Major lag spikes with svchost

[usasma]

A search for ssdpsrv.exe revealed a lot of posts about WinME - but I can't find it on my Win7 system!
The rest of the services seem to relate to networking - so I'd figure that that's where the troubleshooting efforts should be focused.

Gotta run, headed out to dinner!

 

[Cl0ttERS]

So - what's the next step? Is there one?

 

[usasma]

First, figure out what program that ssdpsrv.exe belongs to.

FWIW - I did find it here: http://www.blackviper.com/windows-services/ssdp-discovery/
Gotta wonder why it's not present on my Win7 system.
And, if it's set on Manual (as is the default) what is calling on it to make it start?

Check the threads that it's using. You can use Process Explorer for this (free here: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx )

Try disabling the SSDP Discovery service and see if that stops the lag (and note anything that it may disable) - if so, then that's the area that you've gotta concentrate on.
Try looking for any UPnP devices (that you have) that may require this service.

 

[Cl0ttERS]

I had already set it to manual, but it had started as you said, and this service was depended on by the UPnP device host service

 

[Cl0ttERS]

...and no, it wasn't ssdp discovery that was causing the lag spike :)
Could it possibly be an ip assignment that is causing the problem? Gonna try a static local IP address

 

[usasma]

A couple of suggestions from 2xg:

- have you updated your network drivers from the network card chipset manufacturer's site? (eg - Realtek, Atheros, etc)
- have you scanned for infections (to rule out programs that may have snuck by your current protection)?
- Does this problem occur if you do a clean boot? Here's how to clean boot:
http://support.microsoft.com/kb/331796
http://support.microsoft.com/kb/929135

- Maybe try system restore if you have a point that far back.
- a clean install or a restore from a backup image that was healthy.

 

[Cl0ttERS]

I'll run ComboFix at some point to check if anything dodgy resides on my system, and drivers are certainly updated. I'll also check up on what a clean boot does for me

 

[Corrine]

Hi, Cl0ttERS. Although I understand from following your posts that you are knowledgeable, please do NOT run ComboFix until we've had a chance to see preliminary logs. Members of the security community have access to information regarding ComboFix which is not available to the general public. As stated by sUBs, the creator of ComboFix here and elsewhere:

I made ComboFix but there's a valid reason why we don't ask you to run ComboFix from the onset. ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop. So, we ask user to first run preliminary non-invasive scans like DDS & Gmer, to bring back some logs. With this logs we can determine the infections present & decide whether to deploy ComboFix.

So we can check your computer for anything "dodgy", please download DDS.scr by sUBs and save it to your desktop: Link

• Double-Click dds.scr and a command window will appear. This is normal.
• Shortly after two logs will appear, DDS.txt and Attach.txt.
• A window will open instructing you save & post the logs.
• Save the logs to a convenient place such as your desktop.
• Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.

 

[Cl0ttERS]

Yeah I do know how powerful ComboFix is, but I guess I didn't think about just how powerful

 

[Cl0ttERS]

