Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost hog CPU; DCOM, Plug & Play service terminated and reboot comp.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Niku5himi

Niku5himi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 11 January 2014 - 04:02 PM

Hi I've been experience this for about more than a week. Whenever I use my computer for about 2 - 3 hours a warning will come up and say "DCOM service terminated unexpectedly and your computer will reboot" or it will be "Plug & Play service terminated unexpectedly and your computer will reboot". I also notice sometimes svchost.exe process will use CPU at 100% and keep it like that untill I reboot the comp myself.

 

Also, the computer will play random ads in the background without anything open. When I open up the volume mixer it shows that a software is the  source of the sound but it doesnt have a name and I don't know how to stop it except to just mute that one software in the volume mixer (the ads sound in the background just starts today).

 

I would be very grateful if anyone can take a look and help me fix this.

 

Here's the DDS log below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by KHD at 12:50:18 on 2014-01-11
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.6142.4085 [GMT -8:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727&type=default&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727&type=default&q={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
StartupFolder: C:\Users\KHD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{45833A20-A0A9-4A6D-A680-1D1F7F0B90B5} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727
x64-mSearch Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727&type=default&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727
x64-mDefault_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67190_748F774B&ts=1383902727&type=default&q={searchTerms}
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KHD\AppData\Roaming\Mozilla\Firefox\Profiles\m8nbngwo.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\KHD\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-27 17:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\KHD\AppData\Roaming\Mozilla\Firefox\Profiles\m8nbngwo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-28 91368]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-28 122088]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-28 109288]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-28 114920]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-28 119016]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-28 305896]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-28 118504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-28 114920]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-28 246504]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-28 106216]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-10-11 206056]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-10-2 140768]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-10-17 169192]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-10-11 122600]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-10-11 124648]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-10-11 137960]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-10-18 37344]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-22 39200]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-1-11 58808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-8 121416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-10-11 105704]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-28 69864]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-14 1494304]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-2 15129376]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-11 20:34:18    58808    ----a-w-    C:\Windows\System32\drivers\PSKMAD.sys
2014-01-11 20:34:11    --------    d-----w-    C:\Users\KHD\AppData\Roaming\Panda Security
2014-01-11 20:33:48    --------    d-----w-    C:\ProgramData\Panda Security
2014-01-11 20:33:48    --------    d-----w-    C:\Program Files (x86)\Panda Security
2014-01-11 20:20:29    --------    d-----w-    C:\FRST
2014-01-11 19:14:27    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28628105-CDDB-40D8-88E1-DAB1D4B74DB6}\mpengine.dll
2014-01-05 12:29:27    --------    d-----w-    C:\Windows\System32\MRT
2014-01-05 12:10:30    --------    d-----w-    C:\Windows\ERUNT
2014-01-04 15:28:17    --------    d-----w-    C:\Windows\pss
2013-12-26 05:59:33    --------    d-----w-    C:\Users\KHD\AppData\Local\Google
2013-12-23 01:57:15    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-23 01:57:15    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-20 01:19:12    --------    d-----w-    C:\Program Files (x86)\Diablo III Beta 2013
.
==================== Find3M  ====================
.
2014-01-11 17:48:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-11 17:48:40    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-11-26 20:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-23 11:02:36    589600    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-10-23 08:20:08    6669600    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-10-17 19:31:26    169192    ----a-w-    C:\Windows\System32\drivers\PSINAflt.sys
2013-10-16 00:48:05    1884448    ----a-w-    C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433158.dll
.
============= FINISH: 12:51:19.54 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:16 PM

Posted 16 January 2014 - 08:03 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:16 PM

Posted 18 January 2014 - 06:14 AM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:16 PM

Posted 30 January 2014 - 09:28 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users