Doug,
Your e mail or posted reply to my forwarding the Running
Processes has got sidetracked.could you please send it
again? As of now, I am still getting the Windows Shadow
message during shutdown. Thank you so much
Jim
-----Original Message-----
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
CSRSS.EXE
winlogon.exe winlogon.exe
SERVICES.EXE C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
SVCHOST.EXE C:\WINDOWS\system32\svchost -k rpcss
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe
CDAC11BA.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE
CDANTSRV.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
mpservic.exe "C:\Program
Files\Canon\MultiPASS\mpservic.exe"
explorer.exe explorer.exe
NAVAPW32.EXE "C:\PROGRA~1\NORTON~1\navapw32.exe"
mm_tray.exe "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"
hkcmd.exe "C:\WINDOWS\System32\hkcmd.exe"
Directcd.exe "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
qttask.exe "C:\Program Files\QuickTime\qttask.exe" -
atboottime
hpgs2wnd.exe "C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe"
WkUFind.exe "C:\Program Files\Common Files\Microsoft
Shared\Works Shared\WkUFind.exe"
TaskPanl.exe "C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe" -winstart
NAVAPSVC.EXE "C:\Program Files\Norton
AntiVirus\navapsvc.exe"
IXApplet.exe "C:\Program Files\Dell Computer\Dell
Image Expert\IXApplet.exe" -s
monitr32.exe "C:\Program
Files\Canon\MultiPASS\monitr32.exe" I
WkCalRem.exe "C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe"
hpgs2wnf.exe "C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnf.exe" -Embedding
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc
qshelf98.exe "C:\Program Files\Microsoft
Reference\Bookshelf 98\qshelf98.exe"
ntvdm.exe "C:\WINDOWS\system32\ntvdm.exe" -
f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
iexplore.exe "C:\Program Files\Internet
Explorer\iexplore.exe"
helpctr.exe
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"
-FromStartHelp
helpsvc.exe
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe"
/Embedding
HelpHost.exe
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
" -guid {A3E4FC35-26E0-4174-840B-E3249862F407}
msimn.exe "C:\Program Files\Outlook
Express\msimn.exe"
msmsgs.exe "C:\Program Files\Messenger\msmsgs.exe" -
Embedding
URLMAP.EXE "C:\Program Files\Microsoft
Money\System\urlmap.exe" -Embedding
xp_homeservices.exe "C:\Documents and Settings\JAMES
DAVIDSON\Local Settings\Temp\Temporary Directory 1 for
xp_homeservices[1].zip\xp_homeservices.exe"
wmiprvse.exe
-- Running Services --
Name: 6to4
Description: Offers IPv6 connectivity over an IPv4
network
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: AudioSrv
Description: Manages audio devices for Windows-based
programs. If this service is stopped, audio devices and
effects will not function properly. If this service is
disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Browser
Description: Maintains an updated list of computers on
the network and supplies this list to computers
designated as browsers. If this service is stopped, this
list will not be updated or maintained. If this service
is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: C-DillaCdaC11BA
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\drivers\CDAC11BA.EXE
Name: C-DillaSrv
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Name: CryptSvc
Description: Provides three management services: Catalog
Database Service, which confirms the signatures of
Windows files; Protected Root Service, which adds and
removes Trusted Root Certification Authority
certificates
from this computer; and Key Service, which helps enroll
this computer for certificates. If this service is
stopped, these management services will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: Dhcp
Description: Manages network configuration by
registering
and updating IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Dnscache
Description: Resolves and caches Domain Name System
(DNS)
names for this computer. If this service is stopped,
this
computer will not be able to resolve DNS names and
locate
Active Directory domain controllers. If this service is
disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k
NetworkService
Name: ERSvc
Description: Allows error reporting for services and
applictions running in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Eventlog
Description: Enables event log messages issued by
Windows-
based programs and components to be viewed in Event
Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: EventSystem
Description: Supports System Event Notification Service
(SENS), which provides automatic distribution of events
to subscribing Component Object Model (COM) components.
If the service is stopped, SENS will close and will not
be able to provide logon and logoff notifications. If
this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: FastUserSwitchingCompatibility
Description: Provides management for applications that
require assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: helpsvc
Description: Enables Help and Support Center to run on
this computer. If this service is stopped, Help and
Support Center will be unavailable. If this service is
disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanserver
Description: Supports file, print, and named-pipe
sharing
over the network for this computer. If this service is
stopped, these functions will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanworkstation
Description: Creates and maintains client network
connections to remote servers. If this service is
stopped, these connections will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP
(NetBT) service and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: Messenger
Description: Transmits net send and Alerter service
messages between clients and servers. This service is
not
related to Windows Messenger. If this service is
stopped,
Alerter messages will not be transmitted. If this
service
is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: MPService
Description:
Startup Mode: Auto
Run from: C:\Program Files\Canon\MultiPASS\mpservic.exe
Name: navapsvc
Description: Handles Norton AntiVirus Auto-Protect
events.
