[Closed] SVCHOST uses lots of CPU - laptop

Status
Not open for further replies.
Hi,
Almost every day i have this problem which, unless i manually terminate the svchost process, it stays until i shutdown my laptop. The svchost proccess that causes this problem is used by the following services :

- service id: 3392 : Windows Font Cache Service --- (in Task Manager) this one is pointed out on services tab when , on processes tab, i right click on the svchost process ("go to services") which is using 50% or more of my cpu

- service: SSDP Discovery

- service: UPnP Device Host

I noticed that whenever this process starts, the System Idle Process dissapears from Process Tab.
Apart from the fact that this is slowing my computer, it makes my fan to be very noisy even though i have it on passive.

I saved a log of this with ProcessExplorer which i'l post here.
I also followed the 5 step method to check for malware and i'l post those logs here.

*************** The Procexp.txt log file ****************
----------------------------------------------------------------------


Process PID CPU Private Bytes Working Set Description Company Name Command Line
svchost.exe 3392 55.94 4.512 K 30.720 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
System Idle Process 0 30.67 0 K 24 K
procexp.exe 152 4.29 14.872 K 33.416 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Kheops\Downloads\microsoft\ProcessExplorer\procexp.exe"
Interrupts n/a 3.74 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 2024 1.47 24.856 K 27.940 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
iexplore.exe 5488 0.89 71.716 K 95.328 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5236 CREDAT:145410
System 4 0.84 48 K 1.020 K
YahooMessenger.exe 2728 0.78 75.844 K 23.040 K Yahoo! Messenger Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
taskmgr.exe 5160 0.28 2.236 K 8.748 K Windows Task Manager Microsoft Corporation taskmgr.exe /3
oracle.exe 1336 0.25 715.648 K 282.504 K Oracle RDBMS Kernel Executable Oracle Corporation c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE
csrss.exe 572 0.19 1.684 K 5.548 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
explorer.exe 704 0.14 46.172 K 57.892 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
svchost.exe 936 0.13 54.184 K 60.112 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
iexplore.exe 5276 0.08 46.256 K 70.196 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5236 CREDAT:145409
ekrn.exe 512 0.08 67.288 K 72.252 K ESET Service ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
egui.exe 2096 0.05 2.348 K 8.704 K ESET GUI ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
iexplore.exe 5236 0.04 7.288 K 19.828 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
svchost.exe 844 0.04 3.576 K 6.568 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
taskhost.exe 1956 0.02 2.504 K 6.208 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
SearchIndexer.exe 3348 0.02 23.152 K 12.328 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
daemonu.exe 3672 0.01 1.808 K 5.096 K NVIDIA Settings Update Manager NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
svchost.exe 1596 0.01 9.772 K 12.444 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1176 0.01 4.812 K 8.200 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 976 < 0.01 20.472 K 33.352 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
sidebar.exe 2128 < 0.01 16.912 K 38.312 K Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
svchost.exe 1312 < 0.01 12.604 K 13.168 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
YahooMessenger.exe 1924 < 0.01 22.380 K 11.060 K Yahoo! Messenger Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" /CookieProxy
lsass.exe 632 < 0.01 3.076 K 7.752 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
svchost.exe 2152 < 0.01 69.148 K 23.200 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
nvvsvc.exe 1476 < 0.01 2.976 K 8.644 K NVIDIA Driver Helper Service, Version 280.26 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe -session -first
YahooAUService.exe 2596 1.748 K 5.888 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
wmpnetwk.exe 2648 2.924 K 2.344 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
WmiPrvSE.exe 3788 1.980 K 4.644 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 3048 5.140 K 9.180 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
winlogon.exe 1132 1.736 K 4.972 K Windows Logon Application Microsoft Corporation winlogon.exe
wininit.exe 560 968 K 3.428 K Windows Start-Up Application Microsoft Corporation wininit.exe
TNSLSNR.EXE 2468 35.500 K 37.488 K Oracle TNSLSNR Executable Oracle Corporation C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
svchost.exe 904 14.432 K 14.728 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 740 2.948 K 7.280 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 2516 1.100 K 4.148 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
spoolsv.exe 1568 5.600 K 9.848 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
smss.exe 324 292 K 828 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
services.exe 608 4.332 K 7.184 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
RtHDVCpl.exe 1856 7.548 K 8.488 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
PLFSetI.exe 1028 1.596 K 6.032 K DefaultSettingEXE MFC Application "C:\Windows\PLFSetI.exe"
nvxdsync.exe 1464 3.628 K 10.552 K NVIDIA User Experience Driver Component NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
nvvsvc.exe 800 1.624 K 5.156 K NVIDIA Driver Helper Service, Version 280.26 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
nvtray.exe 2332 4.060 K 8.448 K NVIDIA Settings NVIDIA Corporation "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
lsm.exe 640 1.308 K 3.132 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
jusched.exe 2116 860 K 3.532 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
IAANTmon.exe 2656 1.664 K 5.112 K RAID Monitor Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
IAAnotif.exe 1040 1.808 K 5.780 K Event Monitor User Notification Tool Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
DTLite.exe 2172 3.140 K 10.308 K DAEMON Tools Lite DT Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
dllhost.exe 4784 1.184 K 4.032 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
csrss.exe 496 1.588 K 3.760 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
armsvc.exe 2000 824 K 3.008 K Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
alg.exe 3324 796 K 3.220 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
agrsmsvc.exe 296 580 K 2.076 K LSI Soft Modem Call Progress Service LSI Corporation "C:\Program Files\LSI SoftModem\agrsmsvc.exe"


