SVSHOST.exe unusual usage

! 0 t A

! 0 t A

Skilled
This has happened first time since i have assembled my rig...

When i startup my PC this svchost.exe usage goes really high..as in mem usage tab in TASK MANAGER shows 80k which usually stays at a meager 23k...

This thing goes for about a good 20-25 seconds and then my exlorer.exe takes up more memory than its supposed to...

I dont notice that much of a diff. in the performance after this thing gets over!!!ONLY while this is going on my PROC. USAGE i 100%

I read about it on the net...and quite a few articles were pointing towards VIRUS infection while a few were indicating towards a screwed up SVCHOST.exe file ...

WHATS the problem here???

This doesn't happen every time but say 2-3 out of 5 times!!!
 
Thnx for the quick reply dude!!!

Lemme see if the thing solves my problem..

Actually the thread u showed me gave the reason for multiple instances of SVCHOST.exe....but not the specific solution of my problem!!!
 
guys,

i am adding to the current posted thread, the reason beeing i 2 have noticed the same issue. upon system reboot or even when i start in the morning, proc usage shoots to 100% utilizing about 90k of ram. i have tried scanning the pc with spyware doctor, webroot spysweeper, windows defender, lavasoft adaware and spybot and i havent found any explanation for the above reason. i have also scanned the pc online and offline for viruses or worms, using symantec client security, the corporate version of symantec av and the online scanner @ mcafee.com.

however, i found an instance of a file called microsoft.exe resident in the system32 folder which i deleted, please note file not associated with any prog or process, made the system a bit smooth on resources upon restart.

please note this is not the solution one needs as when u restart the pc, the same issue again.....

i hope that some1 can think of something while i 2 am trying to figure a way out.
 
@prafulk
Download security Task manager and as eddy said, post us the log.

@vishalk
you can also do the same. Added to that, can u pls post us the processes in startup. use msconfig for that. also spybot gives u a better way of handling startup apps. let us know man!
 
I've attached a tool.
It lists the dlls(modules) in each process.
Select the svchost.exe and save log and post it here.
 

Attachments

  • cprocess.zip
    38.6 KB · Views: 130
Thanxs FOR THE SUPER QUICK REPLIES GUYS!!!

vishalk said:
guys,
however, i found an instance of a file called microsoft.exe resident in the system32 folder which i deleted, please note file not associated with any prog or process, made the system a bit smooth on resources upon restart.
Click to expand...

Well there was no such file in MY directory!!!:no:

I have attached the LOGS...nothing seems suspicious to me but YOU guys no better.:hap2:
 
jayken said:
I've attached a tool.
It lists the dlls(modules) in each process.
Select the svchost.exe and save log and post it here.
Click to expand...

This program showed me 5 svchost.exe files...all with different dlls...so which 1 should i select??:ashamed:
 
Well i have WINDOWS DEFENDER installed and it isn't showing anything!!

The thing has fixed by itself for the time being lets see WHAT happens!!!
 
R3 - URLSearchHook: Indians Radio Toolbar - {c48a0219-d05c-4708-82f9-abc87642e239} - C:\Program Files\Indians_Radio\tbIndi.dll
O3 - Toolbar: Indians Radio Toolbar - {c48a0219-d05c-4708-82f9-abc87642e239} - C:\Program Files\Indians_Radio\tbIndi.dll
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [iChat] C:\PROGRA~1\ICHAT\iChat.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{25990892-D727-48DD-8F0C-31F403EF1425}: NameServer = 202.54.10.2,203.197.12.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{25990892-D727-48DD-8F0C-31F403EF1425}: NameServer = 202.54.10.2,203.197.12.42
O17 - HKLM\System\CS2\Services\Tcpip\..\{25990892-D727-48DD-8F0C-31F403EF1425}: NameServer = 202.54.10.2,203.197.12.42
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
Click to expand...

i would suggest following :

re scan with hijack this mark the entries in red and click fix this.

about entries in blue i do not have much info but seems you are running some internet related program
Indian Radio
Bricopacks (ubericon and YZshadow, YZtoolbar)
Roxio Live services.

these i hope are your known installation, but if you do not have clue about its safety please remove them.

Also i noted pressence of Flashget in your system i would recommend to drop it and use free download manager.

hope this helps.

ps : also the entries which are showing IP addresses are either your ISP one or online Gaming servers, check them too.

i also noticed presence of X-fire gaming messenger if you intend to use it then drop the entry marked with xfire_lsp.dll as it is.
 
Thanx for the in depth analysis......

All the three programs mentioned by you are recognized by me...as in I have installed them myself!!

And yes i do use xfire sometimes!!

I'll try to get a fix on those red entries THNX!!!
 
medpal said:
Also i noted pressence of Flashget in your system i would recommend to drop it and use free download manager.
Click to expand...

Why do You suggest me not to use it!!!:(

I find it pretty good..gives me a good dwnld speed and i find the interface pretty simplified..

IF NOT THAT!!then which one should i go FOR:huh:

I am not familiar with free download managers!!!:no: :no:
 
prafulk said:
Why do You suggest me not to use it!!!:(

I find it pretty good..gives me a good dwnld speed and i find the interface pretty simplified..

IF NOT THAT!!then which one should i go FOR:huh:

I am not familiar with free download managers!!!:no: :no:
Click to expand...

actually flashget is known to install spywares (earlier when it was shareware).

by free download manager i meant the program (FDM) its the name of the program itself and its good too.

the three programs if not necessary try to uninstall them and clean system.

check with
a good antivirus
a battery of antispywares / antimalware programs

i recommend adaware se personal + spybot s and d + microsoft antispyware

also install a good firewall

also install spyware blaster (this is resident shield will prevent the infection)
 
Back
Top