I run XP PRO SP3 plus relevant later patches and fixes on a 7 yo a Dell 4600, the only mod was the IDE drive replaced with a SATA about two years ago when the former became too noisy for my peace of mind regarding probable crash. I need advice on a cure or and possibly software tools that can analyse what SVCHOST.EXE controls and if possible modify what has been embedded into it.
History: I've had an ongoing problem from some 9 months ago when I first installed Firefox (even with the latest v3.6.8) where despite installing Flash stuff till I'm sick of it, Youtube or Flixy vids which run fine on IE won't play on Firefox. I hit a mock forum which offered a free security scan, I declined, and had to use taskmanager to kill all browser windows but too late to stop a couple of trojans invading my system which Vipre cleaned. It was confirmed with Spybot S&D and Superantispyware, although Spybot found more registry entries related to these trojans. As an aside I guess VIPRE considered them harmless without the executable code. Rebooted and system seemed to be good again. Subsequent scans confirm its clean. Current problem: PC now hangs after some hours if just left on; if taskman is left open one of the six svchost processes running gradually grabs memory and takes up more CPU time until reaching about 180K/50% causes the hang. Prior to the trojan infections svchost processes were quite stable, if it grabbed resources it was by miniscule amounts so not a problem. What I tried: Suspecting corrupted SVCHOST.EXE I replaced it with one from the DLLCACHE folder, however regsvr32 can't be used to unregister it. I booted the system with NTFSDOS, renamed the c:\windows\system32\svchost.exe and copied the one from the dllcache folder. On restart the PC took over 10 minutes to reach user interface even though startup registry and menu items were unchanged many processes like sound, VIPRE weren't running and refused to load either. I was forced into retreat, reverting to the resource grabbing copy of svchost.exe. My Theory: As well as SVCHOST.EXE having registry entries which define what it loads, I perceive it uses an old MSDOS trick and has 'holes' for a developer to patch with their programming customisations which would account for alleged identical copies causing running issues. The two copies of svchost.exe on the PC have the same size and version numbers, but their date/time stamps differ and of course the badly behaved one carries the date of the thwarted trojan infection. Oh and BTW if anyone knows of the fix to Firefox and Youtube vids that would be a welcom bonus too. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
