# SVC Host on start up



## dampy (Nov 22, 2004)

hye, i checked out msconfig on start up... 

i have found out that there is 2 svchost.exe file on start up what it means?

one is in c:\winnt\svchost.exe

and other is in start up folder in the start menu any problems can exist due to it?????????

thanks
daksh


----------



## CTSNKY (Aug 7, 2004)

Those are probably normal entries. Are you experiencing any slowness or lockups?


----------



## dampy (Nov 22, 2004)

*reply*

This is the error which keeps coming i am tired of it really

SVCHOST.EXE error 

instruction 0x77fc9906 refer memory at 0x7c54144c

Not just that once i also received some c:\winnt\system32\lsass.exe error code 128 something like that and it says system will shut down in one seconds

Since i am using windows 2000 i couldn't use the shutdown.exe-a option in dos thus i had to watch my pc getting shutdown infront of my eyes

And yah one more thing whenever svchost.exe error comes i cannot click on specific regions of websites,it cud be like the compose mail button and then after svchost.exe error if i type something then nothing is visible in the chat windows of yahoo messenger also ( i hope u have understood what i mean ) i am able to type in yahoo im but it is not visible to me even though other person can see it

so what i do is restart pc and i always hope that no svchost error comes with some instruction reference problem

i have no service pack installed b'coz i dunn think it makes any diff. i will if does make i am using old version of i.e. 5.0.0.2920.0000IC i have got 2 antiviruses one provided by sify(my net vendor) and one called as AntiVir Guard before AntiVirGuard my pc was having error of svchost but not so much frequent

and is there need to post hijackthis log here?
if needed i will do the same..


----------



## jernelsingh (Nov 29, 2004)

*Try this*

Hi
If you've formatted the hard disk AND tried different operating systems, then it sounds very much like faulty memory (RAM) inside your PC. No fix for that - simply need to replace it.

Do you know whether you have one RAM module inside the PC or several? If you've got several, try removing them and just running one at a time. If the problem continues, take that RAM module out and try another. That will identify if you have one faulty module that needs to be replaced 

Cheers


----------



## dampy (Nov 22, 2004)

*reply*

welll this svchost error has started coming only recently especially this instruction message it was not there previously


----------



## dampy (Nov 22, 2004)

Well i am waiting to post hijack this log if some one asks me to do so .. one more thing when i press alt+ctrl+del and then i observe the processes i see this process called as AVWUPSRV.EXE


----------



## CTSNKY (Aug 7, 2004)

Sure, go ahead with a log. We'd be happy to have a look.

:sayyes:


----------



## jernelsingh (Nov 29, 2004)

*Re*

Post ur hijackthis log


----------



## dampy (Nov 22, 2004)

Ok here it is the log of hijack this
At the moment i am in safe mode with n/w support so that status code 128 message is not coming i wish i had windows xp installed atleast i cud use shutdown.exe-a in dos prompt but in windows 2000 it is not there.


This log is not of safe mode but in normal mode after that i booted it in safe mode
Logfile of HijackThis v1.98.2
Scan saved at 5:49:51 PM, on 12/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\myCIO\VScan\McShield.exe
C:\WINNT\myCIO\Agent\myAgtSvc.Exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\VetMsgNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\khooker.exe
C:\WINNT\myCIO\Agent\myagttry.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\myCIO\Agent\UpdDlg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\toreachvimal\Desktop\FixBlast.exe
C:\WINNT\myCIO\Agent\HtmlDlg.Exe
C:\WINNT\system32\mmc.exe
D:\SOFTWARE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINNT\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINNT\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...50612a366b1b:a08028643681f6a099b0c60efd35a3a4
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8C8B9FE-9845-482D-8143-DFDB942B61C0}: NameServer = 202.144.115.6,202.144.66.6
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINNT\myCIO\Agent\myRmProt2.8.1.119.dll


----------



## CTSNKY (Aug 7, 2004)

Nothing in your log of any concern.

FYI....


> svchost - svchost.exe - Process Information
> Process File: svchost or svchost.exe
> Process Name: Microsoft Service Host Process
> 
> ...


----------



## dampy (Nov 22, 2004)

*hii*

what next so?


----------



## CTSNKY (Aug 7, 2004)

*Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.*

Problem more likely related your very outdated IE.


----------



## dampy (Nov 22, 2004)

*reply*

doing it now

will tell u what happens after that

thanks anywayz so far

daksh


----------



## dampy (Nov 22, 2004)

ok guys this is where i need help from u people

i have got this virus detected by eTrust EZ Antivirus real time-protection

it is called as Win32.HostBlock virus.

it is present in C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS


(EDIT: Don't post AAW log unless requested. Thanks)


----------



## CTSNKY (Aug 7, 2004)

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Make sure to select the Autoclean option.


----------



## dampy (Nov 22, 2004)

*hoo*

well shredder is a fantastic s/w it has got rid of virus

w32.hostblock superb really 


its running well now

so dunn really think that there was this ram problem at all


----------



## CTSNKY (Aug 7, 2004)

Great news! Now go and update your IE!!


----------

