1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe (netsvcs) 100 cpu

Discussion in 'Virus & Other Malware Removal' started by dwarren1, Feb 26, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    For almost a week upon start-up, my computer will be running at 100 cpu. The culprit is the infamous svchost.exe. I have been trying to resolve this problem for almost a week by searching tech support threads and microsoft threads but all the solutions that worked for other people have not worked for me.

    I have run multiple malware scans and nothing comes up.

    As you can see in the first attachment, svchost.exe (netsvcs) is taking up a majority of my cpu. It would be higher if i didn't also have chrome running. But the actual cpu of the services related to svchost.exe is much lower. So where is all this extra cpu coming from?

    Any help would be much appreciated!
     

    Attached Files:

  2. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
  3. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: AMD Sempron(tm) SI-42, x64 Family 17 Model 3 Stepping 1
    Processor Count: 1
    RAM: 1790 Mb
    Graphics Card: ATI Radeon 3100 Graphics, 256 Mb
    Hard Drives: C: Total - 228692 MB, Free - 17103 MB;
    Motherboard: TOSHIBA, NBWAE
    Antivirus: None

    Toshiba Satellite L455D-S5976

    I did boot it up on safe mode but the cpu still went up to 100. Though this only happens when I am connected to the internet.
     
  4. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    dw 1:
    Thanks for the system info.

    This may be the problem.
    Fortunately, TechGuy.org has the best malware removal experts, such as dvk01, Cookiegal & Mark1956 to name the 3 with whom I have recently communicated. Our other malware removal experts are also well trained and are helpful.

    I am not telling you that your computer is infected. dwarren1, I am merely mentioning it as a possibility.

    Important info. Excellent that you mentioned it.

    Do you connect to the internet using wi fi or ethernet?
    If you use wi fi, use ethernet when booting to safe mode with networking.

    Also, boot to plain old safe mode. Turn off your router, or the wi fi on your computer, or disconnect the ethernet. I'd like to know what happens with no internet connectivity.

    Which modem and / or router do you use?
    Please provide the brand, model & model # of each.

    RF123
     
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Use the Task Manager to determine which svchost.exe process is hogging that CPU and note the PID.

    Next, download and run CurrPorts. It can give you even more information like ports, local address, remote address, services, module filename and full path for each svchost.exe process accessing the Internet, and more. Use the PID to identify the svchost.exe process in CurrPorts. Note the remote address IP number and paste it into your next reply. We'll then run an IP lookup to hopefully determine where that process is being taken to, and if it's legitimate or possibly malicious.

    Free and no installation required.
     
  6. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    P 010:
    COOL! I learn so much from you.
    (y)

    Do you think Process Monitor or Process Explorer would help?

    RF123
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Process Explorer is a great tool I use regularly. I've also programmed it to load with Windows with a batch file. I use it instead of Task Manager. However, dwarren1 has already identified the offending svchost.exe process and probably knows which services are related to it by now, which are numerous. I don't think it will give us much more information than we already have. :)
     
  8. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    P 010:
    Thanks. I learn so much from you.
    (y)

    RF123
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    To get a better idea of what modules (dll files) are related to your svchost.exe processes, try the following:

    Press the Windows key + R to open a Run box.

    Type cmd

    Press Enter.

    In the command prompt, type (or paste) the following command:

    tasklist /svc

    Press Enter.

    This will give you a list of all Windows processes running on your computer. Look for all instances of svchost.exe and you'll find the services to which they are related.

    Then, type the following command in the command prompt:

    tasklist /m /fi "IMAGENAME eq svchost.exe" >C:\svchost.txt


    Now, open the file C:\svchost.txt and identify the "suspicious" modules. (filter out the system files and dependencies used by svchost.exe.)

    This might point us to a faulty service, driver or device.
     
  10. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    Okay, Thanks for all the help!

    Fist of, I use wi-fi. The router is Arris TM502G and the router Belkin surf N300 Model F7D6301 v1.

    When booted in safe mode, there is no cpu hogging. This only occurs when connected to the internet. Safe mode with ethernet also leads to cpu hogging.

    I'm about to try Phantoms' suggestions.
     
  11. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    okay, I used currports and found 29 processes with the matching PID of the offending svchost.exe. Did you want me to list all of the IP's?

    Some suspicious looking remote hosts include ffog.net babaloonx.com afe.specificclick.net ec2-50-19-176-161.compute-1.amazonaws.com and a few others similar to the last one.


    I proceeded to use the cmd and found the list of processes used by this svchost. They are AeLookupSvc, Appinfo, BITS, Browser, EapHost, gpsvc, IKEEXT, iphlpsvc, LanmanServer, MMCSS, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt

    I then pasted the next command you told me to put in and it says access denied. I'm not sure what to do after that.
     
  12. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    I feel like a moron because I gave you the local IP not the remote. My bad. Do you want me to list all 29 IP's?
     
  13. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    dwarren1:
    P 010 is the expert, here, but currently off line.

    I suggest "Yes" all 29.

    RF123
     
  14. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    That's 29 svchost.exe processes, with the same PID???

    Do you really don't have an antivirus? (asking 'cause that TSG System Info Utility is often mistaking)

    What malware scans have you run? With what program(s)?

    By the looks of it, your computer could be infected.
     
  15. dwarren1

    dwarren1 Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    9
    Until now I didn't have an active anit--virus. I have run Malware-bytes and SuperAntispyware. What do I need to do to clean up my computer?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - svchost (netsvcs)
  1. Mackoy
    Replies:
    0
    Views:
    512
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1091063

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice