Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows 7 Windows 7
Search Search
Search for:
Tech Support Guy > > >

Solved: svchost and ekrn high cpu usage


(!)

Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
22-Apr-2010, 04:08 PM #1
Solved: svchost and ekrn high cpu usage
ok im runing the w7 home premium last version updated and recently the svchost.exe and ekrn.exe had been using lot's of cpu. On a closer look with proces explorer program i noticed that sysmain.dll and ntdll.dll are the ones with the high cpu usage and high cicle like over 1 millon and over 2 million sometimes. This happens mostly while im seeing many youtube videos (not in hd and not all at once playing but many videos buffered in diferent firefox tabs) or playing videogames (any kind not heavy graphical) and when the computer starts.

I've algo noticed that before svchsot starts consuming lot of resources some random proceses star to consume random small amount os cpu generally 1 o 2% like this

http://img714.imageshack.us/img714/2903/raroe.png

I have a

CPU Amd atlhon 64 x2 5200+
GPU nvidia geforce 8800gs
RAM Kingstone DDR2 2ghz 400hz FSB

Screens:

http://i43.tinypic.com/mhrara.png

http://img231.imageshack.us/img231/1566/cpuki.png


I cannot use and if i would i wouldnt use the system restore

Last edited by Roxz; 22-Apr-2010 at 07:24 PM..
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
23-Apr-2010, 05:18 AM #2
Follow the below instructions Carefully:
1. Download HiJackThis from the link in my signature
2. Run a Scan.
3. Save a Logfile(On your Desktop)
4. DO NOT FIX ANYTHING BY YOURSELF.
(Fixing Anything Might cause Unwanted System Instability,BSOD's and Even Render your System Unusable)
5.Copy and Paste all the contents
6. Paste them in the reply Window


More info on system specs is needed to help you
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
23-Apr-2010, 01:24 PM #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:01 p.m., on 23/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\A squared Anti-Malware\a2service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\A squared Anti-Malware\a2guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskmgr.exe
C:\Users\NaW\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\NaW\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\AGNITU~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [Hey2] C:\Program Files\Hey! 2\hey2.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698FB6FC-0A82-4799-B729-7A13B0F233CD}: NameServer = 200.51.211.7,200.51.212.7
O20 - AppInit_DLLs: c:\progra~1\agnitu~1\wl_hook.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\A squared Anti-Malware\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\AGNITU~1\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4880 bytes
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
25-Apr-2010, 12:05 AM #4
What do you mean by "Last version updated"?
Did you perform an upgrade from vista to windows 7?
The log seems to be clean atleast to me.
See what the experts have to say.
For the while being,
consider disabling the A2 real time protection.

Please consider using the latest version of HiJack this i.e. version 2.0.4
Post the log with that version
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
25-Apr-2010, 12:30 AM #5
i've disabled that to test but it's the same i've also set nod32 and a2 to mutually ignore each other

with the "last version updated" i mean i have the full version not a release candidate or a beta or so and that is up to date with windows update just that.

I never had vista installed on my PC.

What do you mean by "experts"?

Last edited by Roxz; 25-Apr-2010 at 01:38 AM..
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
25-Apr-2010, 12:47 AM #6
Oh,I forgot to mention that NOD32 starts a startup scan at computer startup.
This is the reason why ekrn.exe comsumes 100% CPU at startup.
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
26-Apr-2010, 11:10 PM #7
need help plz it lags all the time is getting me very mad
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
27-Apr-2010, 04:29 AM #8
See this page:
(The instructions are for version 3.xx nad 4.xx)
http://www.wilderssecurity.com/showthread.php?t=241215
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
27-Apr-2010, 10:42 AM #9
Quote:
Originally Posted by antech View Post
See this page:
(The instructions are for version 3.xx nad 4.xx)
http://www.wilderssecurity.com/showthread.php?t=241215
Thanks now it's only the svchost problem and that many rpoceses randomly start to use cpu like shown in the img
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
29-Apr-2010, 01:18 PM #10
Plz i think that problem has something to do with the unistallation of hamachi with revo uninstaller in advanced mode
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
30-Apr-2010, 06:11 AM #11
Whats hamachi?
Its got nothing to do with Revo Uninstaller
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
05-May-2010, 05:06 PM #12
hamachi is a program that i think uses vpn that let you play games that are only lan over the intenet and also enables a more secure ip to ip connection.

When i uninstalled that program with revo uninstaller i think was when the problem started
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
06-May-2010, 02:59 AM #13
Did you also delete the registry entries?
Name the option which you used during uninstall.
Safe,Moderate or Advanced.
Are you using Revo Uninstaller Pro or the Free version?
Restore the reg entries using the button highlighted in the screenshot.

Attached Thumbnails
Solved: svchost and ekrn high cpu usage-revobackup.png  
Roxz's Avatar
Roxz Roxz is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: Feb 2010
11-May-2010, 11:56 AM #14
thanks for your help is solved now
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
11-May-2010, 11:05 PM #15
Please let me know which steps you followed to solve the problem.
Cheers
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
svchost.exe PID: 1428 high CPU pedrokyrin Virus & Other Malware Removal 3 21-Mar-2010 02:54 PM
Constantly running CPU - svchost.exe netsvcs CaliCuse Windows XP 8 03-Jan-2010 05:38 PM
Solved: extremly high cpu usage 4g63racing Windows XP 12 23-Nov-2009 08:12 AM
High CPU usage hardworker103 Virus & Other Malware Removal 0 04-Oct-2009 02:52 PM
high cpu usage, extremely choppy sound and video ryan8153 Windows XP 2 23-Dec-2008 12:54 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2