View attachment Attach.txtView attachment DDS.txt

thanks

Log pasted by Corrine:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by SacredSkull at 18:35:28 on 2012-06-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4716 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Sizer\sizer.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
uRun: [Google Update] "C:\Users\SacredSkull\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [AdobeBridge]
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe /S
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [ASUS Sync Loader] "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\SACRED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\mIRC.lnk - C:\Program Files (x86)\mIRC\mirc.exe
StartupFolder: C:\Users\SACRED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MorphVOX.lnk - C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Sizer.lnk - C:\Program Files (x86)\Sizer\sizer.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{156A2E08-5CEC-46B3-83E8-615D57CD416B} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{33306C0C-E2D5-44DD-AD7B-D90DE4CE8D65} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB040866-97CF-4F48-B6E1-7DE5C87FBB4B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB040866-97CF-4F48-B6E1-7DE5C87FBB4B}\F42377962756C6563737134483331413 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B464A64F-6868-46CC-A86E-6D56649C4327} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DDF890E8-5AD5-48F2-ADE9-353290871C26} : NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe /S
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [ASUS Sync Loader] "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SacredSkull\AppData\Roaming\Mozilla\Firefox\Profiles\raabpi1f.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\SacredSkull\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\SacredSkull\AppData\Roaming\Mozilla\Firefox\Profiles\raabpi1f.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\system32\DRIVERS\amdide64.sys --> C:\Windows\system32\DRIVERS\amdide64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-3-30 96896]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2012-5-31 160768]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-3-19 2666880]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EvoKbFilter;Evolve Keyboard Filter Driver;\??\C:\Windows\system32\Drivers\EvoKbFilter.sys --> C:\Windows\system32\Drivers\EvoKbFilter.sys [?]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys --> C:\Windows\system32\DRIVERS\evolve.sys [?]
R3 EvoMouFilter;Evolve Mouse Filter Driver;\??\C:\Windows\system32\Drivers\EvoMouFilter.sys --> C:\Windows\system32\Drivers\EvoMouFilter.sys [?]
R3 LbAdapter;LAN Bridger Virtual Miniport Driver;C:\Windows\system32\DRIVERS\lb.sys --> C:\Windows\system32\DRIVERS\lb.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" --> C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-3-27 1525784]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-3 1431888]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-6-6 135584]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-3-14 452096]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S3 LbSvc;LAN Bridger Service;C:\Program Files\Echobit\LAN Bridger\LbSvc.exe [2010-6-17 2158744]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-25 15:07:55 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3C83217-636B-4D0D-8230-0273599872ED}\mpengine.dll
2012-06-24 13:35:01 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 12:20:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 12:20:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 12:19:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 12:19:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-16 00:28:42 -------- d-----w- C:\Users\SacredSkull\AppData\Local\Macromedia
2012-06-15 20:22:53 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2012-06-15 18:43:25 -------- d-----w- C:\Users\SacredSkull\AppData\Local\MetaGeek,_LLC
2012-06-15 18:41:40 -------- d-----w- C:\Program Files (x86)\MetaGeek
2012-06-14 11:09:43 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-14 03:55:18 -------- d-----w- C:\Users\SacredSkull\AppData\Local\Native Instruments
2012-06-13 17:21:01 -------- dc-h--w- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-13 17:20:24 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2012-06-13 17:20:20 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2012-06-13 17:20:02 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-06-13 17:20:00 -------- d-----w- C:\Program Files\Native Instruments
2012-06-13 17:19:59 -------- d-----w- C:\ProgramData\Native Instruments
2012-06-13 17:19:37 -------- d-----w- C:\Program Files (x86)\Massive
2012-06-13 15:56:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-13 15:56:38 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-13 15:55:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:55:20 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 15:55:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:55:10 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 15:55:08 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:55:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:55:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 15:55:06 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 15:55:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 15:55:04 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-13 15:55:03 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 15:55:03 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 15:54:50 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 15:54:49 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 15:54:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 15:54:49 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 15:54:49 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 15:54:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 20:12:11 -------- d-----w- C:\Users\SacredSkull\.tectonicus
2012-06-11 14:07:11 -------- d-----w- C:\Program Files\Oracle
2012-06-11 14:04:00 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-11 13:43:41 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-10 23:27:28 -------- d-----w- C:\Users\SacredSkull\.eclipse
2012-06-10 21:14:06 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-06-10 21:13:53 -------- d-----w- C:\ProgramData\Rosetta Stone
2012-06-09 02:36:41 344680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-06-07 23:16:31 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 23:16:31 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 13:44:21 -------- d-----w- C:\Users\SacredSkull\AppData\Roaming\Petroglyph
2012-06-07 13:36:49 98304 ----a-w- C:\Windows\system32CmdLineExt.dll
2012-06-07 00:38:51 -------- d-----w- C:\Users\SacredSkull\.gem
2012-06-07 00:27:55 -------- d-----w- C:\Ruby193
2012-06-06 18:32:49 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-06-06 18:09:10 -------- d-----w- C:\Program Files (x86)\LucasArts
2012-06-06 17:53:22 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-06-06 17:50:59 -------- d-----w- C:\Program Files (x86)\MDF to ISO
2012-06-06 15:19:02 -------- d-----w- C:\Users\SacredSkull\AppData\Roaming\7plus
2012-06-06 14:10:06 1101600 ----a-w- C:\Windows\System32\drivers\ae1000w7.sys
2012-06-06 14:09:27 -------- d-----w- C:\ProgramData\Cisco Systems
2012-06-03 00:48:51 -------- d-----w- C:\Games
2012-06-03 00:47:46 -------- d-----w- C:\Users\SacredSkull\AppData\Local\Black_Tree_Gaming
2012-06-03 00:47:35 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-05-31 22:47:58 -------- d-----w- C:\Program Files (x86)\IndieVolume
2012-05-30 12:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 20:52:19 -------- d-----w- C:\Program Files (x86)\The GodFather
2012-05-29 19:32:23 303616 ----a-w- C:\Windows\SysWow64\SDL.dll
2012-05-29 19:31:56 -------- d-----w- C:\SDL
2012-05-29 16:17:23 2637824 ----a-w- C:\Windows\System32\drivers\athrx.sys
2012-05-27 23:08:50 -------- d-----w- C:\Perl
2012-05-27 22:52:51 -------- d-----w- C:\Perl64
2012-05-26 19:48:14 -------- d-----w- C:\Users\SacredSkull\AppData\Roaming\Mael
2012-05-26 19:44:50 -------- d-----w- C:\Program Files (x86)\HxD
.
==================== Find3M ====================
.
2012-06-25 15:50:21 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-25 15:50:21 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-25 15:49:02 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-23 23:21:55 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:21:55 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-11 23:37:26 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-06-11 23:37:26 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-27 01:50:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-08 16:23:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-05-04 18:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-30 22:31:38 48471 ----a-w- C:\Windows\SysWow64\ForceBindIP-Uninstaller.exe
2012-04-11 11:11:08 274936 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-11 11:11:05 358392 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-11 11:11:03 197112 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-11 11:11:00 345080 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-04 17:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-27 22:07:22 27800 ----a-w- C:\Windows\System32\drivers\EvoKbFilter.sys
2012-03-27 22:07:22 24216 ----a-w- C:\Windows\System32\drivers\EvoMouFilter.sys
2012-03-27 22:07:22 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys
2012-03-27 22:07:20 314360 ----a-w- C:\Windows\System32\EvoDisplayHelper.dll
2012-03-27 22:07:20 197112 ----a-w- C:\Windows\SysWow64\EvoDisplayHelper.dll
.
============= FINISH: 18:36:49.08 ===============

