Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.EXE CPU DEAD !

Started by Luc , Apr 25 2005 08:08 AM

  • Please log in to reply

#1
Luc
Posted 25 April 2005 - 08:08 AM

Luc

    New Member

  • Member
  • Pip
  • 1 posts
:tazz: Hi everyone,

My computer is running very slow regularly for no reason. SVCHOST.EXE is taking the whole CPPU power! When I restart it 4-5 times this problem can stay and suddenly if I restart it it might disappear. I followed the whole procedure to detect viruses and troyans and could not detect any virus! This drives me really nuts. I need a brain as I am not very good in computers. Many thanks guys for your input!!

HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 02:35:49, on 22/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Luc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.n...sses/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112296981812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



PROCEXP LOG

Process PID CPU Description Company Name
System Idle Process 0
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
SMSS.EXE 436 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 908 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 940 Windows NT Logon Application Microsoft Corporation
SERVICES.EXE 984 Services and Controller app Microsoft Corporation
ATI2EVXX.EXE 1136
SVCHOST.EXE 1160 Generic Host Process for Win32 Services Microsoft Corporation
MSMSGS.EXE 3876 Windows Messenger Microsoft Corporation
SVCHOST.EXE 1232 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1272 94.12 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1344 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1460 Generic Host Process for Win32 Services Microsoft Corporation
ccSetMgr.exe 1816 Common Client Settings Manager Service Symantec Corporation
ccEvtMgr.exe 1888 Common Client Event Manager Service Symantec Corporation
SPOOLSV.EXE 228 Spooler SubSystem App Microsoft Corporation
MDM.EXE 356 Machine Debug Manager Microsoft Corporation
NAVAPSVC.EXE 388 Norton AntiVirus Auto-Protect Service Symantec Corporation
SAVScan.exe 540 Symantec AntiVirus Scanner Symantec Corporation
SYMLCSVC.EXE 600 Symantec Core Component Symantec Corporation
WDFMGR.EXE 660 Windows User Mode Driver Manager Microsoft Corporation
FXSSVC.EXE 768 Fax Service Microsoft Corporation
SymWSC.exe 852 Norton Security Center Service Symantec Corporation
ALG.EXE 904 Application Layer Gateway Service Microsoft Corporation
SVCHOST.EXE 2728 Generic Host Process for Win32 Services Microsoft Corporation
LSASS.EXE 996 LSA Shell (Export Version) Microsoft Corporation
EXPLORER.EXE 1900 Windows Explorer Microsoft Corporation
SOUNDMAN.EXE 1692 Realtek Sound Manager Realtek Semiconductor Corp.
AGRSMMSG.EXE 1700 SoftModem Messaging Applet Agere Systems
SynTPLpr.exe 1720 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 1732 Synaptics TouchPad Enhancements Synaptics, Inc.
JUSCHED.EXE 1740 Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc.
SHWICON.EXE 1800 shwicon MyComp
PCMService.exe 700 CyberLink PowerCinema Resident Program CyberLink Corp.
ATIPTAXX.EXE 1804 ATI Desktop Control Panel ATI Technologies, Inc.
CPLFL32.EXE 1580 MultiMedia Keyboard Dritek System Inc.
ccApp.exe 1584 Common Client User Session Symantec Corporation
CTFMON.EXE 1840 CTF Loader Microsoft Corporation
WCESCOMM.EXE 2056 ActiveSync Connection Manager Microsoft Corporation
Skype.exe 2092 Skype - Free Internet Telephony Skype Technologies S.A.
DrvMon.exe 2116 Drive Monitor Alcor Micro, Corp.
procexp.exe 4080 5.88 Sysinternals Process Explorer Sysinternals

