svchost.exe problem

**Atsuke** · 2006-12-03, 22:56

Hello and it seems that you guys have known me for the many problems I've had in the past. (I think the problems I'm still having today are linked to the past problems)

My svchost.exe seems it's taking 50% of the CPU and sometimes it jumps to 70%. There are 6 of these processes running in the background. Only one of those are taking too much CPU and its impact is making my computer sluggish. I've tried scanning it but it found nothing of a virus or worm and it's pissing me off... It might be a Jeefo virus or a worm or something. When I go to Task Manager and End its process (even though it's a system process), it stops and then my computer is back to normal. My system idle process is back to where it's supposed to be (95~99%) and it seems my computer is fast again. Anyone got a solution to the svchost.exe and an explaination for this? I need a solution to prevent it from hogging the CPU and its startup on windows.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 1:56:39 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Aqua Dock\Aqua Dock.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Azureus\Azureus.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [VisualTaskTips] D:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: McAfee Stat.lnk = C:\Program Files\Network Associates\VirusScan\shstat.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122145812718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123119616593
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

**Atsuke** · 2006-12-03, 23:29

Update:

I am having the exact same problem as this dude here:
http://help.lockergnome.com/general/...pict47443.html

UPDATE AND MORE INFO: My svchost.exe is kinda like at 50% running memory at 30,000KB~100,000 KB (unstable, keeps on changing). Usually goes high around startup. I couldn't revert my hard drive with GoBack (v3.1 Personal Edition) ever since I got this problem.

Thank you so much for your help! Without you guys my valuable data for school would be lost!

**LonnyRJones** · 2006-12-08, 20:56

Hi

I doubt there is malware involved, you could double check by using sysclean or drweb.
If nothing is found I suggest findng a more general troubleshooting forum to post in.

**Atsuke** · 2006-12-08, 23:50

Haha OK thanks, I was just making sure there's no worm or anything because I'm worried that it might affect my other computers. Thanks and sorry for all the trouble I put you guys through.

By the way, Happy Holidays

**Atsuke** · 2006-12-09, 00:04

OH yeah and for those who have this problem too, I've found the solution to the problem (You're in luck! I know how it feels searching 4 hours on google without finding a solution)

Symptoms:
svchost.exe is taking up too much CPU, around 50% and taking a lot of Memory Usage. Some users may encounter a full 100% CPU usage, see solution below.

Solution:
--> Stop the Automatic Updates Service by going to Control Panel > Administrative Tools > Services.
Find the Automatic Updates service on the list on the right hand side of the window. Right click on the list and click Stop.

--> Download http://go.microsoft.com/fwlink/?LinkId=43264
After downloading the file from Microsoft, you may be asked to Validate your copy of windows. If not, run the tool and install it.

--> Restart your computer in SAFE MODE. (What is Safe Mode?)
~Go to the directory of WINDOWS (Located in C:\WINDOWS)
~Locate and RENAME the folder 'Software Distribution' to 'Software Distribution.old'. After renaming it, find a text file called 'Windows Update.log' (some users may have a 'WindowsUpdate.log' without a space). Rename 'Windows Update.log' or 'WindowsUpdate.log' to 'Windows Update.log.old'

--> REBOOT your computer in Normal Mode
Go back to Administrative Tools and click Services. Find the Automatic Updates service. This time, click RESTART to restart the service. Don't end it, don't start it, just RESTART it.

Good luck and hope this thread is useful for thousands of users who are experiencing this problem.

If you know what System Restore is, it is recommended that you make a restore point just in case you spoof up. If you forgot to restore a point, just rename the files that you added '.old' to.

**LonnyRJones** · 2006-12-09, 08:26

Good job

Surf safe

Thread: svchost.exe problem

Thread Tools

Display

svchost.exe problem

Posting Permissions