svchost.exe takes up 100% of CPU on start up.

[johnc123]

Everytime I boot up the svchost.exe runs and takes up all the CPU memory. I have run Microsoft Update several times now and it still tries to run this process. I have to go in and end the process manually, then the computer runs fine. If I do not end the process, the computer just locks up. What can I do to fix this problem? Can you help me?

I have run the following; Ad adware, Spy-Bot search and destroy, Avg anti-spyware, Avg anti-virus and Highjack this. Nothing seems to come up when these are run. Let me know what to do.

Thanks,
John

 

[eyeCpc]

It sounds like you already have Asked Leo Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more. - Ask Leo! with Ad-Aware and Spybot S&D used along with AVG.

There are two blaster worms that will slip by AVG and other antivirus programs with ease. If you look in the processes part of the task manager and see some 7 or 8 copies of the svchost,exe running you have an infection of some type. Running a search to find any copies in a location other then in the C;\Windows\system32 folder points to it. The links here offer details and removal information on the two Symantec lists.
For the W32 Welchia worm, W32.Welchia.Worm - Symantec.com

W32 assarm@mm, W32.Assarm@mm - Symantec.com

McAfee also shows the W32/jeefo at McAfee – Computer Anti-Virus Software and Internet Security For Your PC

 

[johnc123]

Hello eyeCpc,

I ran all that stuff on my own, I have no idea who "Ask Leo" is but I will read through the material that you sent me.

I downloaded the W32.Welchia.Worm - Symantec.com and it found nothing. I have already turned off my "system restore" because somewhere in there I read that the worm can hide there and cannot be detected. Still found nothing.

I followed the directions for W32.Assarm@mm - Symantec.com but could not figure out how to get to the win.ini files on my computer.

McAfee was no help either. So now where do I go from here?

Here is a HighjackThis log that I just ran a second ago. Maybe that will help you to see what the problem might be.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:55 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\John Conca\My Documents\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MetroList MLS Prospector, Member Services – member access only
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178258256014
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Thanks for the help,
John

 

[veg1992]

nothing wrong with ur system.... just stupid microsoft update, just disable auto updates and turn of updates in fact and manually do it yourself

 

[carnageX]

If you look in the processes part of the task manager and see some 7 or 8 copies of the svchost,exe running you have an infection of some type. Running a search to find any copies in a location other then in the C;\Windows\system32 folder points to it.

There's 8 copies in my Task Manager, but I ran a search in all folders/drives, and the only svchost.exe that came up was the one in the C:\Windows\sytem32 folder lol.

 

[eyeCpc]

You have a few items to have HT fix seen in the log there.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MetroList MLS Prospector, Member Services – member access only

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

If you use the search for files option and find any svchost.exe outside of the system32 folder then you would have a concern. But when using AVG along with Ad-Aware and Spybot S&D and not finding anything the other tool I can point you to is Spyware Terminator found at Spyware Terminator - Spyware & Adware Real-Time Protection That likes to find the things that the others miss. Try reducing some unneeded startups with the msconfig to see it that helps any.

 

[Wildside]

eyeCpc, so what ur saying is.........if there is multiple svchost.exe running in the processes, is that bad?

because i think my computer had some.

 

[jaeusm]

if there is multiple svchost.exe running in the processes, is that bad?

No. Svchost.exe is just a generic process that allows services to run from dll's. You can think of svchost as a car, and the services as licensed drivers. When a service needs to run, it gets in the car and drives.

Yeah, it's a corny analogy, but it's the best I can come up with right now.

 

[peterhuang913]

i have six copies and its not affecting my computer, i think the problem might be some other error

 

[Alvin.C]

Hello,

No. Svchost.exe is just a generic process that allows services to run from dll's. You can think of svchost as a car, and the services as licensed drivers. When a service needs to run, it gets in the car and drives.

Yeah, it's a corny analogy, but it's the best I can come up with right now.

I think you've explained it well.

Because many services run through one Svchost.exe generic host process, you can't see what those services are.

To see what services each of the Svchost.exe processes are running, go to Start > Run > Type CMD and hit enter > Make sure you're in the C:\ directory by typing cd c:\ enter > At c:\> Type:

tasklist /svc /fi "imagename eq svchost.exe

...and hit enter.