Forum Home
Press F1
Thread ID: 76567	2007-02-05 08:28:00	svchost.exe periodically takes CPU to 100% loading	mcjelly (3439)	Press F1

Post ID	Timestamp	Content	User
522878	2007-02-05 08:28:00	My 3.2ghz P4 laptop with 1gig ram and 10gig spare HD space every so often goes into slug mode with svchost.exe loading the CPU at 95-100% usage for up to 5 minutes. it drives me nuts becuase you can't do anything until it finishes!! I know svchost is a dll manager and I have done the dos prompt check thing on what it is managing, but it doesn't mean much to me. I also have looked at some sites that suggest it can be a trojan or virus, but I only have the one file and it is where it should be, with no names like svch0st.exe etc so I'm pretty sure it's not that. . am running Symantic AV. Any suggestions? I am running XP Pro.	mcjelly (3439)
522879	2007-02-05 09:59:00	Download highjackthis if you don't already have it from here www.majorgeeks.com run it and post log on forum for someone to read. Trevor :)	Trev (427)
522880	2007-02-05 10:34:00	Also check the processes tab to see which process is taking up all your cpu. I usually find that when that happens it's internet explorer hung on something--close it and the cpu is freed up.	RealBigDog (11623)
522881	2007-02-05 19:56:00	Thanks. Here is the log. Logfile of HijackThis v1.99.1 Scan saved at 8:39:23 a.m., on 6/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Windows Defender\MsMpEng.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Ahead\InCD\InCDsrv.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe H:\WINDOWS\system32\brsvc01a.exe H:\WINDOWS\system32\brss01a.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe H:\Program Files\Symantec AntiVirus\DefWatch.exe H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe H:\WINDOWS\system32\GEARSEC.EXE H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe H:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe H:\Program Files\Symantec AntiVirus\SavRoam.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Symantec AntiVirus\Rtvscan.exe H:\WINDOWS\system32\MsPMSPSv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe H:\Program Files\Apoint2K\Apoint.exe H:\WINDOWS\System32\NILaunch.exe H:\Program Files\Common Files\Real\Update_OB\realsched.exe H:\Program Files\Ahead\InCD\InCD.exe H:\Program Files\USB_HD\GPIOManager\GPIOManager.exe H:\Program Files\TCM\notifyme.exe H:\Program Files\Common Files\Symantec Shared\ccApp.exe H:\PROGRA~1\SYMANT~1\VPTray.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Messenger\msmsgs.exe H:\PROGRA~1\MI3AA1~1\wcescomm.exe H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe H:\PROGRA~1\MI3AA1~1\rapimgr.exe H:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE H:\Program Files\Apoint2K\Apntex.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Documents and Settings\Administrator\My Documents\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - H:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] H:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Net-It Launcher] H:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [GPIO] H:\Program Files\USB_HD\GPIOManager\GPIOManager.exe O4 - HKLM\..\Run: [TCM Notify-Me] h:\Program Files\TCM\notifyme.exe O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] H:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = H:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - H:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: ppctlcab - 69.44.122.156 O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - 69.44.122.156 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - download.zonelabs.com O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - ax.phobos.apple.com.edgesuite.net O17 - HKLM\System\CCS\Services\Tcpip\..\{FD8FED1F-6C45-431D-947A-3EB806C50035}: NameServer = 202.27.158.40,202.27.156.72 O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - H:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EpsonBidirectionalService - Unknown owner - H:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\system32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Macromedia - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - H:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe	mcjelly (3439)
522882	2007-02-05 20:15:00	The log looks ok but run HJT again (unzip it and put it in its own folder first). Click on these entries and tick fix checked. Close browser/s O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Uninstall Java (and all previous versions) and get the update in my sig below,. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - H:\Program Files\Microsoft Money\System\mnyviewer.dllersions of Sun Java). You can get the latest version which is in my sig below.	Speedy Gonzales (78)
522883	2007-02-05 22:18:00	Its most probably Symantec causing the prob. It's not light on resources.	Speedy Gonzales (78)
522884	2007-02-05 22:49:00	Thanks. I've done all that except which java download do I need from that page as a normal user??	mcjelly (3439)
522885	2007-02-05 22:53:00	The Java Runtime Environment (JRE) 6 one.	Speedy Gonzales (78)
522886	2007-02-05 23:12:00	Thank you speedy and others very much appreciated.	mcjelly (3439)
522887	2007-02-06 05:59:00	Disable the indexing service in Services. Start/Programs/Administrative Tools/Services/Double click Indexing Services/Set to - Startup type disabled/Stop the presently running service.	zqwerty (97)
1 2