SCVHOST is sucking up my processor - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 04-20-2004, 03:29 PM   #1 (permalink)
Junior Techie
 
Join Date: Apr 2004
Posts: 41
Default SCVHOST is sucking up my processor

ok, im having problems with scvhost .exe under local services. it is sucking up my processer and is realy causing alot of lag and greif in games. im more of a hardware guy so i have no clue where to begin.

help?
__________________

__________________
AMD Duron 1.2 ghz
One 512mb stick SDRM
One 128mb stick SDRAM
80gb Seagate HD
120gb Maxtor HD
Nvidia Gforce FX 5200 PCI

Its better to live in the light than to curse the darkness and better than both to remain unseen...
Zabador is offline  
Old 04-20-2004, 03:37 PM   #2 (permalink)
Ultra Techie
 
Join Date: May 2003
Posts: 548
Send a message via AIM to aye29 Send a message via Yahoo to aye29
Default

scvhost.exe could mean you have a virus. svchost.exe is a Windows process. Do a virus scan and see if you find anything.
__________________

aye29 is offline  
Old 04-20-2004, 03:41 PM   #3 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,007
Default

check out this post i had questioning svchost:
http://www.tech-heaven.com/forum/sho...threadid=15827

also this site:

http://www.answersthatwork.com/

it tells u what different apps need to run in background
jaksback is offline  
Old 04-20-2004, 07:07 PM   #4 (permalink)
Junior Techie
 
Join Date: Apr 2004
Posts: 41
Default

the SCVHOST is a type-o sorry its SVCHOSt. the legit program.

ive gone through the web sites and nothing turned up of concern. ive noticed that windows seems to do this with several programs. winlogin, svchost, lsass, etc.

any other ideas?
__________________
AMD Duron 1.2 ghz
One 512mb stick SDRM
One 128mb stick SDRAM
80gb Seagate HD
120gb Maxtor HD
Nvidia Gforce FX 5200 PCI

Its better to live in the light than to curse the darkness and better than both to remain unseen...
Zabador is offline  
Old 04-20-2004, 07:14 PM   #5 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.


lets see if it is legit
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 04-20-2004, 07:17 PM   #6 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

legit

c:\WINDOWS\System32\svchost.exe

not legit

c:\WINDOWS\svchost.exe
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 04-20-2004, 07:17 PM   #7 (permalink)
Junior Techie
 
Join Date: Apr 2004
Posts: 41
Default

AMD Duron processor 1.30 GHz
632MB or RAM
38.2 gb hard dirve (root drive for programs n such)
111gb hard drive (secondary for media...ANIME!!)
cd r/rw drive
dvd drive
ethernet card
ati tv wonder ve

thats bout it...its not much but i built it my self
__________________
AMD Duron 1.2 ghz
One 512mb stick SDRM
One 128mb stick SDRAM
80gb Seagate HD
120gb Maxtor HD
Nvidia Gforce FX 5200 PCI

Its better to live in the light than to curse the darkness and better than both to remain unseen...
Zabador is offline  
Old 04-20-2004, 07:21 PM   #8 (permalink)
Junior Techie
 
Join Date: Apr 2004
Posts: 41
Default

i do have the c:\WINDOWS\svchost.exe path but nothing comes up on a virus scan, last nite i was in safe mode and ran about 3 virus scans with both norton 2003 and mcaffy and fix-it (dunno if you guys know that one, not that popular but its nice)

i ran that file indepenently n nothing came up still
should i delete or what?
__________________
AMD Duron 1.2 ghz
One 512mb stick SDRM
One 128mb stick SDRAM
80gb Seagate HD
120gb Maxtor HD
Nvidia Gforce FX 5200 PCI

Its better to live in the light than to curse the darkness and better than both to remain unseen...
Zabador is offline  
Old 04-20-2004, 07:28 PM   #9 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

can you run a hjt log please

Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 04-20-2004, 07:43 PM   #10 (permalink)
Junior Techie
 
Join Date: Apr 2004
Posts: 41
Default

Logfile of HijackThis v1.97.7
Scan saved at 7:42:35 PM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Hijank\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.ca/"); (C:\Documents and Settings\jer\Application Data\Mozilla\Profiles\default\sgcj1noz.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchpl ugins%5CSBWeb_06.src"); (C:\Documents and Settings\jer\Application Data\Mozilla\Profiles\default\sgcj1noz.slt\prefs.j s)
O1 - Hosts: 206.230.228.10 auto.search.msn.com
O1 - Hosts: search.netscape.com
O1 - Hosts: ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\PROGRA~1\TOOLBA~1\2020SE~1.DLL (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: byte atom - {48A3851F-7992-F224-4584-D3B6CCBEF709} - C:\PROGRA~1\MULTIB~1\FRAGWAVE.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [saSyncMgr] rundll32.exe sasync.dll,SyncWait app=SearchAnt wait=10
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grokster Support - file://C:\Program Files\websearch\System\Temp\grokstershop_script0.h tm
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Perfect Popup Killer (HKLM)
O9 - Extra 'Tools' menuitem: Perfect Popup Killer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3752108C-976A-4C03-A2AC-70B7EDECAE4F}: NameServer = 168.95.192.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E738B3C8-256B-49CA-9028-4B9DBB4632E5}: NameServer = 168.95.192.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3752108C-976A-4C03-A2AC-70B7EDECAE4F}: NameServer = 168.95.192.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3752108C-976A-4C03-A2AC-70B7EDECAE4F}: NameServer = 168.95.192.1

theres the result
__________________

__________________
AMD Duron 1.2 ghz
One 512mb stick SDRM
One 128mb stick SDRAM
80gb Seagate HD
120gb Maxtor HD
Nvidia Gforce FX 5200 PCI

Its better to live in the light than to curse the darkness and better than both to remain unseen...
Zabador is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:08 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.