svchost.exe using 40% CPU

B

Bencze

New member
Hi, I used to use Spybot S&D 1.3 and its TeaTimer component, and yesterday I decided to update to 1.4. After installing and getting the updates, I ran a scan and this is what was removed:

--- Report generated: 2006-08-22 21:43 ---

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsv36.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsv37.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsv3B.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsv3C.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsq4.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsc5.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsg5.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nss6.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsk7.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsn7.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nst7.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsk8.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsn8.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nst8.tmp

HotsearchBar: Temporary file (File, fixed)
C:\Documents and Settings\Bencze\Local Settings\Temp\nsx9.tmp

Vcodec.eMedia: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodec.Chl

Vcodec.eMedia: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ecodec.exe\=...C:\Program Files\Media-Codec\ecodec.exe...

Vcodec.eMedia: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ecodec.exe

Zlob.Downloader: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\wininet.dll=...regperf.exe...

Zlob.Downloader: Data (File, fixed)
C:\WINDOWS\system32\stdole3.tlb
Click to expand...

Ever since completing that scan, I've had one instance of "svchost.exe" using upwards of 20-40% of my CPU at any given time. It begins just a few minutes after I start my computer and it makes no difference whether I am connected to the internet or not.

I ran Tasklist /SVC in cmd.exe and it gave me the following services running under each instance of svchost.exe:

svchost.exe - RpcSs
svchost.exe - AudioSrv, CryptSvc, Dhcp, dmserver, Netman, Nla, ShellHWDetection, TermService, Themes, TrkWks, uploadmgr, W32Time, winmgmt
svchost.exe - Dnscache
svchost.exe - LmHosts, WebClient
svchost.exe - stisvc

After end-tasking the one using all the resources, it seems it's the second one running the 13 services. Those services seem legit, so I don't know what the problem is. The only sure thing I know is that it happened right after installing S&D 1.4 and running a scan, so that's why I thought I'd come here and ask.
 
After leaving my computer on for about two hours, the problem apparently fixed itself. Things are back to normal.

Thanks anyway and keep up the good work!
 
You must log in or register to reply here.
Back
Top