Failing those solving your problems try one of the spyware problem sites listed by me on my site, I am in all those sites as ChrisRLG.
Post your hijackthis log for the experts to advise. HijackThis From Here You might get me, but any of the more problematic ones are handled by the experts. If you get a 'advanced member' like me, we have other ways of asking for advice from the experts, to pass on to you.
You could post your log here but in the virus (http://forums.us.dell.com/supportforums/board?board.id=si_virus) board (so that I will find it quicker) and I will have a go at giving advice, but if you go to one of the more specalist sites more experts will be able to help.
Maybe yes and maybe no. I have two copies of svchost.exe, one in "Windows\system32" and the other in "\Windows\System32\dllcache". I have four "svchost.exe" processes running, one owned by "NETWORK SERVICE", one by "LOCAL SERVICE" and the other two by "SYSTEM". My OS is Windows XP Pro.
The files in the prefetch folder are used dynamically by Windows and when you defrag, to optimise file placement on your hard drive according to how you use your PC (e.g. which programs you run most often). It is considered good practice now and then to look through and delete any that refer to software that has been unistalled. Indeed you can delete them all if you wish, you may notice a slight drop in performance for a couple of days, as Windows populates the folder again as you use software. The files do not cause apps to run, they are just logs telling Windows how/when apps are run. The name of each refers to the particular .exe file
It is perfectly normal to have several instances of svchost to run, as it is called by several groups of services. Currently I have 3, one for network services and two for system. I have quite a few services disabled, or I would probably see more. Depending on how you use your PC (stand alone, local network, etc.), you might not need to have all the services running that Windows starts by default. Disabling unneeded services reduces the memory used by XP somewhat, reduces background activity and in some cases improves your security. If you are interested, look at these two sites:
for good advice on what the services do (so that you can decide whether you need them) and what are safe settings.
Whilst I agree with ChrisRLG that some malware also place files called scvhost.exe on you PC and it is worth checking whether you have caught something, do not delete the legitimate file, which is in the \system32 folder (with a backup copy in C:\I386 if you have that folder).
PS. Yes, also legitimate in \system32\dllcache, which is another backup folder
Message Edited by JRosenfeld on 11-08-2003 12:11 AM
First, I want to thank to everyone for responding to my questions. That help me a lot and clear my doubt. Anyone please tell me what this Key Name (0000002F-0000-0000-C000-000000000046) means?
The CLSID keys are an essential part of the registry, where the operating system stores information about which files are needed to run to perform specific tasks that it is requested to perform when you do something. When you install a program, it will also add CLSID keys (amongst others) to tell the OS how to handle the requests it makes when you run the program.
A simple description of the registry is given here
and there are many other references you could look up.
Generally, it is best not to edit or delete CLSID entries, unless you are quite sure what you are doing.
As to the particular one you mention, if you look in the right hand pane, it says default CLSID_RecordInfo, which is the name of the class of objects that key relates to. If you expand the key and click on the Improcserver32 key, in the right pane, you will see that the default file needed to handle this type of object is oleaut32.dll, and also some long coded reference which I don't understanhd, but which XP does. If you look at other CLSID keys, the entries are usually clearer, and you can deduce what the specific key relates to.
ChrisRLG
3.9K Posts
0
November 7th, 2003 19:00
You have Malware. It is normal for more than one instance of svchost to run, BUT not from two locations.
On my site (Link Below) try the AV section and one of the online virus checkers, such as housecall.
If that does not work try the malware route.
Spybot S&D
Cwshredder
Failing those solving your problems try one of the spyware problem sites listed by me on my site, I am in all those sites as ChrisRLG.
Post your hijackthis log for the experts to advise.
HijackThis From Here
You might get me, but any of the more problematic ones are handled by the experts. If you get a 'advanced member' like me, we have other ways of asking for advice from the experts, to pass on to you.
You could post your log here but in the virus (http://forums.us.dell.com/supportforums/board?board.id=si_virus) board (so that I will find it quicker) and I will have a go at giving advice, but if you go to one of the more specalist sites more experts will be able to help.
msgale
2 Intern
•
2.5K Posts
0
November 7th, 2003 22:00
JRosenfeld
2 Intern
•
4.4K Posts
0
November 7th, 2003 22:00
The files in the prefetch folder are used dynamically by Windows and when you defrag, to optimise file placement on your hard drive according to how you use your PC (e.g. which programs you run most often). It is considered good practice now and then to look through and delete any that refer to software that has been unistalled. Indeed you can delete them all if you wish, you may notice a slight drop in performance for a couple of days, as Windows populates the folder again as you use software. The files do not cause apps to run, they are just logs telling Windows how/when apps are run. The name of each refers to the particular .exe file
It is perfectly normal to have several instances of svchost to run, as it is called by several groups of services. Currently I have 3, one for network services and two for system. I have quite a few services disabled, or I would probably see more. Depending on how you use your PC (stand alone, local network, etc.), you might not need to have all the services running that Windows starts by default. Disabling unneeded services reduces the memory used by XP somewhat, reduces background activity and in some cases improves your security. If you are interested, look at these two sites:
http://www.theeldergeek.com/services_guide.htm
http://blkviper.com/WinXP/servicecfg.htm
for good advice on what the services do (so that you can decide whether you need them) and what are safe settings.
Whilst I agree with ChrisRLG that some malware also place files called scvhost.exe on you PC and it is worth checking whether you have caught something, do not delete the legitimate file, which is in the \system32 folder (with a backup copy in C:\I386 if you have that folder).
PS. Yes, also legitimate in \system32\dllcache, which is another backup folder
Message Edited by JRosenfeld on 11-08-2003 12:11 AM
Danny20141
6 Posts
0
November 8th, 2003 00:00
First, I want to thank to everyone for responding to my questions. That help me a lot and clear my doubt. Anyone please tell me what this Key Name (0000002F-0000-0000-C000-000000000046) means?
[HKEY_CLASSES_ROOT\CLSID\{0000002F-0000-0000-C000-000000000046}\
I just copy one out of more than 3,500 of them under the HKEY_CLASSES_ROOT\CLSID\
Why thousands of them? what are they?
Thanks, Danny
JRosenfeld
2 Intern
•
4.4K Posts
0
November 8th, 2003 16:00
The CLSID keys are an essential part of the registry, where the operating system stores information about which files are needed to run to perform specific tasks that it is requested to perform when you do something. When you install a program, it will also add CLSID keys (amongst others) to tell the OS how to handle the requests it makes when you run the program.
A simple description of the registry is given here
http://www.easydesksoftware.com/rworks.htm
and there are many other references you could look up.
Generally, it is best not to edit or delete CLSID entries, unless you are quite sure what you are doing.
As to the particular one you mention, if you look in the right hand pane, it says default CLSID_RecordInfo, which is the name of the class of objects that key relates to. If you expand the key and click on the Improcserver32 key, in the right pane, you will see that the default file needed to handle this type of object is oleaut32.dll, and also some long coded reference which I don't understanhd, but which XP does. If you look at other CLSID keys, the entries are usually clearer, and you can deduce what the specific key relates to.
Verns600m
130 Posts
0
November 9th, 2003 21:00