--------------------------------------------------------------------


******** The Malwarebytes Anti-Malware log ********

--------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8206

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

21.11.2011 11:57:39
mbam-log-2011-11-21 (11-57-39).txt

Scan type: Quick scan
Objects scanned: 181474
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------

************* The GMER log *****************

------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-21 12:02:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: osuj30mg.exe; Driver: C:\Users\Kheops\AppData\Local\Temp\kxdiipoc.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [8B67B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B67B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B67B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\awxfb0x3 \Device\Scsi\awxfb0x31Port5Path0Target0Lun0 874051F8
Device \Driver\awxfb0x3 \Device\Scsi\awxfb0x31 874051F8
Device \Driver\JMCR \Device\Scsi\JMCR1 870F1500
Device \Driver\JMCR \Device\Scsi\JMCR2 870F1500
Device \Driver\JMCR \Device\Scsi\JMCR3 870F1500
Device \Driver\JMCR \Device\Scsi\JMCR4 870F1500
Device \FileSystem\Ntfs \Ntfs 862451F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

---------------------------------------------------------

*************** Both DDS logs **************

*************** DDS.txt *******************

--------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Kheops at 12:12:20 on 2011-11-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3067.1500 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\Explorer.EXE
c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.ro
uStart Page = hxxp://www.google.ro/
uSearch Bar = hxxp://www.google.ro
mStart Page = about:blank
mSearch Page = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{A11BA794-2A0C-4117-B84C-160DBAD6B6EC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A11BA794-2A0C-4117-B84C-160DBAD6B6EC}\2657C616 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{A11BA794-2A0C-4117-B84C-160DBAD6B6EC}\C4566756C6F4E656 : DhcpNameServer = 192.168.0.1 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-11 95896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-26 2255464]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-18 119256]
R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\drivers\nuvotoncir.sys [2009-6-24 44544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-8-26 139368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-9 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-9 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-29 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-29 1343400]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\extjob.exe XE [?]
.
=============== Created Last 30 ================
.
2011-11-21 09:49:17 -------- d-----w- c:\users\kheops\appdata\roaming\Malwarebytes
2011-11-21 09:49:13 -------- d-----w- c:\programdata\Malwarebytes
2011-11-21 09:49:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 09:49:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 08:47:46 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6bdaad13-fc3a-4a26-bb55-29f7334fa288}\offreg.dll
2011-11-20 19:28:23 -------- d-----w- c:\program files\SpeedFan
2011-11-08 19:26:30 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6bdaad13-fc3a-4a26-bb55-29f7334fa288}\mpengine.dll
2011-11-08 19:25:50 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 19:25:42 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 19:25:40 2341888 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-11-20 15:57:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 13:37:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-25 13:37:11 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-23 23:20:29 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-23 10:15:45 22328 ----a-w- c:\users\kheops\appdata\roaming\PnkBstrK.sys
2011-09-23 10:08:12 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-23 10:04:59 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-09-15 20:07:13 75938 ----a-w- c:\windows\system32\Uninstall-TvPlugin-5.4
2011-09-10 15:12:48 821463 ----a-w- c:\programdata\bdinstall.bin
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-29 10:41:57 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-08-29 10:41:57 13824 ----a-w- c:\windows\system32\slwga.dll
2011-08-29 10:41:56 811520 ----a-w- c:\windows\system32\user32.dll
2011-08-28 22:59:35 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 12:12:37,47 ===============


