scvhost.exe and HackThis log
First of all, my main problem is that recently (2-3 days ago) my laptop has been very slow starting up. This laptop was manufactured on the 1st of December of 2005, and I got it December 2nd of 2005 so as you can see, it's fairly new.
I am in the U.S. Army Active Component and I recently moved to my duty station. Before I left, this computer was running fine. When I left, it was still running perfectly. When I got to my duty station, that's when all hell broke loose. I had NOT connected it to ANY internet source, and all of a sudden I have a hellacious time with Windows. The svchost.exe is CONSTANTLY averaging 91% of my CPU. It drives me nuts!
I try to end the process, it comes back after shutting down some visual aspects of the interface like... it takes the Fisher Price look of the Start bar and task bar and turns it to look like Windows 98! I like the Fisher Price look! Plus a lot of other things, IMPORTANT THINGS, are shut down when that particular process is shut down. Things like the Security Center in SP2 that I have... things like that.
Ad-Aware (Updated with the VX2 cleaner) has been run and everything removed {Still have the problem}, I've run Search and Destroy {Still have the problem}, I have submitted a HijackThis report to Jotti and nothing has come of it. I'm riding on my last nerves here. Anyway, if you can help me with this issue, I have a few things that you might ask for. I have Ad-Aware logs, HijackThis log {Scanned through Jotti, All came up with 'Found Nothing'}.
Just in case you are wondering, I do know a substantial amount of information concerning computers so you wont need to dumb things down for me. I can keep up with whatever you guys (Or gals?) ask me to do. If I can't, I wont pretend I can and move on... I'll ask. Thanks! Oh... if the svchost.exe problem is not something that HijackThis and other things can find, I would still like someone to look at the logs to try and better my laptop. I'll deal with that AFTER this svchost.exe thinger is resolved.
As I said, I'm in the Army and my computer time is limited to where I find a place to connect my laptop... but I should be on every other day to every three days depending on the Sergeant... so, please keep this open? I'll let you know when I resolve the problems with your help. I wont leave and let you sit here wondering where the heck I went and if you fixed my problems.
I appreciate the help!!!
[If Short-Media accepts donations via PayPal or checks or something, let me know and I'll send in a good amount of money once this problem is GONE.]
This problem really makes me angry. Again, thank you in advance!
Private First Class Kreth, Brandon J. [United States Army Infantry]
FOLLOW ME! <-- Infantry Motto
I am in the U.S. Army Active Component and I recently moved to my duty station. Before I left, this computer was running fine. When I left, it was still running perfectly. When I got to my duty station, that's when all hell broke loose. I had NOT connected it to ANY internet source, and all of a sudden I have a hellacious time with Windows. The svchost.exe is CONSTANTLY averaging 91% of my CPU. It drives me nuts!
I try to end the process, it comes back after shutting down some visual aspects of the interface like... it takes the Fisher Price look of the Start bar and task bar and turns it to look like Windows 98! I like the Fisher Price look! Plus a lot of other things, IMPORTANT THINGS, are shut down when that particular process is shut down. Things like the Security Center in SP2 that I have... things like that.
Ad-Aware (Updated with the VX2 cleaner) has been run and everything removed {Still have the problem}, I've run Search and Destroy {Still have the problem}, I have submitted a HijackThis report to Jotti and nothing has come of it. I'm riding on my last nerves here. Anyway, if you can help me with this issue, I have a few things that you might ask for. I have Ad-Aware logs, HijackThis log {Scanned through Jotti, All came up with 'Found Nothing'}.
Just in case you are wondering, I do know a substantial amount of information concerning computers so you wont need to dumb things down for me. I can keep up with whatever you guys (Or gals?) ask me to do. If I can't, I wont pretend I can and move on... I'll ask. Thanks! Oh... if the svchost.exe problem is not something that HijackThis and other things can find, I would still like someone to look at the logs to try and better my laptop. I'll deal with that AFTER this svchost.exe thinger is resolved.
As I said, I'm in the Army and my computer time is limited to where I find a place to connect my laptop... but I should be on every other day to every three days depending on the Sergeant... so, please keep this open? I'll let you know when I resolve the problems with your help. I wont leave and let you sit here wondering where the heck I went and if you fixed my problems.
