Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

4 instances of svchost.exe running - how? - why?

Status
Not open for further replies.
ylustrata

ylustrata

Technical User
Aug 13, 2002
80
US
My laptop is running slow - things take time to launch. Process Explorer shows Services.exe hogging the CPU and FOUR (4) instances of svchost.exe running. How did 4 instances get launched and how can I correct this?

I was bitten by the gibe.b and mofei.b worms. I cleaned up. I have Ad-Aware, Spybot, CWShredder, SpywareBlaster.

Please see if anything is amiss in the following log. Thanks

Logfile of HijackThis v1.97.7
Scan saved at 6:52:05 PM, on 1/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.Exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Atiptaxx.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\svchost.exe
C:\UnZipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = F0 - system.ini: Shell=C:\WINNT\Explorer.Exe
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {70A89DB7-5EC2-4790-AC34-0018FC2E61CB} (oucv3 Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
 
Sort by date Sort by votes
Thanks for the reply. I now understand svchost. But I am puzzled by Services.exe taking up 97% of the CPU every so often. I also looked at internat.exe but it looks clean - filesize, 21Kb. Housecall didn't report a virus infection.
I am running Windows 2000 Professional with service pack 4 which according Microsoft solved the problem with Services.exe taking up 100% of CPU and hanging the system.
Any ideas?
 
Upvote 0 Downvote
Follow up: Services.exe only hogs the CPU when I am connected to a LAN, not while offline.
 
Upvote 0 Downvote
Ok. Services controls all of the Services running on your computer (obviously). Most likely the reason that your CPU doesn't notice it when you're offline, is because most of the services listed aren't used until you connect to your LAN.

I know this doesn't help you to solve this, but at least it gives you a reason why it's happening.. I would contact your System Administrator (assuming you're not them) and find out what services you don't need running on the system.

If you are the system administrator, then I suggest you do some research into what each Service does, and which ones your Network are required to have.

Something I've been doing on my computer (home Network with 2 computers) is to remove loadqm. That's the auto updater for MSN Messenger, so you really don't need it (unless you don't want to wait until you hear from others that Messenger has a new version out that's messing up their computers..lol). Plus, it may be part of the problem. Since everytime you go online (internet), it goes to microsoft's site and checks for updates.

Sorry, I can't be of more help.
Patrick.
 
Upvote 0 Downvote
Thanks for the reply. I'll remove loadqm and see what happens.
 
Upvote 0 Downvote
Nope. Removing LoadQM and restarting didn't fix it. For a moment I thought that it did but a few clicks later Services.exe was again hogging the CPU.

Not sure what services I require from the LAN. All I use it (the local library) for is to connect to the internet.
 
Upvote 0 Downvote
Services.exe is the service control manager. It starts, stops and manages all services on your computer, both network related and those not.

This is not to say that not using loadqm is a bad idea. The MSN Queue Manager Loader is installed with MSN Explorer and MSN Messenger. It can somtimes use a lot of system resources.

 
Upvote 0 Downvote
Process Explorer shows that even with my browser off and no other activity - just the connection to the LAN some thread of Services.exe accesses my Hosts file. Am I wrong to suspect some kind of malware?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
848
goombawaho
goombawaho
pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
772
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx

Part and Inventory Search

Sponsor

Back
Top