Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

svchost.exe consumes CPU, Memory and makes many IP connects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

svchost.exe consumes CPU, Memory and makes many IP connects

Unread postby lithiumus » September 4th, 2011, 11:36 pm

svchost.exe started consuming CPU, memory. I kill the process but it comes back. I must have gotten some kind of malware as Symantec detected trojans but reported that it deleted them. Tried removing it but I can seem to tell what is the root of it. Process explorer shows the svchost.exe process making many many outbound internet connections. If I disable internet access, svchost.exe seems to stay within control.

DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Run by admin at 22:42:28 on 2011-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1149 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Co.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient_2.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SKDaemon.exe] c:\program files\lenovo\productivity keyboard\SKDaemon.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 1000 (0x3e8)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 5882189549
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 206.248.154.22 206.248.154.170
TCP: Interfaces\{5C51E215-53FC-4CED-B653-FFA009BAA27D} : NameServer = 8.8.8.8
TCP: Interfaces\{5C51E215-53FC-4CED-B653-FFA009BAA27D} : DhcpNameServer = 206.248.154.22 206.248.154.170
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin.home\application data\mozilla\firefox\profiles\kuuoejwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.formula1.com/
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Exif Viewer: exif_viewer@mozilla.doslash.org - %profile%\extensions\exif_viewer@mozilla.doslash.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {0EEF4671-F2BB-4214-AC31-1106FF69D8DD} - c:\documents and settings\admin.home\local settings\application data\{0EEF4671-F2BB-4214-AC31-1106FF69D8DD}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-2-19 89728]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2009-5-25 14416]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-3-31 66816]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-20 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-8 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110824.003\naveng.sys [2011-8-25 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110824.003\navex15.sys [2011-8-25 1576312]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-9 11520]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\droster\firebird\bin\fbguard.exe -s --> c:\program files\droster\firebird\bin\fbguard.exe -s [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 SOFTLOK;SOFTLOK; [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\atswpwdf.sys --> c:\windows\system32\drivers\ATSwpWDF.sys [?]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2010-5-1 17976]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\droster\firebird\bin\fbserver.exe -s --> c:\program files\droster\firebird\bin\fbserver.exe -s [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2009-5-25 44344]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2009-12-27 39704]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2010-3-5 242176]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-3-25 3622912]
.
=============== Created Last 30 ================
.
2011-08-25 16:38:52 -------- d-----w- C:\AVLog
2011-08-11 19:00:48 65536 --sha-r- c:\windows\system32\comuidh.dll
2011-08-11 18:12:02 0 ----a-w- c:\windows\Mcujewisucejalaf.bin
2011-08-11 18:12:01 -------- d-----w- c:\documents and settings\admin.home\local settings\application data\{0EEF4671-F2BB-4214-AC31-1106FF69D8DD}
2011-08-11 18:10:41 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2011-07-25 16:40:56 4766000 ----a-w- c:\windows\system32\procexp.exe
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-14 16:30:54 72080 ----a-w- c:\documents and settings\admin.home\g2mdlhlpx.exe
.
============= FINISH: 22:44:30.00 ===============


Attach.txt log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-03-23 6:02:59 PM
System Uptime: 2011-09-03 6:47:29 PM (28 hours ago)
.
Motherboard: LENOVO | | 224235U
Processor: Intel Pentium III Xeon processor | None | 2261/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 116.828 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 931 GiB total, 349.041 GiB free.
G: is CDROM (UDF)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
ACDSee Classic
Active@ Partition Recovery Enterprise
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
ALLDATA Repair
ArcSoft TotalMedia Theatre 3
ASIO4ALL
Audacity 1.2.6
AviSynth 2.5
CDisplay 1.8
Cisco Systems VPN Client 4.8.00.0440
Conexant 20561 SmartAudio HD
CutePDF Writer 2.6
dBpoweramp DirectShow Decoder
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
Electronic Parts Catalogue
EPSON Printer Software
Foxit Reader
Google Update Helper
Gpg4win (2.0.2rc2)
GuitarFX 3
Home Designer Suite 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD
IsoBuster 2.4
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Harmony Remote Software 7
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.1.1800
MediaInfo 0.7.12
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2008 Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments Guitar Rig Mobile IO Driver
Native Instruments Guitar Rig Session IO Driver
Native Instruments Rig Kontrol 3 Driver
Native Instruments Service Center
Nero 8
neroxml
PhotoScape
PL-2303 USB-to-Serial
PTDD Super Fdisk 1.0
QuickPar 0.9
QuickTime
Remote Control USB Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SurCode DVD-DTS
Symantec AntiVirus
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Enhanced Performance Keyboard Software
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
XviD4PSP 5.0
.
==== Event Viewer Messages From Past Week ========
.
2011-09-04 9:10:57 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
2011-09-04 9:10:57 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
2011-09-04 9:10:57 PM, error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
2011-09-03 8:50:10 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126ADB-2166-11D1-B1D0-00805FC1270E}
2011-09-03 6:49:12 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
2011-09-02 9:26:34 PM, error: Service Control Manager [7034] - The Firebird Guardian - DefaultInstance service terminated unexpectedly. It has done this 1 time(s).
2011-09-02 9:26:34 PM, error: Service Control Manager [7000] - The SOFTLOK service failed to start due to the following error: The system cannot find the file specified.
2011-09-02 9:26:01 PM, error: NETLOGON [5719] - No Domain Controller is available for domain HOME due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2011-09-02 11:28:08 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2011-09-02 10:30:06 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
2011-09-02 10:14:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
2011-08-28 8:59:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-08-28 8:59:17 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2011-08-28 8:46:37 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
lithiumus
Active Member
 
Posts: 12
Joined: December 8th, 2009, 8:57 am
Advertisement
Register to Remove

Re: svchost.exe consumes CPU, Memory and makes many IP conne

Unread postby deltalima » September 5th, 2011, 3:13 am

Hi lithiumus,

This looks like a computer used for business, please confirm.

If not then please let me know what Cisco VPN client is used for.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: svchost.exe consumes CPU, Memory and makes many IP conne

Unread postby lithiumus » September 5th, 2011, 10:04 am

I've had Cisco VPN Client installed on my home laptop for the rare occasion that work needed me to connect. Since then, I've got a dedicated work laptop which is where I'm posting from and I never use my home computer for any work. I just never got around to uninstalling Cisco VPN. I can uninstall it no problem if you'd like. I have no need for it.
lithiumus
Active Member
 
Posts: 12
Joined: December 8th, 2009, 8:57 am

Re: svchost.exe consumes CPU, Memory and makes many IP conne

Unread postby deltalima » September 5th, 2011, 10:41 am

Hi lithiumus,

I've had Cisco VPN Client installed on my home laptop for the rare occasion that work needed me to connect.


Upon further examination of the logs I see

No Domain Controller is available for domain HOME due to the following: There are currently no logon servers available to service the logon request.


Even though this is a home computer it is a member of a domain and so is classed as a business computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 96 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware