# Is the file SVCHOST.EXE-3530F672.pf part of spyware or any sort of problem?



## Frisbeeman (Feb 12, 2005)

On my hard drive is the file C:\Windows\Prefetch\SVCHOST.EXE-3530F672.pf. It is an 18 KB file dated 2/9/05, which is about one month AFTER I purchased my computer.

I have Windows XP Pro on a Toshiba laptop.

My investigation into this started when my Zone Alarm Pro gave me an alert stating "Generic Host Process for Win32 Services trying to act as a server." It involved a file called svchost.exe.

I found the following at http://windowsxp.mvps.org/svchost.htm

____________________________________
Description of Svchost.exe in Windows XP

Each instance of Svchost process [you see in Task Manager] launches a list of services. Multiple instances of Svchost.exe can run at the same time. Four or five instances of svchost.exe is normal. If you want to see what services are run by each Svchost process:

For XP Professional, using the Tasklist command:

Click Start, Run and type cmd

Type Tasklist /svc >C:\TaskList.txt

The TaskList.txt will contain the services list (launched by each Svchost process). Windows XP Home does not have tasklist.exe. Download a copy from here

A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056

WARNING: There are viruses circulating in the internet which uses the same name as svchost.exe. The legit svchost.exe will be present in the %Windir%\System32 folder.
_________________________________________

I think my instance of svchost.exe trying to access the Internet was legitimate because twice Google search results were taking forever to come back and the instant I clicked "Allow" on the Zone Alarm Alert my search results came back. I typically have 7 copies of svchost.exe listed as a process in Windows Task Manager.

However, when I searched my hard drive for "svchost*.*" I discovered the SVCHOST.EXE-3530F672.pf file. Searching "SVCHOST.EXE-3530F672.pf" in Google produced surprisingly few results. Most of them were in foreign languages. When I restricted the searched the English it greatly reduced the results. One Google result was from a post on this forum dated 18-Apr-2004, 06:57 AM, but it was merely one of the files the person who made the post found on their hard drive.

The Google results on SVCHOST.EXE-3530F672.pf gave no clear answer if it is spyware. Searching Microsoft's Knowledge Base, Symantecs web site and Zone Alarms web site produced no results. I would think that if it were spyware there would be a lot more discussion about it on the Internet.

Does anyone know if this is something malicious?

Thank you.


----------



## MFDnNC (Sep 7, 2004)

Forget what is in prefetch, and if it botheres you empty prefetch and let it rebuild.

Svchost is a normal process running out of system32

If you are concerned

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE 1.05 http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, *check each for their 
definition updates* and then run AdAware and Spybot, fixing anything 
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This http://www.majorgeeks.com/download3155.html, put 
it in a *permanent folder* (C:\HJT) , run it , *DO NOT fix* anything, post the 
log here.


----------

