1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe using up all cpu

Discussion in 'Windows XP' started by Aubre22, Sep 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Aubre22

    Aubre22 Thread Starter

    Joined:
    Sep 10, 2004
    Messages:
    13
    My sister's computer freezes up alot, i don't really know too much about computers, however, when i looked in the task manager under processes i found that the image name svchost.exe, user name system, is using up all of her cpu. could this be her problem with the computer freezing up on her? and if it is, is there anything i can do to help her out? or does anyone else have any ideas on how i can fix it for her, if you need to see hijackthis log i can get it for you. she is even more computer illiterate than i am.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I would run a Hijack This log...
    Simply because Svchost.exe (Generic Host Process for Win32 Services) is an integral part of Windows BUT, it should be located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm.
     
  3. Aubre22

    Aubre22 Thread Starter

    Joined:
    Sep 10, 2004
    Messages:
    13
    Here is my log report, i hope someone can help me out

    Logfile of HijackThis v1.98.2
    Scan saved at 1:56:20 PM, on 9/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\System32\S3tray2.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SWEHOMUW\HijackThis[1].exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    N3 - Netscape 7: user_pref("browser.startup.homepage","about:blank"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\7ko1blzz.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\7ko1blzz.slt\prefs.js)
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95_c0\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{676DED59-A298-43BE-9079-02B3CE05C230}: NameServer = 4.2.2.2,192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE660994-C6C9-462D-9801-AF0F4D86BC2C}: NameServer = 4.2.2.2,192.168.0.1
     
  4. jbcalg

    jbcalg

    Joined:
    Oct 29, 2001
    Messages:
    2,056
    i don't do hjt logs, hopefully others will jump in
    - javierg86 you've got a few newdotnet entries i'd look at

    re svchost:
    take a look at this link
    http://www.jsiinc.com/SUBJ/tip4600/rh4660.htm

    open a CMD prompt and Type:

    Tasklist /SVC

    and you'll see what each svchost is doing

    btw: mine looks similar to the one in the link
    5 svchosts processes running
    1 with a bunch of services - it takes about 22,000 kb when it's running, the others much less
     
  5. Cris_Cr0ss

    Cris_Cr0ss

    Joined:
    Jan 30, 2004
    Messages:
    820
    for aubre22 i suggest you do some spyware scans since u have visible spyware.


    do this:

    Before doing anything turn of system restore
    My computer > Control Panel > System > System Restore Tab > Check Turn off system restore on all Drives

    When your done dont forget to turn it back on

    1)Go to Online Av Scan And run a free anti-virus test
    1a)reboot

    2)Then dowload ad-aware
    [urlhttp://www.majorgeeks.com/downloadget.php?id=506&file=3&evp=8dbaff7daca8f4b55bf695220993fc0f]Ad-Aware[/url]
    Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

    Click on Start, Use custom scanning options, Customize.

    Make sure the following settings are made and on -------"ON=GREEN"

    "Scan within archives"
    "Scan active processes"
    "Scan registry"
    "Deep scan registry"
    "Scan my IE Favorites for banned URL"
    "Scan my host-file"

    Click on Tweak,
    Select scanning engine and click on "Unload recognized processes during scanning"
    Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    Then click "proceed" to save your settings.

    Click on Next

    Run the scan and fix everything.

    2a)Reboot

    3)Then get Spybot S&D to clear remaining spyware.

    Download link here:
    Spybot

    Fix everything SpybotSD labels in red, and immunize.

    4)Then download Spyware Blaster
    Spyware Blaster
    to prevent future spyware/ad-aware make sure u update weekly

    5)Then after reboot:

    After we have Told you what do delete and you have closed all explorer windows and deleted the necessary HijackThis parts.
    Please Download this tool called About Buster from HereUnzip it to your desktop and run it after you cleaned your HijackThis log. Make sure you dont open Internet Explorer untill after you run this tool.
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Aubre22, You need to move hijackthis into a permanent folder like My Documents\hjt. Running it from a temporary folder is not a good idea as you may loose your backups.

    Please post another log after you have done this.

    Cris_Cr0ss, This log does not indicate a need for running about:buster.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - svchost using
  1. SkipRinPerth
    Replies:
    1
    Views:
    645
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273717

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice