svchost sucking up processor speed!?!

[CriTiCaLops]

alright, i've done tooooonnnnssss of searches on this and scans and blah blah, so i don't think there is a super simple answer to this.

i hope, however, that my two problems are connected.

first i get popups. they come through ie which i don't use, even when it's closed. i use firefox. or they come through firefox as i'm using it. i've lessened the distractions, but it's still hard to get stuff done with this annoyance. i've done all kinds of scans and eliminated all adware, but occasionally get virus warnings via anti-vir, my antivirus program.

next is my processor problem. i have an athlon 1.4ghz but it's been runnin veryslow since my popup problem. i've checked on this and i found it's most likely a problem. there are currently 7 svchost processes running individually. and one of them takes up between 40-70 percent of my cpu according to task manager. and the remaining percent is usually taken up by avguard.exe, my anti-vir guard program.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\User>tasklist/svc

Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 624 N/A
csrss.exe 672 N/A
winlogon.exe 696 N/A
services.exe 740 Eventlog, PlugPlay
lsass.exe 752 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 932 DcomLaunch, TermService
svchost.exe 1008 RpcSs
svchost.exe 1100 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1148 Dnscache
svchost.exe 1216 LmHosts, RemoteRegistry, WebClient
spoolsv.exe 1552 Spooler
AVWUPSRV.EXE 1696 AVWUpSrv
MDM.EXE 1752 MDM
nvsvc32.exe 1776 NVSvc
svchost.exe 1816 RpcxSs
svchost.exe 1836 stisvc
wdfmgr.exe 1852 UMWdf
MsPMSPSv.exe 1920 WMDM PMSP Service
alg.exe 580 ALG
AVGNT.EXE 1196 N/A
rundll32.exe 2132 N/A
rundll32.exe 2172 N/A
iPodService.exe 3556 iPodService
AVGUARD.EXE 3024 AntiVirService
explorer.exe 7368 N/A
creatorc.exe 9816 N/A
firefox.exe 1864 N/A
IEXPLORE.EXE 3716 N/A
cmd.exe 7068 N/A
tasklist.exe 3988 N/A
wmiprvse.exe 8936 N/A

as you can see, i have many svchost's running. idk if this is normal.

anyhelp would be appreciated, as i have tried everything i can think of 5 times.

p.s. i started burning a normal audio cd that takes 10-15 mins for me, and it took 180 mins to finish.

 

[linney]

Check your speed in Safe Mode.

Check it as another user in Normal Mode.

Any differences means third party process interference, malware, or a corrupt profile.

If you feel it is not malware try this.

310353 - How to Perform a Clean Boot in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;310353&FR=1&PA=1&SD=HSCH

316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;316434&FR=1&PA=1&SD=HSCH

310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;310560&FR=1&PA=1&SD=HSCH

Try running ChkDsk to check your drive for errors. Right click your Drive icon/ Properties/ Tools/ Error Checking.

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

HOW TO: Verify Unsigned Device Drivers in Windows XP

http://support.microsoft.com/support/kb/articles/q308/5/14.asp

If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

http://support.microsoft.com/support/kb/articles/q315/3/41.asp

I am voting for malware but I didn't want to offend you, I would try this approach in the first instance.

Removing adware & spyware
faq608-4650

Microsoft (GIANT Antispyware) Beta available
Thread779-979113

Try the free version of "Ewido"

http://www.ewido.net/

If your really stuck you can post the "Hijack This" log and someone might recognize a problem.

 

[stduc]

Run Hijackthis and use the Hijackthis checker at

http://www.hijackthis.de

 

[CriTiCaLops]

damn thanks, guys!!

seroiusly i have like a billion tools now to use against this. and it seems like malware completely, but i've used so many things to fight it with no success. i'll definately use some of the sources you provided.

thx especially to lenney for the kindness. it's amazing that someone would go that much out of his way just to help some stranger. God bless you.

 

[CriTiCaLops]

ok, i've been doin most of these, and still no luck. it also seems like everytime i run an adware check, i get new results. without even visiting any websites or downloading anything. also my antivir comes up with new viruses every few hours. if i try to delete the viruses, they will be detected again in 5 mins, so i quarantine them, this seems to work.

also, what is autvices? when i run diskdefragment, the only things that won't defragment (besides my large game texture files and .rar files) is about 30 different files in the directory \program files\autvices\cache\

i've done a google search on this with one result that doesn't help me at all.

an example of the file:

\program files\autvices\cache\0000263d_4396068e_000aba95

they are only a couple hundred kb's in size, but still possibly a problem.

after my microsoft anti-spyware scan finishes i'll log onto a different username and see what i find.

 

[electronicsfreak]

Download and run this, this antivirus has amazed me to know end as so much I removed my 2 old ones I was using. Give it a shot and see if it helps. Choose a full system scan on it.

http://www.ewido.net/en/

 

[stduc]

Also can you post a hijackthis logfile for me to take a look at?

 

[CriTiCaLops]

as for the ewido, when i run the sys scan it does like a constant refresh thing, where the program kinda flashes like it's as if a popup is tryin to use ewido to show itself. the scan will start but stop within a few seconds.

