O15 - Trusted Zone: blob.myspace.com
O15 - Trusted Zone: http://blog.myspace.com
O15 - Trusted Zone: browseusers.myspace.com
O15 - Trusted Zone: bulletin.myspace.com
O15 - Trusted Zone: c.myspace.com
O15 - Trusted Zone: cabo.myspace.com
O15 - Trusted Zone: chat.myspace.com
O15 - Trusted Zone: comments.myspace.com
O15 - Trusted Zone: editprofile.myspace.com
O15 - Trusted Zone: events.myspace.com
O15 - Trusted Zone: forum.myspace.com
O15 - Trusted Zone: g.myspace.com
O15 - Trusted Zone: groups.myspace.com
O15 - Trusted Zone: home.myspace.com
O15 - Trusted Zone: home1.myspace.com
O15 - Trusted Zone: home10.myspace.com
O15 - Trusted Zone: home11.myspace.com
O15 - Trusted Zone: home14.myspace.com
O15 - Trusted Zone: home15.myspace.com
O15 - Trusted Zone: home16.myspace.com
O15 - Trusted Zone: home19.myspace.com
O15 - Trusted Zone: home2.myspace.com
O15 - Trusted Zone: home7.myspace.com
O15 - Trusted Zone: home8.myspace.com
O15 - Trusted Zone: home9.myspace.com
O15 - Trusted Zone: i.myspace.com
O15 - Trusted Zone: images.myspace.com
O15 - Trusted Zone: invite.myspace.com
O15 - Trusted Zone: iprofile.myspace.com
O15 - Trusted Zone: js.myspace.com
O15 - Trusted Zone: login.myspace.com
O15 - Trusted Zone: mail.myspace.com
O15 - Trusted Zone: mail.4.myspace.com
O15 - Trusted Zone: mail1.myspace.com
O15 - Trusted Zone: mail2.myspace.com
O15 - Trusted Zone: mail4.myspace.com
O15 - Trusted Zone: mail5.myspace.com
O15 - Trusted Zone: mail7.myspace.com
O15 - Trusted Zone: mail8.myspace.com
O15 - Trusted Zone: mail9.myspace.com
O15 - Trusted Zone: music01.myspace.com
O15 - Trusted Zone: onlinenow.myspace.com
O15 - Trusted Zone: photo.myspace.com
O15 - Trusted Zone: profile.myspace.com
O15 - Trusted Zone: schools.myspace.com
O15 - Trusted Zone: search.myspace.com
O15 - Trusted Zone: searchlog.myspace.com
O15 - Trusted Zone: security.myspace.com
O15 - Trusted Zone: settings.myspace.com
O15 - Trusted Zone: http://signup.myspace.com
O15 - Trusted Zone: upload.myspace.com
O15 - Trusted Zone: viewmorepics.myspace.com
O15 - Trusted Zone: www.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: x.myspace.com
O15 - Trusted Zone: http://www.partypoker.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125887081078
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

addictive76--I am no expert on HJT logs, so will not comment on your log. I am sure someone knowledgeable will be along to help soon. (I presume you followed the procedure here
http://www.windowsbbs.com/showthread.php?t=37074
before posting.)
However in answer to some of your questions.

Nothing necessarily unusual about that. Here is what svchost.exe does
http://windowsxp.mvps.org/svchost.htm
http://support.microsoft.com/?kbid=314056
In summary it assists other operating system processes to run. Note these articles tell you how to learn what processes it is helping.
There is an outside chance that you have a worm (Welchia) but I suspect that is not likely since you do not mention any symptoms and you are running Norton AV.
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

Yes. The former is Windows Explorer. The latter is Internet Explorer.

Likely you have some program which starts running in the background, like Symantec Live Update, other scheduled task, etc. But it could be the sign of malware, so good to go through the procedure mentioned earlier. Again, however, you mention no signs of malware.

AntiVirus programs do not like to uninstall fully. How did you uninstall it? The best way is either to use Control Panel|Add/Remove or the uninstaller that probably came with the program. I have never used McAfee, so cannot offer specific advice. And I do not know what McAfee program you had. McAfee's website should offer info. And Google offers the following
http://www.google.com/search?source...rls=GGLD,GGLD:2004-31,GGLD:en&q=remove+mcafee
If you did not use Add/Remove or whatever uninstaller came with the program you could reinstall and then uninstall properly.
You can also go into the Registry, and remove all traces.
But if you are not having problems, not sure it is worth it. I also see that the McAfee entries show File Missing, anyway. I used to know what that meant, but I do not think it is important (except perhaps as junk).
Perhaps the person who reviews your HJT log will refresh both our memories.