BleepingComputer.com: svchost.exe memory leak

Good job

Is the computer doing better?

You're running two AV programs:
ESET NOD32 Antivirus
Microsoft Security Essentials
One of them has to go.
Your choice.

You also have "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts (no extension)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder



Re-run MiniToolbox.

Checkmark following boxes:

• List content of Hosts

Click Go and post the result.

i ditched microsoft security essentials.
things are running much quicker now

here is the minitoolbox log
MiniToolBox by Farbar
Ran by Erin (administrator) on 15-07-2011 at 19:14:25
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

Hosts file not detected in the default diroctory

You did something wrong with "hosts" file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
  
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  
• Copy the content of the following box into the main textfield:
  

  :dir
  C:\WINDOWS\SYSTEM32\DRIVERS\ETC
  

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 04.09.10 by jpshortstuff
Log created at 20:03 on 15/07/2011 by Erin
Administrator - Elevation successful

No Context: C:\WINDOWS\SYSTEM32\DRIVERS\ETC

-= EOF =-

It looks like you didn't copy my whole script including a "colon" in front of "dir" (1st line).
Please redo.

woops! sorry about that

SystemLook 04.09.10 by jpshortstuff
Log created at 22:49 on 15/07/2011 by Erin
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.20080315-010537.backup --a---- 736 bytes [08:05 15/03/2008] [07:41 15/03/2008]
hosts.bak -ra---- 228383 bytes [02:58 14/08/2003] [08:05 15/03/2008]
hosts.ics --a---- 375 bytes [09:12 10/05/2007] [09:12 10/05/2007]
hosts.msn --a---- 734 bytes [20:15 23/09/2007] [12:00 29/08/2002]
hosts.txt --a---- 711 bytes [02:13 16/07/2011] [02:13 16/07/2011]
lmhosts.sam --a---- 3683 bytes [02:58 14/08/2003] [12:00 29/08/2002]
networks --a---- 407 bytes [02:58 14/08/2003] [12:00 29/08/2002]
protocol --a---- 799 bytes [02:58 14/08/2003] [12:00 29/08/2002]
services --a---- 7116 bytes [02:58 14/08/2003] [12:00 29/08/2002]

---Folders---
None found.

-= EOF =-

i saved it how you instructed but it saved it as a .txt file anyways

This post has been edited by pyropixie: 16 July 2011 - 12:54 AM

Open Windows Explorer, go Tools>Folder options>View tab, UN-check "Hide extensions for known file types".
Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder and rename hosts.txt filecto just hosts (no extension).
Post new System Look log.

SystemLook 04.09.10 by jpshortstuff
Log created at 11:05 on 16/07/2011 by Erin
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [02:13 16/07/2011] [02:13 16/07/2011]
hosts.20080315-010537.backup --a---- 736 bytes [08:05 15/03/2008] [07:41 15/03/2008]
hosts.bak -ra---- 228383 bytes [02:58 14/08/2003] [08:05 15/03/2008]
hosts.ics --a---- 375 bytes [09:12 10/05/2007] [09:12 10/05/2007]
hosts.msn --a---- 734 bytes [20:15 23/09/2007] [12:00 29/08/2002]
lmhosts.sam --a---- 3683 bytes [02:58 14/08/2003] [12:00 29/08/2002]
networks --a---- 407 bytes [02:58 14/08/2003] [12:00 29/08/2002]
protocol --a---- 799 bytes [02:58 14/08/2003] [12:00 29/08/2002]
services --a---- 7116 bytes [02:58 14/08/2003] [12:00 29/08/2002]

---Folders---
None found.

-= EOF =-

Good job

Any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

i cant get temp file cleaner to run - it just brings up a blank command window. i ran eset, it didnt give me an option to list found threats, but it didnt find any. (i have a screen cap if you want)

Instead of TFC...

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

=======================================================================.

Update Internet Explorer to version 8. Version 6 is obsolete and thus dangerous.

=======================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html