Process: SVCHOST.EXE Pid: 1272

Type Name
Desktop \Default
Desktop \SADesktop
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\IPNAT
Event \BaseNamedObjects\SAConEvt
Event \BaseNamedObjects\DHCPNEWIPADDRESS
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\{AB64AE08-625F-40F8-917B-F19FF161167E}ShellHWDetection
Event \BaseNamedObjects\{AB64AE08-625F-40F8-917B-F19FF161167E}ShellHWDetection
Event \BaseNamedObjects\DINPUTWINMM
Event \BaseNamedObjects\PrefetchParametersChanged
Event \BaseNamedObjects\PrefetchOverrideIdle
Event \BaseNamedObjects\PrefetchProcessingComplete
Event \BaseNamedObjects\PrefetchTracesReady
Event \BaseNamedObjects\SAConEvt
Event \BaseNamedObjects\WkssvcToAgentStartEvent
Event \BaseNamedObjects\WkssvcToAgentStopEvent
Event \BaseNamedObjects\AgentToWkssvcEvent
Event \BaseNamedObjects\wkssvc: MUP finished initializing event
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\SRCounter
Event \BaseNamedObjects\SRStopEvent
Event \BaseNamedObjects\SRInitEvent
Event \BaseNamedObjects\SRIdleReqEvent
Event \BaseNamedObjects\SC_AutoStartComplete
Event \Security\TRKWKS_EVENT
Event \BaseNamedObjects\W32TIME_NAMED_EVENT_SYSTIME_NOT_CORRECT
Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
Event \BaseNamedObjects\SENS Started Event
Event \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WMI_SysEvent_LodCtr
Event \BaseNamedObjects\WMI_SysEvent_UnLodCtr
Event \BaseNamedObjects\WMI_RevAdap_Set
Event \BaseNamedObjects\WMI_RevAdap_ACK
Event \BaseNamedObjects\WMI_ProcessIdleTasksStart
Event \BaseNamedObjects\WMI_ProcessIdleTasksComplete
Event \LanmanServerAnnounceEvent
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\IPNAT
File \Device\IPNAT
File \Device\IPNAT
File \Device\Tcp
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
File \Device\NdisWan
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
File \Device\Tcp
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
File \Device\Afd\Endpoint
File \Device\Tcp
File \Device\NamedPipe\srvsvc
File \Device\Udp
File \Device\Ip
File C:\WINDOWS\Tasks\
File C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Ip
File \Device\NamedPipe\lsarpc
File \Device\Ip
File \Device\Ndisuio
File \Device\Ndisuio
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Afd\Endpoint
File \Device\IrDA
File \Device\IrDA
File \Device\Afd\Endpoint
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\SchedLgU.Txt
File \Device\KsecDD
File \Device\NamedPipe\atsvc
File \Device\NamedPipe\atsvc
File C:\WINDOWS\Tasks
File \Device\NamedPipe\keysvc
File \Device\LanmanDatagramReceiver
File \Device\LanmanRedirector
File \Device\NamedPipe\wkssvc
File \Device\NamedPipe\wkssvc
File \Device\NamedPipe\keysvc
File \Device\LanmanServer
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\PCHealth\HelpCtr\BATCH
File \Device\NamedPipe\PCHHangRepExecPipe
File \Device\NamedPipe\PCHFaultRepExecPipe
File \Device\NamedPipe\srvsvc
File \Device\NamedPipe\srvsvc
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\IrDA
File \Device\Afd\Endpoint
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \FileSystem\Filters\SystemRestore
File \Device\NamedPipe\trkwks
File \Device\NamedPipe\trkwks
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File \Device\NamedPipe\W32TIME
File \Device\NamedPipe\W32TIME
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\system32\wbem\mof
