1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: svchost and ekrn high cpu usage

Discussion in 'Windows 7' started by Roxz, Apr 22, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    ok im runing the w7 home premium last version updated and recently the svchost.exe and ekrn.exe had been using lot's of cpu. On a closer look with proces explorer program i noticed that sysmain.dll and ntdll.dll are the ones with the high cpu usage and high cicle like over 1 millon and over 2 million sometimes. This happens mostly while im seeing many youtube videos (not in hd and not all at once playing but many videos buffered in diferent firefox tabs) or playing videogames (any kind not heavy graphical) and when the computer starts.

    I've algo noticed that before svchsot starts consuming lot of resources some random proceses star to consume random small amount os cpu generally 1 o 2% like this

    http://img714.imageshack.us/img714/2903/raroe.png

    I have a

    CPU Amd atlhon 64 x2 5200+
    GPU nvidia geforce 8800gs
    RAM Kingstone DDR2 2ghz 400hz FSB

    Screens:

    http://i43.tinypic.com/mhrara.png

    http://img231.imageshack.us/img231/1566/cpuki.png


    I cannot use and if i would i wouldnt use the system restore
     
  2. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Follow the below instructions Carefully:
    1. Download HiJackThis from the link in my signature
    2. Run a Scan.
    3. Save a Logfile(On your Desktop)
    4. DO NOT FIX ANYTHING BY YOURSELF.
    (Fixing Anything Might cause Unwanted System Instability,BSOD's and Even Render your System Unusable)
    5.Copy and Paste all the contents
    6. Paste them in the reply Window


    More info on system specs is needed to help you
     
  3. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:22:01 p.m., on 23/04/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\A squared Anti-Malware\a2service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\A squared Anti-Malware\a2guard.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\ESET NOD32 Antivirus\egui.exe
    C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\NaW\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Windows Live AplicaciĆ³n auxiliar de inicio de sesiĆ³n - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\NaW\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\AGNITU~1\op_mon.exe" /tray /noservice
    O4 - HKLM\..\Run: [Hey2] C:\Program Files\Hey! 2\hey2.exe
    O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A SQUARED ANTI-MALWARE\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://software.kuaiche.com
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{698FB6FC-0A82-4799-B729-7A13B0F233CD}: NameServer = 200.51.211.7,200.51.212.7
    O20 - AppInit_DLLs: c:\progra~1\agnitu~1\wl_hook.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\A squared Anti-Malware\a2service.exe
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\AGNITU~1\acs.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 4880 bytes
     
  4. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    What do you mean by "Last version updated"?
    Did you perform an upgrade from vista to windows 7?
    The log seems to be clean atleast to me.
    See what the experts have to say.
    For the while being,
    consider disabling the A2 real time protection.

    Please consider using the latest version of HiJack this i.e. version 2.0.4
    Post the log with that version
     
  5. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    i've disabled that to test but it's the same i've also set nod32 and a2 to mutually ignore each other

    with the "last version updated" i mean i have the full version not a release candidate or a beta or so and that is up to date with windows update just that.

    I never had vista installed on my PC.

    What do you mean by "experts"?
     
  6. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Oh,I forgot to mention that NOD32 starts a startup scan at computer startup.
    This is the reason why ekrn.exe comsumes 100% CPU at startup.
     
  7. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    need help plz it lags all the time is getting me very mad
     
  8. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
  9. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
  10. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    Plz i think that problem has something to do with the unistallation of hamachi with revo uninstaller in advanced mode
     
  11. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Whats hamachi?
    Its got nothing to do with Revo Uninstaller
     
  12. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    hamachi is a program that i think uses vpn that let you play games that are only lan over the intenet and also enables a more secure ip to ip connection.

    When i uninstalled that program with revo uninstaller i think was when the problem started
     
  13. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Did you also delete the registry entries?
    Name the option which you used during uninstall.
    Safe,Moderate or Advanced.
    Are you using Revo Uninstaller Pro or the Free version?
    Restore the reg entries using the button highlighted in the screenshot.

    [​IMG]
     

    Attached Files:

  14. Roxz

    Roxz Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    54
    thanks for your help is solved now
     
  15. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Please let me know which steps you followed to solve the problem.
    Cheers :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918623