TechSpot

C\windows\system32\svchost virus-computer coming on at night

By lauyr1
Jul 29, 2010
  1. At night, I close my laptop and my computer goes into sleep mode. For the past several nights, when I get up in the mornings, my computer is on,i.e., fans running, etc and getting hot from being on.

    I also had a few instances where AVG (free version) had found a threat and removed it. I ran Malware bytes and deleted some files through that and also super anti spyware. This morning, AVG had discovered a threat in c\windows\system32\svchost.exe. It looks like it was a dll file that had "illinate" in the file name. I tried to go back to AVG to find it and there is nothing in the virus vault. I ran 'hijack this' this morning and have attached the log file. I am still thinking there is a virus lurking in the background, but I am no expert at reading the log files. I feel sure my computer will be "running" again in the morning even though I am leaving it off at night. Any help/insight would be greatly appreciated!

    I am running windows xp, sp3, AVG free virus software.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We don't 'screen' for malware with HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Edit: Please remove the HijackThis program. It is an outdated version. I will have you run HJT again, later in the cleaning, but will give a link for the current version.
     
  3. lauyr1

    lauyr1 TS Rookie Topic Starter

    Hey there:

    Took my awhile to run everything. I was not able to run GMER in normal mode (tried both ways). I ran it in safe mode but was not able to save the log file. I could not get to the save button as I could in normal mode. Would it be automatically saved anywhere else? The other files are attached below: Again, thanks so much for your help!

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4366

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/29/2010 10:28:07 AM
    mbam-log-2010-07-29 (10-28-07).txt

    Scan type: Quick scan
    Objects scanned: 166220
    Time elapsed: 9 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by xxxxxxxxx at 21:17:00.53 on Thu 07/29/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.215 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\stacsv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/27/2006 8:37:45 PM
    System Uptime: 7/29/2010 9:09:00 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0RT486
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 105 GiB total, 72.545 GiB free.
    D: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Trend Micro Common Firewall Miniport
    Device ID: ROOT\TM_CFWMP\0001
    Manufacturer: Trend Micro
    Name: Trend Micro Common Firewall Miniport #2
    PNP Device ID: ROOT\TM_CFWMP\0001
    Service: tmcfw

    ==== System Restore Points ===================

    RP78: 5/2/2010 6:09:32 PM - System Checkpoint
    RP79: 5/5/2010 6:26:50 PM - System Checkpoint
    RP80: 5/6/2010 8:44:25 AM - Avg Update
    RP81: 5/7/2010 3:20:17 PM - System Checkpoint

    Edit: Member name deleted from log by request.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have only give us part of each of the 2 DDS logs. Both DDS.ext and Attach.txt have more information.

    For the GMER log:
    When scan is completed, click Save button, and save the results as gmer.log<-- search your system

    DDS.txt <-- search your system
    Attach.txt <-- search your system
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Member requests name be remove from log. Done.

    Do you plan on continuing?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...