File C:\WINDOWS\WindowsUpdate.log
File \Device\NamedPipe\EVENTLOG
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File \Device\IPNAT
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File \Device\Afd\Endpoint
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File C:\WINDOWS\WindowsUpdate.log
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Udp
File C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
File C:\WINDOWS\system32\
File \Device\NamedPipe\net\NtControlPipe5
File C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
File C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
File \Device\NamedPipe\wkssvc
File \Device\Udp
File \Device\NamedPipe\Winsock2\CatalogChangeListener-4f8-0
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Tcp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\NdisTapi
File \Device\NdisTapi
File \Device\NDProxy
File \Device\NDProxy
File C:\WINDOWS\system32\\h323log.txt
File C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
File C:\WINDOWS\system32\es.dll
File C:\WINDOWS\system32\stdole2.tlb
Job \BaseNamedObjects\WmiProviderSubSystemHostJob
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4C1B0D5E-E526-4574-B6FD-21AAD22AA968}\Connection
Key HKLM\SOFTWARE\Microsoft\Tracing\NETMAN
Key HKLM\SYSTEM\ControlSet001\Control\Network\Connections
Key HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{13D7BF74-2A3E-4063-BDF9-324E4ABF11DA}\Connection
Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache
Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Tracing\RASTAPI
Key HKLM\SOFTWARE\Microsoft\Tracing\tapi32
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SOFTWARE\Microsoft\Tracing\RASDLG
Key HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4C1B0D5E-E526-4574-B6FD-21AAD22AA968}\Connection
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options
Key HKLM\SYSTEM\ControlSet001\Services
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters
Key HKLM
Key HKLM\SOFTWARE\Microsoft\Tracing\WZCTrace
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Key HKLM\SOFTWARE\Microsoft\Tracing\EAPOL
Key HKU\.DEFAULT
Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM\SOFTWARE\Microsoft\Tracing\RASTLS
Key HKLM\SOFTWARE\Microsoft\Tracing\RASCHAP
Key HKLM\SOFTWARE\Microsoft\Tracing\Wlpolicy
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKU
Key HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\parameters
Key HKCR
Key HKLM\SOFTWARE\Policies
Key HKCR
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Control\Terminal Server
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Tracing\tapisrv
Key HKCR
Key HKLM\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Services\lanmanserver\parameters
Key HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch
Key HKLM\SOFTWARE\Microsoft\Tracing\IPNATHLP
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses
Key HKLM\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions
Key HKCR
Key HKCR
Key HKCR
Key HKLM\SYSTEM\Setup
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{794E7E22-BC60-4FBC-85C9-89470B58B5B0}\Connection
Key HKLM\SYSTEM\ControlSet001\Control\Lsa\Audit
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
Key HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\Sus
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKCR
Key HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Key HKCR
Key HKCR
Key HKCR
Key HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Key HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
Key HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch
Key HKLM\SOFTWARE\Microsoft\Security Center
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Key HKLM\SOFTWARE\Microsoft\Tracing\KMDDSP
Key HKLM\SOFTWARE\Microsoft\Tracing\NDPTSP
Key HKLM\SOFTWARE\Microsoft\Tracing\conftsp
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\H323TSP
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000
Key HKCR
Key HKCR
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\SAScaConMut
Mutant \BaseNamedObjects\RasPbFile
Mutant \BaseNamedObjects\SHIMLIB_LOG_MUTEX
Mutant \BaseNamedObjects\RasPbFile
Mutant \BaseNamedObjects\0CADFD67AF62496dB34264F000F5624A
Mutant \BaseNamedObjects\4FCC0DEFE22C4f138FB9D5AF25FD9398
Mutant \BaseNamedObjects\238FAD3109D3473aB4764B20B3731840
Mutant \BaseNamedObjects\SRDataStore
Mutant \BaseNamedObjects\SRDataStore
Mutant \BaseNamedObjects\WindowsUpdateTracingMutex
Mutant \BaseNamedObjects\DBWinMutex
Port \RPC Control\dhcpcsvc
Port \RPC Control\wzcsvc
Port \RPC Control\OLEDD405D27118E4636AA550F150F31
Port \RPC Control\AudioSrv
Port \RPC Control\keysvc
Port \XactSrvLpcPort
Port \RPC Control\SECLOGON
Port \RPC Control\srrpc
Port \RPC Control\tapsrvlpc
Port \RPC Control\trkwks
Port \RPC Control\senssvc
Port \FusApiPort
Port \RPC Control\unimdmsvc
Port \ThemeApiPort
Process WCESCOMM.EXE(2056)
Process WINLOGON.EXE(940)
Process WCESCOMM.EXE(2056)
Process WINLOGON.EXE(940)
Process SVCHOST.EXE(1272)
Process WINLOGON.EXE(940)
Process SOUNDMAN.EXE(1692)
Process SynTPLpr.exe(1720)
Process AGRSMMSG.EXE(1700)
Process SynTPEnh.exe(1732)
Process JUSCHED.EXE(1740)
Process SHWICON.EXE(1800)
Process ATIPTAXX.EXE(1804)
Process ccApp.exe(1584)
Process CTFMON.EXE(1840)
Process DrvMon.exe(2116)
Process PCMService.exe(700)
Process LSASS.EXE(996)
Process WINLOGON.EXE(940)
Process ATI2EVXX.EXE(1136)
Process SVCHOST.EXE(1272)
Process EXPLORER.EXE(1900)
Process procexp.exe(4080)
Process CPLFL32.EXE(1580)
Process MSMSGS.EXE(3876)
Process FXSSVC.EXE(768)
Process SVCHOST.EXE(1272)
Process EXPLORER.EXE(1900)
Process Skype.exe(2092)
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\Irmon-shared-memory
Section \BaseNamedObjects\__R_000000000008_SMem__
Section \BaseNamedObjects\mmGlobalPnpInfo
Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_4f8
Section \BaseNamedObjects\SENS Information Cache
Section \BaseNamedObjects\RotHintTable
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_4f8
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\PowerProfileRegistrySemaphore
Thread SVCHOST.EXE(1272): 1288
Thread SVCHOST.EXE(1272): 2588
Thread SVCHOST.EXE(1272): 1104
Thread SVCHOST.EXE(1272): 1688
Thread SVCHOST.EXE(1272): 2784
Thread SVCHOST.EXE(1272): 224
Thread SVCHOST.EXE(1272): 756
Thread SVCHOST.EXE(1272): 1184
Thread SVCHOST.EXE(1272): 1184
Thread SVCHOST.EXE(1272): 1716
Thread SVCHOST.EXE(1272): 1288
Thread SVCHOST.EXE(1272): 1320
Thread SVCHOST.EXE(1272): 168
Thread SVCHOST.EXE(1272): 2796
Thread SVCHOST.EXE(1272): 1644
Thread SVCHOST.EXE(1272): 1288
Thread SVCHOST.EXE(1272): 896
Thread SVCHOST.EXE(1272): 2892
Thread SVCHOST.EXE(1272): 1784