------------------------------------------------------------

***************** Attach.txt *******************

------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 13.04.2011 04:58:30
System Uptime: 21.11.2011 10:48:56 (2 hours ago)
.
Motherboard: Acer, Inc. | | Mammoth
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | U2E1 | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 47 GiB total, 9,958 GiB free.
D: is FIXED (NTFS) - 107 GiB total, 6,055 GiB free.
E: is FIXED (NTFS) - 107 GiB total, 6,465 GiB free.
F: is FIXED (NTFS) - 36 GiB total, 26,398 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&100E5E0B&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&100E5E0B&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP124: 17.11.2011 14:13:05 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Astroburn Lite
µTorrent
BS.Player PRO
Compatibility Pack for the 2007 Office system
Debugging Tools for Windows (x86)
EasyBCD 2.0
ESET NOD32 Antivirus
Game Booster 3
Google Earth
Google Update Helper
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 29
JMicron Flash Media Controller Driver
K-Lite Codec Pack 7.1.0 (Full)
KeyTweak - Keyboard Remapper (remove only)
LSI HDA Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
Maple 12
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Need For Speed Hot Pursuit 2
nLite 1.4.9.1
Notepad++
Nuvoton CIR Device Driver
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 280.19
NVIDIA Control Panel 280.26
NVIDIA Graphics Driver 280.26
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.4.28
NVIDIA Update Components
Oracle Database 11g Express Edition
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Toolbars
Skype™ 5.3
SopCast Tv Plugin 5.4 Setup
SpeedFan (remove only)
SQL Server System CLR Types
System Requirements Lab
TimeShift
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VLC media player 1.1.11
Winamp
Winamp Detector Plug-in
Windows 7 USB/DVD Download Tool
WinRAR archiver
World of Warcraft
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
21.11.2011 11:15:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
21.11.2011 10:46:07, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
21.11.2011 10:45:46, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
18.11.2011 01:41:57, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
18.11.2011 01:41:56, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
18.11.2011 01:41:56, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
18.11.2011 01:41:56, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
16.11.2011 20:32:26, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================



Thank you in advance.
 
Welcome to TechSpot! I'll be glad to check the logs for malware. Your problems may or may not be related to malware. I won't be troubleshooting the additional information you left-unless it's directly related,

The errors in the Event Viewer suggest either you don't have enough RAM installed or that the Virtual Memory needs adjustment.
21.11.2011 11:15:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

It also appears that attempt to activate Windows has failed:
21.11.2011 10:46:07, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

What is Slui.exe
Windows Activation Client - Microsoft® Windows® Operating System - Microsoft Corporation


The system shows Install Date: 13.04.2011 04:58:30
The only updates showing are for the MS NET Framework.
There is no WGA entry.
Has that system ever been validated/activated?

Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
Status
Not open for further replies.
Back