Results 1 to 7 of 7

Thread: svchost.exe problem

  1. #1
    threelions00's Avatar on a shirt... BT Rep: +12BT Rep +12BT Rep +12
    Join Date
    Apr 2004
    Location
    England
    Posts
    822

    Question Mark

    ok...here we go...basically, when i start up this pc, it becomes very slow. I go to task manager and have a look and i see SVCHOST.EXE as a system process. But is Mem Usage is like 40,000 and it is taking up 99 on the CPU and the CPU usage shoots to 100%.

    I can stop this process and the start bar will look like the windows classic for a bit then change back to regular xp.

    i have tried to google it and i see all sorts of things, like spyhunter etc. i have tried all sorts of steps to remove this but to no avail. I am not sure if it will help but here is my hijackthis logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:59:57 PM, on 10/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\CHARMA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141513396248
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    I really am not sure if this will help but thanks in advance. If i haven't explained anything correctly, then i will try to rephrase or add.

    Another thing i did discover though, is that once i have stopped the SVCHOST.EXE and then go on to use Microsoft Updates, it upsets the PC and freezes it for ages. (i have never actually waited long enough to see how it takes to get on to task manager).

  2. Software & Hardware   -   #2
    backlash's Avatar usenet lover
    Join Date
    Aug 2003
    Location
    in your dreams
    Posts
    1,579
    Am I missing something or do you only have msn messenger starting on startup? No AV or Firewall?

  3. Software & Hardware   -   #3
    Seedler's Avatar T__________________T
    Join Date
    Oct 2005
    Location
    Canada
    Posts
    4,148
    This should be in the software section.
    Biostar XE T5
    i5-750 @ 4.0 GHZ stable (CM Hyper 212)
    2 x 2GB Cosair XMS3 DDR3 1600MHZ
    Radeon 5850 @ 866/1254MHZ
    Intel X25-M in RAID 0
    WD Caviar Black 2TB in RAID 0
    3 x Asus 25.5" VW266H LCD [Eyefinity]

  4. Software & Hardware   -   #4
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    You could probably fix yourself by posting on Hijackthis .de

    http://www.hijackthis.de/#anl


    Your log :

    http://www.hijackthis.de/logfiles/63...fa27a5c0a.html

  5. Software & Hardware   -   #5
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    Quote Originally Posted by backlash View Post
    Am I missing something or do you only have msn messenger starting on startup? No AV or Firewall?

    He shut it off ?

    This line is interesting ! C:\WINDOWS\system32\WgaTray.exe

  6. Software & Hardware   -   #6
    Sorry I cant help, but I do know that you need those svchost.exe's as they call other programs and services etc. Thats why we all get it listed 5 or 6 times !

    Regards

    Digby

  7. Software & Hardware   -   #7
    david02's Avatar only human BT Rep: +1
    Join Date
    Aug 2006
    Location
    Oss
    Age
    49
    Posts
    418
    it is a worm or virus or something like that

    scan your computer with

    http://housecall.trendmicro.com/

    ''A free online Virus Scanner that can be run anytime a Virus infection is suspected. The only ICSA Certified Online AntiVirus Scanner''

    please post your results.

    ''Instructions - Select "Scan Now. It's Free!", then again. Check "Yes, I accept the Terms of Use" and select "Launching HouseCall", then select "Starting HouseCall" (Java or Browser Plug-in) and wait. Then select "Next" (Scan complete computer for malware, grayware and vulnerabilities) and wait (this may take some time). For any Viruses that cannot be cleaned or deleted use the Sysclean Package below. Even if you have an AntiVirus program installed run this anyway. .''


    you can also run sysclean

    http://www.trendmicro.com/ftp/products/tsc/sysclean.com

    the pattern files can be downloaded here

    http://www.trendmicro.com/download/pattern.asp


    ''Instructions - Download the Sysclean Package (sysclean.com) and the latest Pattern File (lptXXX.zip). Create a folder on your C: drive (C:\Sysclean), download both files to this folder, unzip the "lptXXX.zip" pattern file into this folder, then run "sysclean.com", check "Automatically clean or delete detected files", left-click "Scan". Tough to remove Malware requires a more thorough scan. Reboot your computer into safe mode by pressing the F8 key down during boot up and selecting "Safe Mode" from the Windows Advanced Options menu. In safe mode do another Sysclean scan and remove the remaining Malware infections.

    Notes - The Pattern File is updated on a daily basis, make sure you are using the latest Pattern File. Anytime Malware is detected that your AntiVirus program or the Online Virus Scanner is unable to clean, you will have to redownload the latest Pattern File for Sysclean to be able to properly remove it. A larger numbered file (lptXXX.zip) represents a newer Pattern File. Control Pattern Releases will offer better detection since they are updated more frequently.

    Troubleshooting - If you run the Sysclean Package after Avast! is installed, Avast! will falsely detect the sysclean.com file as infected with VBS:Redlof. This has to do with the Sysclean Package's cleaning database not being encrypted, so the code line in the database used for detection of VBS:Redlof is falsely detected as the Virus itself. Other AntiVirus Programs may give the same false alarm. Before running the Sysclean Package you will need to temporarily disable Avast! or your AntiVirus program''
    Last edited by david02; 10-21-2006 at 05:48 PM.
    ''God is dead.'' - Nietche
    ''Nietche is dead!'' -God

    graffiti

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •