Hey there...I started a thread over HERE (http://www.hardforum.com/showthread.php?t=873327) and I've solved everything except for 2 things

There is a suspicious svchost.exe that's taking up a lot of memory (I think like in the 10,000's or 20,000's) and that svchost.exe is the 6th one...there's only supposed to be 5 I thought...and it always reopens when I close it and I notice no changes when I close it...

Also after getting rid of everything, no one can seem to log onto anything...like I goto eBay and press the sign in button and it's unable to connect...always gives me an unable to connect message...I have no idea what happened...something bad that got deleted changed something and I don't know what it changed...they can't log into their bank website to do their bank stuff...seems like it's the secure websites that won't load...

I've run Norton AntiVirus 2004 and the newest AdAware and S&D and 3 different online scanners...I got nothin...everything is cleared except for those things...

Is there a way for me to see whether or not this one svchost.exe is good or bad??? I can't remember which user name in the task manageer it runs under...I think either System or Network Service...

And what about the websites??? I have absolutely no idea how to fix that...I tried reregistering(I think that's what it was called) some dll's and nothin...it happenes with BOTH Internet Explorer (which they don't use anymore) and Firefox...I got nothin...

Any ideas on how I can fix this??? THANX
C'YA :cool:

As Stated in the OLD POST REFORMAT AND START OVER. You can never get it all out when it was that bad, Take and hr and reformat, Question How many hours did you spend trying to fix what you have?10?

Well guess what...I DID get it all ou...those two symptoms are the only two things left over...just a possible suspicious svchost.exe and no loading of secure pages...that's it...everything else I miracleously got rid of...I just need help on these ther two things...

Yeah I would reformat and start over. Then make a smart move and get a copy of Norton Ghost 2003 and create an image of the fresh install and save it. This way if things tank again just image the drive and you're back in business.

Have you tried http://www.sysinternals.com/ntw2k/source/filemon.shtml this proggie? See what files are being accessed by the PID of the suspicious svchost and track it down manually.

^^^
I have that prog on my PC but not theirs...I'll try it and see if I can see what's happening...

And I can't reformat the PC cause they lost their Microsoft Office 2003 CD and I don't got that one...and the computer is almost fixed...

I don't see why ppl are suggesting a full reformat...it's like seeing a cockroach crawl on the floor and you freak out and call the exterminator to get the whole place sprayed and eevery nook and cranny looked at...doesn't make sense to me...

It's just one problem with a possible 2nd problem...any ideas on the website thingy??? That's what's really bugging them...

I don't see why ppl are suggesting a full reformat...it's like seeing a cockroach crawl on the floor and you freak out and call the exterminator to get the whole place sprayed and eevery nook and cranny looked at...doesn't make sense to me...

So you just let the Cockroach run and hide? and Multiply!

I STEP on it and Kill it. Then it does not hide and come back later with friends!

Good job taking the time to repair it. Reformating takes less than an hour of PC time, and about 5 minutes of your time to complete it. Pop in your back ups and your done! :D Pc runs like new again.

Think about it. ;)

You can knock yourself out, i've spent many hours tracking weird stuff down. If it comes to down to a corrupted file or files due to a virus or something else, you may be able to find it and maybe not fix it. But as the guy mentioned before how many hours have spent on this? Too bad they lost their key.

Its so Easy just to Format and Start Over. I dont even mess with trying to fix problems when spyware and viri swarm my system.

Sometimes you just save more time and effort Starting from a clean slate.

Open a command box and run tasklist /svc. Then you can find out what service it is. Once you know what it is, it shouldn't be too hard to fix.

Open a command box and run tasklist /svc. Then you can find out what service it is. Once you know what it is, it shouldn't be too hard to fix.

Damn, that's a good tip right there.

I was going recommend this - http://www.diamondcs.com.au/index.php?page=console-cmdline

It puts that data in a bit more friendly format. At least for me. :)

Open a command box and run tasklist /svc.Ahhh...it opened up the command prompt and zipped right thru some stuff and quickly closed...how do I solve this? I'm just testing it on my computer since I'm not at my sisters house...

start, run, cmd, okay, enter tasklist /svc in dos window.

I don't see why ppl are suggesting a full reformat...

Two reasons - one being the time and effort spent trying to clean the system.
Second reason is once a system is compromised how can you be certain that you cleaned everything?

I already stated that they have lost their Office 2003 CD and they need Word and Excel and stuff so formating is out of the question...

Besides...there are no suspicious progs running in taskman anymore and 3 viruses/*-ware/etc. scanners say that there aren't any bad things running and 3 online scanners say there's nothing bad left and 3-4 other specific scanning progs say that there aren't any bad things on there...all detected stuff in the begining but not anymore...

ok...I'm at their houyose and found out that XP Home didn't have the tasklist.exe...I Googled it and found that I can just download it and all is good....


So I ran tasklist command and found the svchosts's that were showing up in taskman...now I had taskman show the PID numbers and found that the one that is using up memory and restarting itself after I force close it is number SVCHOST.exe PID# 1096...SOMETHING there is screwing with the memory in that svchost.exe and I don't know what it is...HOPEFULLY it's something that I can fix that will just so happen to fix the secrure webpages not loading...


C:\>tasklist /svc
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 632 N/A
csrss.exe 680 N/A
winlogon.exe 708 N/A
services.exe 752 Eventlog, PlugPlay
lsass.exe 764 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 920 DcomLaunch, TermService
svchost.exe 1000 RpcSs
svchost.exe 1096 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem, FastUserSwitchingCompatibility,
helpsvc, lanmanserver, lanmanworkstation,
Netman, Nla, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
svchost.exe 1228 LmHosts, SSDPSRV, WebClient
spoolsv.exe 1436 Spooler
explorer.exe 192 N/A
atiptaxx.exe 256 N/A
lxbtbmgr.exe 292 N/A
lxbtbmon.exe 324 N/A
qttask.exe 380 N/A
TeaTimer.exe 412 N/A
CCPROXY.EXE 1256 ccProxy
CCSETMGR.EXE 1272 ccSetMgr
NAVAPSVC.EXE 1372 navapsvc
SAVSCAN.EXE 1564 SAVScan
SNDSrvc.exe 1792 SNDSrvc
svchost.exe 1840 stisvc
VzFw.exe 1932 VAIO Entertainment File Import Service
CCEVTMGR.EXE 1992 ccEvtMgr
SymWSC.exe 144 SymWSC
alg.exe 2224 ALG
lxbtcoms.exe 3248 lxbt_device
realsched.exe 3644 N/A
firefox.exe 756 N/A
taskmgr.exe 3912 N/A
iexplore.exe 3084 N/A
cmd.exe 320 N/A
tasklist.exe 3828 N/A
wmiprvse.exe 2752 N/A

Winsock or TCP stack is hosed. Run a tool like this one (http://home.vcn.com/knowledgebase/article.php?id=327) or this one (http://www.cexx.org/lspfix.htm) and you will likely be able to connect to the web again.

Cool...thanx...hopefully it'll repar their internet...I'll have to walk my sister thru it tho cause I'm swampped with homework right now...I'll tell ya how it goes...