Hi, I have Windows XP Pro SP2 with all updates applied.
I use McAfee Personal firewall and ESET NOD32 version 2.7.
I have a dual core Intel with 2gb of memory.

I was hoping someone with virus tracking skills could help me with this problem.

I think I have HALF a virus left on my computer. My Anti Virus software threw up an error some months back and DCOM crashed and restarted my computer. Although the ESET nod seems to have prevented the main body of the virus infecting my computer, I believe part of it still remains. I've been around PC's for some 20+ years so I'm quite proficient at sorting things out, usually, but haven't had much to do with DCOM/COM to which this appears to relate.

The problem stems from Generic Host Process for Win32 (reported by McAfee firewall output monitoring) which is constantly trying to download from various IP addresses around 250 kbp/s to two files in my C:\TEMP\ always beginning with IH???.TMP where ? is a constantly changing HEX number.

If I run Winternals filemonitor and process monitors I can see this is actually a process called "C:\WINDOWS\system32\svchost -k DcomLaunch".

Unfortunately that's about as FAR as my knowledge of DCOM goes, lol. I can use process monitor further still to go down to DLL stack/thread level on this, but wouldn't know where to begin.

I believe this is an essential process (at least I seem to need it for internet access!).

I've run a SFC /scannow and done a complete virus scan and defender scan and it reports back as being absolutely clean.
Apart from these 2 temp files being constantly created and then instantly deleted (continuously) and around 250 kbps of download speed being constantly hogged from my bandwidth (I assumed the data that's going into the temporary files), there seems to be no other ill effects. I presume this is because the main body of the virus is missing.

My way around it at the moment has been to deny access to the "SYSTEM" user for "C:\TEMP" and "C:\Documents and Settings\\Local\Temp", which seems to stop it in it's tracks completely.

The only problem with this solution is I have to change it back when running installs or setup PROGRAMS as they'll use the temp file folders and parts of them are run under the "SYSTEM" user profile account.

It would be nice to nail this sucker though so I can give SYSTEM temp file access again.

Any help would be greatly appreciated. Thanks for your time.There isn't half of a virus. The file/folder/process is either malicious or not.

We can't help to remove anything unless we actually see logs.

Let's start out by seeing a Hijackthis log and go from there.

Download HijackThis.exe

Double-click on the installer you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.
Upon install, HijackThis should open for you.

Next click on the "Do a system scan and save a log file" button.
HijackThis will scan and then a log will open in notepad.
Copy and then paste the log in your next reply.Look on the bright side...only 1/2 their data could be lost.

DCOMlaunch is a legitimate Windows service however unless you are networked to another machine i don't know what's causing it to launch so frequently...

Follow evilfantasy's suggestions as there may be something running/accessing it.