New
#11
disabling WINDOWS DRIVER FOUNDATION did not solve the issue, the SVCHOST is still running 210,000K I have a more detailed screenshot now thanks to Prio - Priority Saver What do you think?
disabling WINDOWS DRIVER FOUNDATION did not solve the issue, the SVCHOST is still running 210,000K I have a more detailed screenshot now thanks to Prio - Priority Saver What do you think?
Disable each listed one at a time and see which one frees up the most memory. Right click that svchost.exe and in the context menu there is an item Go to Service. If you have Process Explorer you should be able to see which one is taking the most mem with out disabling them all one at a time.
Would you mind finding this file C:\Windows\system32\srvany.exe and uploading it to Virus Total and have it scanned, please.
VirusTotal - Free Online Virus and Malware Scan
Do you know what Service this is for? Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
I'm not finding much about the KMService
Jacee,
Funny thing is when I did a search of my C drive just now I got 0 results back for srvany.exe
wait, now here is is, I have 64 bit OS so it was in another folder. Here are the results
File srvany.exe received on 2010.06.23 17:54:37 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Antivirus Version Last Update Result a-squared 5.0.0.30 2010.06.23 - AhnLab-V3 2010.06.23.01 2010.06.23 - AntiVir 8.2.4.2 2010.06.23 - Antiy-AVL 2.0.3.7 2010.06.23 - Authentium 5.2.0.5 2010.06.23 - Avast 4.8.1351.0 2010.06.23 - Avast5 5.0.332.0 2010.06.23 - AVG 9.0.0.836 2010.06.23 - BitDefender 7.2 2010.06.23 - CAT-QuickHeal 10.00 2010.06.23 - ClamAV 0.96.0.3-git 2010.06.23 - Comodo 5195 2010.06.23 - DrWeb 5.0.2.03300 2010.06.23 - eSafe 7.0.17.0 2010.06.23 - eTrust-Vet 36.1.7661 2010.06.23 - F-Prot 4.6.1.107 2010.06.22 - F-Secure 9.0.15370.0 2010.06.23 - Fortinet 4.1.133.0 2010.06.23 - GData 21 2010.06.23 - Ikarus T3.1.1.84.0 2010.06.23 - Jiangmin 13.0.900 2010.06.15 - Kaspersky 7.0.0.125 2010.06.23 - McAfee 5.400.0.1158 2010.06.23 - McAfee-GW-Edition 2010.1 2010.06.23 - Microsoft 1.5902 2010.06.23 - NOD32 5223 2010.06.23 - Norman 6.05.10 2010.06.23 - nProtect 2010-06-23.02 2010.06.23 - Panda 10.0.2.7 2010.06.23 - PCTools 7.0.3.5 2010.06.23 - Prevx 3.0 2010.06.23 - Rising 22.53.02.04 2010.06.23 - Sophos 4.54.0 2010.06.23 - Sunbelt 6494 2010.06.23 - Symantec 20101.1.0.89 2010.06.23 - TheHacker 6.5.2.0.303 2010.06.23 - TrendMicro 9.120.0.1004 2010.06.23 - TrendMicro-HouseCall 9.120.0.1004 2010.06.23 - VBA32 3.12.12.5 2010.06.23 - ViRobot 2010.6.21.3896 2010.06.23 - VirusBuster 5.0.27.0 2010.06.23 - Additional information File size: 8192 bytes MD5 : 4635935fc972c582632bf45c26bfcb0e SHA1 : 7c5329229042535fe56e74f1f246c6da8cea3be8 SHA256: abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1 PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x204F
timedatestamp.....: 0x3EA0A111 (Sat Apr 19 03:06:25 2003)
machinetype.......: 0x14C (Intel I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1850 0x1A00 5.90 15e98b94442b1f91f87ade4cf12eff4a
.data 0x3000 0x84 0x200 0.10 f240843d2fbe96bfb6d862c6c366d5a1
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ThreatExpert: ThreatExpert Report ssdeep: 96:8ldfxd/yKaP64DMI1XT3kaiyMlH38ZldnXFADkYLyAFdfcdTbGu00C:mSP64DMI1DkHMZ36kYLxFdfcdnGu00C sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : - RDS : NSRL Reference Data Set
srvany.exe - srvany, Service Any, Delete and Removal Information!
It appears a normal MS thingy. Neither of the two mentioned are being hosted by your svchost.exe. On a sidenote, what are the two extra titlebar buttons in your screenshot?
LOL, I think I posted at one time that I disable the service in "Services" (you have to then do a reboot). It is always getting into the way of WMP - makes the cursor permanently flicker and uses a lot of CPU time - at least in my case. But that only happens when I have a USB stick with data attached. I think it is trying to sync WMP files with the USB stick.
I have not noticed any negative effects when the Driver Foundation is disabled - neither in Vista nor in Win7.