Startup Mode: Auto
Run from: C:\Program Files\Norton AntiVirus\navapsvc.exe
Name: Netman
Description: Manages objects in the Network and Dial- Up
Connections folder, in which you can view both local
area
network and remote connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Nla
Description: Collects and stores network configuration
and location information, and notifies applications when
this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: PlugPlay
Description: Enables a computer to recognize and adapt
to
hardware changes with little or no user input. Stopping
or disabling this service will result in system
instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: PolicyAgent
Description: Manages IP security policy and starts the
ISAKMP/Oakley (IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe
Name: ProtectedStorage
Description: Provides protected storage for sensitive
data, such as private keys, to prevent access by
unauthorized services, processes, or users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: RpcSs
Description: Provides the endpoint mapper and other
miscellaneous RPC services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
Name: SamSs
Description: Stores security information for local user
accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: Schedule
Description: Enables a user to configure and schedule
automated tasks on this computer. If this service is
stopped, these tasks will not be run at their scheduled
times. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: seclogon
Description: Enables starting processes under alternate
credentials. If this service is stopped, this type of
logon access will be unavailable. If this service is
disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SENS
Description: Tracks system events such as Windows logon,
network, and power events. Notifies COM+ Event System
subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
Name: srservice
Description: Performs system restore functions. To stop
service, turn off System Restore from the System Restore
tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SSDPSRV
Description: Enables discovery of UPnP devices on your
home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: stisvc
Description: Provides image acquisition services for
scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
Name: TapiSrv
Description: Provides Telephony API (TAPI) support for
programs that control telephony devices and IP based
voice connections on the local computer and, through the
LAN, on servers that are also running the service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TermService
Description: Allows multiple users to be connected
interactively to a machine as well as the display of
desktops and applications to remote computers. The
underpinning of Remote Desktop (including RD for
Administrators), Fast User Switching, Remote Assistance,
and Terminal Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TrkWks
Description: Maintains links between NTFS files within a
computer or across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: uploadmgr
Description: Manages synchronous and asynchronous file
transfers between clients and servers on the network. If
this service is stopped, synchronous and asynchronous
file transfers between clients and servers on the
network
will not occur. If this service is disabled, any
services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: w32time
Description: Maintains date and time synchronization on
all clients and servers in the network. If this service
is stopped, date and time synchronization will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WebClient
Description: Enables Windows-based programs to create,
access, and modify Internet-based files. If this service
is stopped, these functions will not be available. If
this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: winmgmt
Description: Provides a common interface and object
model
to access management information about operating system,
devices, applications and services. If this service is
stopped, most Windows-based software will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: wuauserv
Description: Enables the download and installation of
critical Windows updates. If the service is disabled,
the
operating system can be manually updated at the Windows
Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WZCSVC
Description: Provides automatic configuration for the
802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
-----Original Message-----
The link works here, Jim. I even copied and pasted
your
version into it.
http://www.dougknox.com/xp/utils/xp_homeservices.zip
--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone -
http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
Doug, could not download
http://www.dougknox.com/xp/utils/xp_homeservices.zip
jim
-----Original Message-----
Doug, Does elimination of these processes help my
shutdown problem or are they still associated with
the
latent nstask32.exe problem ?
-----Original Message-----
James,
I was looking over your Startup log file again. 3
more
entries come to
light.
In running Processes:
CDAC11BA.EXE C:\WINDOWS\System32
\drivers\CDAC11BA.EXE
CDANTSRV.EXE C:\WINDOWS\System32
\DRIVERS\CDANTSRV.EXE
These two strike as unusual because I don't have a
single EXE file in the
system32\drivers folder. Since there are no startup
entries for these, that
I can see, I'm assuming that they're being run as a
Service. Also both file
names have been associated with C-Dilla:
http://www.privacyandspying.com/privacy- c_dilla.html
Loading from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe
r
s
ion\Run
system dcomx.exe
This file is definitely a virus (my apologies for
missing it). Several
virus's use this file name. Here's one:
http://www.f-secure.com/v-descs/rpc.shtml
Open Task Manager, go to the Processes and highlight
these 3 processes,
individually and select End Process.
Then open REGEDIT and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe
r
s
ion\Run and delete
the "system" value in the right pane. Next do a
find
for dcomx.exe
(probably in the Windows\System32 folder and delete
it.
Then you'll need to go to Start, Run and enter
SERVICES.MSC and see if you
can find anything associated with the first 2 files
mentioned. If not,
download
http://www.dougknox.com/xp/utils/xp_homeservices.zip
The EXE
inside will scan your system for running processes
and
all running services.
Reboot the computer and run this utility. Post the
results here.
--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone -
http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may
benefit.
Unsolicited e-mail is not answered.
in
message
While closing down WindowsXP I get the following
message.
"The system cannot end the selected task because
SHADOW
is not allowing it to run. Press ok to End Task
Shadow
or
cancel to leave it running.
.
.
.
.
