svchost and starbar trouble

Ok then just skip the dllcache part and continue.

Yeah! He is probably hoping Boston will pick him up. I would take Lowell anyday.

 

Attach a new log from ShowNew. I want to see what versions of svchost.exe are in your folders.

 

Okay that actually looks better from the perspective that svchost.exe does not show in the log now. And that is what we expect because the ShowNew.bat program is only showing files that have file dates within the last 90 days. Getting the copy from your CD would use the file date from your CD which is older and thus it would not show.

Now using Windows Explorer, goto the c:\windows\system32 folder and locate the svchost.exe file and right click on it and select Properties. What do you see for the Size (in bytes), Size on disk (in bytes), and the Created date? Then click the Version tab (on the Properties form) and tell me what File Version you see.

 

What SP level of Windows XP is on the CD that you booted from?

I bet that it is SP1 and not SP2 which means it does not match what you have installed.

 

Assuming you can get your CD and PC to work, you should be able to see the SP level a couple of ways on your Dell CD.

1. when you insert it in the CD drive a Window will normally popup after a few seconds about installing Windows XP. Just close the window down, then use Windows Explorer to look at your CD drive and you should notice a volume label like XPSP1a_ENG_PRO or similar. The SP1a is the important part.
2. Also if you access the CD drive from Windows Explorer, some of the files in the root folder will reflect the SP level. For example you may see a file named WIN51IP.SP1 This will not tell you it is SP1a but it does tell you it is SP1
3. Also there may be a file name SPNOTES.HTM in the root folder of the CD. If you double click on this file it will open in your browser and show the SP level. But again it will only say SP1 or SP2. It will not show the "a"

However all that said, I'm positive that your CD is SP1a and we know you were running SP2 on your system which means at some point in time you upgraded. Thus do the below if possible.

Click Start and select Search
Now Select "All files and folders"
Enter the svchost in the "All or part of the file name:" box
Now select "More advanced options"
Make sure the following check boxes are checked:

• Search system folders
• Search hidden files and folders
• Search subfolders

Then click the Search button.

Tell me where you find matches for svchost. What I'm looking to do is find an svchost.exe from SP2 but not one of the possibly bad ones we renamed or deleted and then use this to replace to one currently in system32 with the correct version.

Also before we actually replace the file, I want to know does your System Restore feature work.

 

You're welcome. I'm happy to hear you have things working smoothly now.

It's just as well! I was going to suggest you bite the bullet and do this anyway since you system appeared to have load of issues within the Windows OS itself. All the malware was gone but it is possible that it could have created unrepairable issues within your system.

Make sure you work thru the below A.S.A.P:

How to Protect yourself from malware!