svchost.exe using 100% of CPU

A

amber

Hi there,
I'm having problems with a new Dell laptop.
It's running XP. There was a virus on it (Msblast) which
has been removed. When the laptop boots up, the task bar
isn't visible...if you move the mouse over where the Start
button should be, an hourglass appears. I can open things
that have icons on the desktop (My Computer for ex).
Ctrl-Alt-Del shows that the CPU is at 100%, and that
svchost.exe is running 4X and is using up all the CPU.
I'm not sure if this is a result of the virus..but I'm
unable to do much. I can connect to a dial-up connection,
but can't browse anywhere, so I can't download the patches
needed on this computer...
I'm stuck.
Help please!
TIA
amber
 
D

Dave Starcher

If it's new and you haven't customized it much or stored
too much data on it, I'd blow it away and start fresh. By
that, I mean run the product recovery or reinstallation CD
that should've come with your computer. It should put
your system in it's original shipping state. From there,
you can reinstall your applications/data and apply your
updates and antivirus patches to avoid the virus
infection. This would be the best solution as far as
removing ALL remnants of the virus and it's effects. This
is a drastic step, however and you shouldn't proceed if
you don't have your data backed up or you don't have the
media to reinstall your applications. Beware that this
operation will completely erase the current contents of
your hard drive and re-install the operating system so you
shouldn't proceed if you're not comfortable with the
possibility of losing anything on your laptop. Good Luck.
Dave
 
G

grear

Tips for troubleshooting the svchost.exe.

Good luck!
grear

~~~~
A Description of Svchost.exe in Windows XP
This article applies to.
This article was previously published under Q314056
For a Microsoft Windows 2000 version of this article, see
250320.

SUMMARY
This article describes Svchost.exe and its functions.
Svchost.exe is a generic host process name for services
that run from dynamic-link libraries (DLLs).
MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%
\System32 folder. At startup, Svchost.exe checks the
services portion of the registry to construct a list of
services that it needs to load. Multiple instances of
Svchost.exe can run at the same time. Each Svchost.exe
session can contain a grouping of services, so that
separate services can run, depending on how and where
Svchost.exe is started. This allows for better control and
easier debugging.

Svchost.exe groups are identified in the following
registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVers
ion\Svchost

Each value under this key represents a separate Svchost
group and is displayed as a separate instance when you are
viewing active processes. Each value is a REG_MULTI_SZ
value and contains the services that run under that
Svchost group. Each Svchost group can contain one or more
service names that are extracted from the following
registry key, whose Parameters key contains a ServiceDLL
value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Servic
e

To view the list of services that are running in Svchost:
Click Start on the Windows taskbar, and then click Run.
In the Open box, type CMD, and then press ENTER.
Type Tasklist /SVC, and then press ENTER.
Tasklist displays a list of active processes. The /SVC
switch shows the list of active services in each process.
For further information about a process, type the
following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotation marks)

The following example of Tasklist output shows two
instances of Svchost.exe that are running. Image
Name PID Services

===========================================================
=============
System Process 0 N/A
System 8 N/A
Smss.exe 132 N/A
Csrss.exe 160 N/A
Winlogon.exe 180 N/A
Services.exe 208
AppMgmt,Browser,Dhcp,Dmserver,Dnscache,

Eventlog,LanmanServer,LanmanWorkstation,

LmHosts,Messenger,PlugPlay,ProtectedStorage,
Seclogon,TrkWks,W32Time,Wmi
Lsass.exe 220 Netlogon,PolicyAgent,SamSs
Svchost.exe 404 RpcSs
Spoolsv.exe 452 Spooler
Cisvc.exe 544 Cisvc
Svchost.exe 556
EventSystem,Netman,NtmsSvc,RasMan,
SENS,TapiSrv
Regsvc.exe 580 RemoteRegistry
Mstask.exe 596 Schedule
Snmp.exe 660 SNMP
Winmgmt.exe 728 WinMgmt
Explorer.exe 812 N/A
Cmd.exe 1300 N/A
Tasklist.exe 1144 N/A

The registry setting for the two groupings for this
example are as follows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Svchost:
Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman
Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess
Tapisrv Ntmssvc
RApcss :Reg_Multi_SZ: RpcSs


The information in this article applies to:
Microsoft Windows XP Professional
 
P

Peter

Hi,

Try boot in safe mode with network feature.
Go to symantec.com to have an on-line security check to
ensure your PC is 100% virus free. Then boot in normal
mode and run anti-spyware softwares, such as Ad-aware 6.0
to check for spywares. It is free for download from
lavasoftusa.com or download.com if you don't have it.
Temporary disable the restore feature to clear all the
restore files then reboot. Enable the restore feature
again. Rescan the whole system for virus check.
If is still no avail, perform a repair install of XP
using XP CD (this should be done provided that you are
100% sure that the PC is clean from virus).
Becareful if you only have the recovery CD, it will wipe
out all the data files.

Post back to the NG with details if you still have
problems so that some one may help you.

Peter
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Svchost.exe using 50% of cpu 5
What is SVCHOST.EXE doing? 5
svchost.exe cpu 100% 2
svchost.exe consumes CPU memory 7
svchost.exe using 100% cpu 4
svchost.exe using 99% of CPU 9
svchost.exe sing all my cpu 3
svchost.exe uses 100% of the CPU 5

Top