Logfile of HijackThis v1.99.1
Scan saved at 6:30:00 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\Torrents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "

http://www.google.com/");

(C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3inxp5ct.slt\prefs.js)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\h0l2la3o1d.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\miokfeig.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[stduc]

Apart from the fact that you have some dll's missing I can't see anything amiss.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\miokfeig.dll (file missing)


You should be able to restore these, either by copying from another system, or by performing a system repair. Except for msgrapp.dll which can be re-covered by re-installing MSN messenger. I google for miokfeig.dll but got no matches! So I have no idea what that belongs to.

I don't recognise this entry though

O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\h0l2la3o1d.dll

So I would be tempted to delete it.

I also note that I don't have any of the missing dll's on my system. But that means nothing of course!

You may care to read this thread - it look slike it could be useful

http://forums.techguy.org/printthread.php?t=352744

Best of luck!

 

[creasorjr]

Hello,

I would like to suggest a general cleanup! There are some programs that work well in cleaning up. The registry is a place where you can have some big problems.

For the registry I would suggest you download, "Registry Mechanic." You will be amazed at how many problems there can be in your registry - in the 100's. Registry mechanic can handle it though.

Next, there is an Ad-Aware SE Plus program you can download a free copy. Just do a search for that name and it should get you right there.

After running these programs, run "Disk Cleanup" from: Start > Programs > Accessories > Sys Tools > System Cleanup. Make sure to check everything. Also, clean your CACHE.

Now, shut down the computer and give it a chance to settle down (about 5 minutes) and cold boot and see what you've got.

This generally works for me when I have problems. Good Luck and I hope you can get out of your problem.

 

[linney]

See if the link I quoted from "Option^Explicit" in this thread gives you any ideas?

problems with IE and explorer
thread779-1049037

 

[CriTiCaLops]

ok, i ran ewido in safe mode and it found nearly 200 problems. i got my processor speed back, it now idles at 0-10% which is good because that was my biggest concern. i stilllll get an occasional popup, but i'm gonna do some registry fixes and more malware scans and hopefully knock that out.

also, off topic, but does how full you hardrive is affect computer performance noticeably? just curious, b/c some less learned people have suggested this.

thx guys, i'll refer back to here if i get anything else.

 

[linney]

It is impossible to Defrag any drive with less than about 15% free space. An non-Defragged drive can be a slowing factor.

Description of the Low Disk Space Notification in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;285107&FR=1&PA=1&SD=HSCH

If your running scans, the fuller the drive, the longer they take.

 

[stduc]

Basically, the fuller your boot disk becomes, the longer your bootup and shutdown times become. This is because as you install and delete software and generally use the system the files required become further apart on the drive. In addition there are likely to be more of them. This increases the amount of time the drive heads spend seeking. Eventually even a defrag doesn't help much.

There are ways to avoid this happening.

1. Partition your hard drive. Make the C partition as small as you dare. But not so small you run out of space! This forces all your programs and boot files to be in one area of the drive.
2. Define the swap file yourself and make it a fixed size.
3. Don't store data on the C drive. Its a pain defining the "my documents" folder to be on a different drive. But its easy to set up links in "my documents" to another drive.
4. Defrag the C drive on a regular basis. Try to keep it at no more than 60% full.

 

[stduc]

By the way my email prog, Eudora gives all notifications mails about this thread two warning chillies about potential bad language. I suspect the word 'sucking' has something to do with it - LOL

 

[jim532]

Also try this, download and install Crap Cleaner

http://www.ccleaner.com/

download and install Spysweeper -

http://www.webroot.com/

Disconnect pc from network and resart in Safe Mode.
Run the Spy Sweeper
next
Run the Crap cleaner Cleaner App only not the other stuff)
make sure there's a check in the box nect to everything.
then when its done Fix all it finds.
Next resart in Normal mode and disable system restore then reboot and re-enable system restore. (malicious stuff is hidden in there now too).

Spy Sweeper got rid of stuff that the Ewido/Microsoft Spyware/Ad-aware and Spybot S&D combination could not get rid of. Even though the are very good programs, especially Ewido.

 

[CriTiCaLops]

haha @ stduc

and thx, jim i'll do that too, sounds like a good idea.

and i'm officially clean now, haven't had any popups for at all since my last reboot after my final ewido and ad-aware scans. i'm definately gonna use crap cleaner, and go thru myself and try to delete some unused junk. THANKS EVERYONE!!

next is a new harddrive. i'd like something separate just to store my games and backup my music for my ipod. preferably somethin between 40-80gb, anyone got some ideas?

i think i'll just stop by best buy (after x-mas) and pick up one of those bulky external hd's around 50g for around $100, unless someone's got a better idea.

 

[stduc]

You might want to consider buying two. I say that because although external HDD's are one of the fastest & easiest ways of backing up, so you actually tend to do it! You only have one device - so there's still a risk. If you can afford it buy two and backup to each alternatively.

 

[CriTiCaLops]

so you're saying buy two ext hdd's AS WELL as my internal hd?

 

[stduc]

Yes, I'm suggesting that you consider getting two external HDD's. Then devise a scheme, such as backing up to each one alternately.

It depends on how safe you want your data to be. I'm not saying you must get two. I just thought I would put the thought in your head.

Let me put it this way. If you happen to be writing the next pulitzer prize novel on the machine, I would say, definately use two external HDD's for backup! If, on the other hand its just a log of your messenger chats, perhaps that would be overkill!