System32\svchost.exe Create Process,Execute Image on 100's of Vista Computer

Things took a downturn yesterday when the HDD on my 8 month old HP HPE Win 7 x64 desktop computer crashed. I am now once again using my HP Vista x86 laptop after having it in storage for 5 months. It has the the Comodo v3.14 Firewall with Defense+ installed running in Safe Mode.

The problem is that since I started the Vista laptop according to Defense+ C:WINDOWS\System32\svchost.exe has been continuously performing Create Process and Execute Image on programs on the computer. The Defense+ log goes back to June of 2010 and shows no record of this kind of activity on the part of svchost.exe prior to yesterday when I started it.

I have scanned the computer and it came up clean so I am looking for suggestions about how to get my Vista laptop running normally with respect to this continuous activity on the part of svchost.exe.

Thank you for any suggestions that you might have. I’ve used this Vista laptop for 2 out of the last 3 years using Comodo and it has never acted like this before.

~Maxx~

Can you see if you still have a rule for svchost.exe in Computer Security Policy. Normally it should be under Windows System Applications.

Also check that the svchost.exe file in system32 is the real deal. To know for sure that svchost.exe is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.

Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.

When this is done navigate to the system32 folder, look up and select …, click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.

Eric- Thank you for the excellent device. I don’t know exactly what it was because the MBAM and Emisoft scans didn’t turn anything up that could have caused this. It was something nasty though because in addition to all of the havoc it was causing with svchost.exe when i hooked up my LaCie Drive which has all of my squeaky clean Disc Images on it Explorer said that it could not locate the disk and refused to read it even though it would read the other partition on the the same drive!

Fortunately Macrium Reflect easily located an Image to restore the Vista laptop with and things are back to normal now as shown in the attachment.

Thanks again for all of the help you’ve given me over the last 2 years!

~Maxx~

[attachment deleted by admin]