I appreciate the help!!!
[If Short-Media accepts donations via PayPal or checks or something, let me know and I'll send in a good amount of money once this problem is GONE.]
This problem really makes me angry. Again, thank you in advance!
Private First Class Kreth, Brandon J. [United States Army Infantry]
FOLLOW ME! <-- Infantry Motto
0
This discussion has been closed.
Comments
First let me say Thank You for your service to our country !!
The svchost.exe is a windows process that hosts services. You can have several running at any one time. And each one can be hosting several services. Here is a link to a MS article that may help you debug which service is hogging all the cpu time.
http://support.microsoft.com/?kbid=314056
Let us know what you find.
Be Safe
Scott
Thank you for a very quick reply and thank you for your support of my career!
I already came across that article and I didn't find it very useful. Perhaps you know of the process that handles the GUI?
I know there's many svchost.exes, I know what they do and I know which one is giving me problems. I just need to know if there is anything I can download or check to see if the list of things that svchost.exe has to start up has been edited by a virus to include a whole slew of programs which could be slowing down my computer.
I took my computer to the GeekSquad at Best Buy about an hour ago and they told me I have inadequate cooling on my NEW Dell laptop.... so I'm going to contact dell and see exactly what they sold me. I'll tell you what I find out. In the mean time, can you check to see if there's something I can do to identify why this process is going on a rampage?
-Again, PFC Kreth
I have found that the Ewido secrity suite finds many things that spybot and adaware do not. It also lists all startup programs and has registry editing links. give it a shot and report back.
now drop and give me 50 private
Scott
Downloaded it. Do I run the Complete system scan or one of the individual modules?
-PFC Kreth
[I will do the pushups if I you get this thing working!]
run a full system scan
Then all the individual modules will have all the info they need.
Scott
I anticipated you saying that and began it 15 minutes ago. So far I have 67 cookies from Mozilla.... I'll let you know and post the results when I'm done. Oh, I analyzed my startup thinger. Will showing you the report help me any?
-PFC Kreth
Probably not
You know what is on your system better than I do. If you see anything suspicious that you can not identify ...Google it.
Scott
ewido anti-malware - Scan report
+ Created on: 6:43:53 PM, 1/7/2006
+ Report-Checksum: 7CE2FBE7
+ Scan result:
:mozilla.8:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Creature\Application Data\Mozilla\Firefox\Profiles\skynaing.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@data4.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Creature\Cookies\creature@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
::Report End
If you are still having the problem then I would go back to my first post and follow the steps outlined in the MS article. Write down each listing for each svchost that is running and try shuting them off one at a time in the "services console " in computer management instead of killing the whole svc process. or google each one to see if they are all legit. The problem is that they are grouped with other services that are important. And you just can't kill the whole group, as you found out. So it is time to roll up the sleeves and dig into each instance of svchost.
Good luck my friend and try not to pull out any hair
keep us posted
Scott
For God's sake, this is what I was hoping to avoid, lol . I thought that's what you guys were here for. Alright... I'll be having a late night I guess. No poker for me! I will keep you posted and thank you. I'll also update you on how the Dell chat thing works out too. Much appreciated, your time.
Sincerely-
PFC Kreth [United States Army Infantry]
Ahha! I actually got ahold of dell and they gave me a nifty program called CounterSpy and it detects a boatload more than any software ever did for me, save for the Ewido prgram. They detected the same amount. I didn't investigate Ewido in depth, but it seemed to me that I couldn't remove what it found, though feel free to correct me if I'm wrong. With CounterSpy, it detects EVERYTHING on your computer, and you can get rid of it. It even checks to see if the .dll's that it's removing will damage another program. It's a really nice program. WITH permission, I would like to post the address to get the program though I don't want to violate any rules.
-PFC Kreth
As Far as posting a link to Counter Spy I am sure it would depend on weather or not it is a freely distribtlable program. I just googled it and went to sunbelt-software. They have a free trial download. If that is what your talking about I am sure it would be fine.
So
is it fixed ?
Scott