Solved: svchost and ekrn high cpu usage

Roxz · 08:24 PM

ok im runing the w7 home premium last version updated and recently the svchost.exe and ekrn.exe had been using lot's of cpu. On a closer look with proces explorer program i noticed that sysmain.dll and ntdll.dll are the ones with the high cpu usage and high cicle like over 1 millon and over 2 million sometimes. This happens mostly while im seeing many youtube videos (not in hd and not all at once playing but many videos buffered in diferent firefox tabs) or playing videogames (any kind not heavy graphical) and when the computer starts.

I've algo noticed that before svchsot starts consuming lot of resources some random proceses star to consume random small amount os cpu generally 1 o 2% like this

http://img714.imageshack.us/img714/2903/raroe.png

I have a

CPU Amd atlhon 64 x2 5200+
GPU nvidia geforce 8800gs
RAM Kingstone DDR2 2ghz 400hz FSB

Screens:

http://i43.tinypic.com/mhrara.png

http://img231.imageshack.us/img231/1566/cpuki.png

I cannot use and if i would i wouldnt use the system restore

antech · 23-Apr-2010, 06:18 AM #2

Follow the below instructions Carefully:
1. Download HiJackThis from the link in my signature
2. Run a Scan.
3. Save a Logfile(On your Desktop)
4. DO NOT FIX ANYTHING BY YOURSELF.
(Fixing Anything Might cause Unwanted System Instability,BSOD's and Even Render your System Unusable)
5.Copy and Paste all the contents
6. Paste them in the reply Window

More info on system specs is needed to help you

Roxz · 23-Apr-2010, 02:24 PM #3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:01 p.m., on 23/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\A squared Anti-Malware\a2service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\A squared Anti-Malware\a2guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskmgr.exe
C:\Users\NaW\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\NaW\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\AGNITU~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [Hey2] C:\Program Files\Hey! 2\hey2.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698FB6FC-0A82-4799-B729-7A13B0F233CD}: NameServer = 200.51.211.7,200.51.212.7
O20 - AppInit_DLLs: c:\progra~1\agnitu~1\wl_hook.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\A squared Anti-Malware\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\AGNITU~1\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4880 bytes

antech · 25-Apr-2010, 01:05 AM #4

What do you mean by "Last version updated"?
Did you perform an upgrade from vista to windows 7?
The log seems to be clean atleast to me.
See what the experts have to say.
For the while being,
consider disabling the A2 real time protection.

Please consider using the latest version of HiJack this i.e. version 2.0.4
Post the log with that version

Roxz · 02:38 AM

i've disabled that to test but it's the same i've also set nod32 and a2 to mutually ignore each other

with the "last version updated" i mean i have the full version not a release candidate or a beta or so and that is up to date with windows update just that.

I never had vista installed on my PC.

What do you mean by "experts"?

antech · 25-Apr-2010, 01:47 AM #6

Oh,I forgot to mention that NOD32 starts a startup scan at computer startup.
This is the reason why ekrn.exe comsumes 100% CPU at startup.

Roxz · 27-Apr-2010, 12:10 AM #7

need help plz it lags all the time is getting me very mad

antech · 27-Apr-2010, 05:29 AM #8

See this page:
(The instructions are for version 3.xx nad 4.xx)
http://www.wilderssecurity.com/showthread.php?t=241215

Roxz · 27-Apr-2010, 11:42 AM #9

Quote:

Originally Posted by antech

See this page:
(The instructions are for version 3.xx nad 4.xx)
http://www.wilderssecurity.com/showthread.php?t=241215

Thanks now it's only the svchost problem and that many rpoceses randomly start to use cpu like shown in the img

Roxz · 29-Apr-2010, 02:18 PM **#10**

Plz i think that problem has something to do with the unistallation of hamachi with revo uninstaller in advanced mode

antech · 30-Apr-2010, 07:11 AM **#11**

Whats hamachi?
Its got nothing to do with Revo Uninstaller

Roxz · 05-May-2010, 06:06 PM **#12**

hamachi is a program that i think uses vpn that let you play games that are only lan over the intenet and also enables a more secure ip to ip connection.

When i uninstalled that program with revo uninstaller i think was when the problem started

antech · 06-May-2010, 03:59 AM **#13**

Did you also delete the registry entries?
Name the option which you used during uninstall.
Safe,Moderate or Advanced.
Are you using Revo Uninstaller Pro or the Free version?
Restore the reg entries using the button highlighted in the screenshot.

Roxz · 11-May-2010, 12:56 PM **#14**

thanks for your help is solved now

antech · 12-May-2010, 12:05 AM **#15**

Please let me know which steps you followed to solve the problem.
Cheers

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
svchost.exe PID: 1428 high CPU	pedrokyrin	Virus & Other Malware Removal	3	21-Mar-2010 03:54 PM
Constantly running CPU - svchost.exe netsvcs	CaliCuse	Windows XP	8	03-Jan-2010 05:38 PM
Solved: extremly high cpu usage	4g63racing	Windows XP	12	23-Nov-2009 08:12 AM
High CPU usage	hardworker103	Virus & Other Malware Removal	0	04-Oct-2009 03:52 PM
high cpu usage, extremely choppy sound and video	ryan8153	Windows XP	2	23-Dec-2008 12:54 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Solved: svchost and ekrn high cpu usage

Find the solution to your computer problem!

Find the solution to your
computer problem!