 

[Corrine]

Hi, Cl0ttERS

Could it possibly be an ip assignment that is causing the problem? Gonna try a static local IP address

What were the results of disabling the proxy setting and using a static IP address?

After considerable distractions to handle other issues, I've finally completed reviewing your logs. I note your use of uTorrent as well as the Firefox setting noted below. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and continue to be a target. In addition, P2P security measures are easily circumvented. If your P2P program is not configured correctly, you may be sharing more files than you realize, which could indeed be the source of the issues you have been having.

I suggest you try two things: First, disable the proxy setting. Second, uninstall uTorrent. See if these changes make a difference.

I also note that your customized Firefox settings appear to be based on earlier versions. I suggest you review Category:Tweaking preferences - MozillaZine Knowledge Base.

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

Although my eyes didn't pick up anything in the DDS log, let's double check with an on-line scan. Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

 

[Cl0ttERS]

Wow, my firefox settings were about 4x slower than the defaults.. Must have been some script I used, but anyway, since IE sucks, it froze when visiting the eset site, and I had to use firefox. It's probably a very good thing that other browsers need to download an installer, the activex system is a very quick way to gain control over a computer

 

[Temmu]

awesome - eset has an on-line scanner! (sorry, did not know that...)
i am, of course, an eset fan...

 

[Cl0ttERS]

awesome - eset has an on-line scanner! (sorry, did not know that...)
i am, of course, an eset fan...

yeah I used to love ESET, but MS Security Essentials has that most awesome attribute:

It's free and works 100%
Even if you run into trouble you can fall back to Malwarebytes anyway

 

[Corrine]

I agree Microsoft Security Essentials is excellent but must admit that ESET is my favorite licensed antivirus software.

Have you completed the ESET scan, just so we can rule out malware with that second opinion?

What about disabling proxy and seeing what happens without uTorrent onboard?

 

[TheCyberMan]

I find Eset very reliable and efficient have used it for a good few years now.

Utorrent as well as the viral threat also it will eat up bandwidth as well which will inevitably slow things down.

 

[Cl0ttERS]

I have been using torrents for ages, and I will continue to use P2P, that's just the way it is. I don't download dodgy torrents, and only use uTorrent when I actually need it. Obviously it uses bandwidth but only when I actually use it. I will uninstall uTorrent, but if it shows no signs of affecting svchost, I'm putting it on again. All I want to do is solve the problem, I'm not asking for your opinion on torrenting

 

[Corrine]

Thank you for being willing to see if uninstalling uTorrent has any impact on svchost. I knew when I posted the suggestion that, unlike so many users of P2P programs, you are aware of the "dangers" and also realized from your posts that you use appropriate cautions. The "warning" is standard for the benefit of someone who may land here as a result of clicking a link in search results.

 

[Cl0ttERS]

Yeah, that is a very good point- it's amazing how many people click first and ask later...

 

[TheCyberMan]

Yes understand about the way you use torrents and agree with what Corrine said.

I don't know whether you have replaced the svchost.exe file with one from the Windows 7 DVD it may be worth a try, it may or may not help.

Or eliminate svchost as as source of problem although it may be a conduit.