Thread SVCHOST.EXE(1272): 3884
Thread SVCHOST.EXE(1272): 2720
Thread SVCHOST.EXE(1272): 3604
Thread SVCHOST.EXE(1272): 652
Thread SVCHOST.EXE(1272): 2720
Thread SVCHOST.EXE(1272): 1396
Thread SVCHOST.EXE(1272): 1304
Thread SVCHOST.EXE(1272): 1304
Thread SVCHOST.EXE(1272): 1356
Thread SVCHOST.EXE(1272): 508
Thread SVCHOST.EXE(1272): 1516
Thread SVCHOST.EXE(1272): 1608
Thread SVCHOST.EXE(1272): 1516
Thread SVCHOST.EXE(1272): 1752
Thread SVCHOST.EXE(1272): 160
Thread SVCHOST.EXE(1272): 160
Thread SVCHOST.EXE(1272): 184
Thread SVCHOST.EXE(1272): 184
Thread SVCHOST.EXE(1272): 192
Thread SVCHOST.EXE(1272): 616
Thread SVCHOST.EXE(1272): 204
Thread SVCHOST.EXE(1272): 212
Thread SVCHOST.EXE(1272): 216
Thread SVCHOST.EXE(1272): 216
Thread SVCHOST.EXE(1272): 220
Thread SVCHOST.EXE(1272): 220
Thread SVCHOST.EXE(1272): 200
Thread SVCHOST.EXE(1272): 224
Thread SVCHOST.EXE(1272): 272
Thread SVCHOST.EXE(1272): 364
Thread SVCHOST.EXE(1272): 352
Thread SVCHOST.EXE(1272): 348
Thread SVCHOST.EXE(1272): 324
Thread SVCHOST.EXE(1272): 652
Thread SVCHOST.EXE(1272): 204
Thread SVCHOST.EXE(1272): 584
Thread SVCHOST.EXE(1272): 1784
Thread SVCHOST.EXE(1272): 712
Thread SVCHOST.EXE(1272): 720
Thread SVCHOST.EXE(1272): 724
Thread SVCHOST.EXE(1272): 272
Thread SVCHOST.EXE(1272): 772
Thread SVCHOST.EXE(1272): 776
Thread SVCHOST.EXE(1272): 752
Thread SVCHOST.EXE(1272): 464
Thread SVCHOST.EXE(1272): 776
Thread SVCHOST.EXE(1272): 752
Thread SVCHOST.EXE(1272): 3884
Thread SVCHOST.EXE(1272): 896
Thread SVCHOST.EXE(1272): 900
Thread SVCHOST.EXE(1272): 856
Thread SVCHOST.EXE(1272): 856
Thread SVCHOST.EXE(1272): 856
Thread SVCHOST.EXE(1272): 756
Thread SVCHOST.EXE(1272): 756
Thread SVCHOST.EXE(1272): 756
Thread SVCHOST.EXE(1272): 1276
Thread SVCHOST.EXE(1272): 1412
Thread SVCHOST.EXE(1272): 1396
Thread SVCHOST.EXE(1272): 1420
Thread SVCHOST.EXE(1272): 1656
Thread SVCHOST.EXE(1272): 1856
Thread SVCHOST.EXE(1272): 1444
Thread SVCHOST.EXE(1272): 1496
Thread SVCHOST.EXE(1272): 1312
Thread SVCHOST.EXE(1272): 1028
Thread SVCHOST.EXE(1272): 1496
Thread SVCHOST.EXE(1272): 1028
Thread SVCHOST.EXE(1272): 456
Thread SVCHOST.EXE(1272): 644
Thread EXPLORER.EXE(1900): 1948
Thread SVCHOST.EXE(1272): 456
Thread SVCHOST.EXE(1272): 1784
Thread SVCHOST.EXE(1272): 1636
Thread SVCHOST.EXE(1272): 1644
Thread SVCHOST.EXE(1272): 1636
Thread SVCHOST.EXE(1272): 1652
Thread SVCHOST.EXE(1272): 1656
Thread SVCHOST.EXE(1272): 1668
Thread SVCHOST.EXE(1272): 1284
Thread SVCHOST.EXE(1272): 1672
Thread SVCHOST.EXE(1272): 1676
Thread SVCHOST.EXE(1272): 1680
Thread SVCHOST.EXE(1272): 1680
Thread SVCHOST.EXE(1272): 3884
Thread SVCHOST.EXE(1272): 1688
Thread SVCHOST.EXE(1272): 1280
Thread SVCHOST.EXE(1272): 2320
Thread SVCHOST.EXE(1272): 1772
Token ACER-D137MZMHOW\Luc
Token NT AUTHORITY\LOCAL SERVICE
Token NT AUTHORITY\NETWORK SERVICE
Token ACER-D137MZMHOW\Luc
Token ACER-D137MZMHOW\Luc
Token ACER-D137MZMHOW\Luc
Token NT AUTHORITY\SYSTEM
Token ACER-D137MZMHOW\Luc
Token ACER-D137MZMHOW\Luc
Token NT AUTHORITY\SYSTEM
Token ACER-D137MZMHOW\Luc
Token ACER-D137MZMHOW\Luc
Token NT AUTHORITY\SYSTEM
Token NT AUTHORITY\SYSTEM
Token ACER-D137MZMHOW\Luc
WaitablePort \NLAPrivatePort
WaitablePort \Security\TRKWKS_PORT
WaitablePort \NLAPublicPort
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\SAWinSta
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP