i've got an annoying problem since last weekend. sometimes, my web access just freezes and when it happens svchost.exe takes 80-90% of my cpu usage. after 1 or 2 minutes, it goes normal again and i get my web access back. it happens once in a while (every 15 minutes or so), mainly on startup (when it always happens).
i've tried several trojan removers, antivirus, ad-aware, spy-bot, ccleaner and followed the steps of your tutorial. nothing worked for me
here's the hijackthis log. hope you can help me
Logfile of HijackThis v1.99.1
Scan saved at 3:20:26, on 14-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\STOPzilla!\Stopzilla.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\Programas\Weather Watcher\ww.exe
C:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
C:\Programas\Netcount\Netcount.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Luis Guerra.GUERRA\Ambiente de trabalho\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38F661DC-551F-F91D-7CA1-5C1ABD2E027F} - (no file)
O2 - BHO: BrowserHelper Class - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programas\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {454B99CA-94D7-4A32-DC89-86EF4581401C} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [STOPzilla] C:\Programas\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Programas\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [AllToTray] C:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
O4 - HKCU\..\Run: [Netcount] C:\Programas\Netcount\Netcount.exe 0
O8 - Extra context menu item: &eBay Search - res://C:\Programas\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programas\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programas\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1015_EN_XP.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} - http://download.rfwn...ddm_control.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geoweb.pt...r2/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15009/CTPID.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
extra info provided by process explorer:
this was getting high cpu at the time i made this log
Process PID CPU Description Company Name
System Idle Process 0
Interrupts n/a 1.75 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
SMSS.EXE 420 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 556 7.02 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 584 Aplicação de início de sessão do Windows NT Microsoft Corporation
SERVICES.EXE 628 7.89 Aplicação de serviços e controlo Microsoft Corporation
SVCHOST.EXE 800 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 896 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1000 42.11 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1016 Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 1404 LexBce Service Lexmark International, Inc.
SPOOLSV.EXE 1444 Spooler SubSystem App Microsoft Corporation
SVCHOST.EXE 1808 Generic Host Process for Win32 Services Microsoft Corporation
LSASS.EXE 640 LSA Shell (Export Version) Microsoft Corporation
EXPLORER.EXE 1316 Explorador do Windows Microsoft Corporation
Stopzilla.exe 1584 STOPzilla! Application International Software Systems Solutions
Ikeymain.exe 1596 IKeymain.exe A4Tech Co.,Ltd.
WW.EXE 1648 Singer's Creations
ALLTOT~1.EXE 1656 Minimize To Tray DNTSoft
Netcount.exe 1664 Netcount Application Pedro Lucas
iexplore.exe 1372 Internet Explorer Microsoft Corporation
MsgPlus.exe 1256 Messenger Plus! Patchou
procexp.exe 488 41.23 Sysinternals Process Explorer Sysinternals
Process: SVCHOST.EXE Pid: 1000
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File C:\WINDOWS\system32\drivers\etc\hosts
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Udp
File \Device\Udp
File \Device\WMIDataDevice
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\NamedPipe\net\NtControlPipe4
File \Device\NamedPipe\svcctl
File C:\WINDOWS\system32\drivers\etc
File \Device\Ip
File \Device\Tcp
File \Device\Ip
File \Device\Tcp
File C:\WINDOWS\system32\
File \Device\WMIDataDevice
Key HKLM
Key HKLM\SYSTEM\ControlSet004\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet004\Services\Tcpip\Parameter s
Key HKLM\SYSTEM\ControlSet004\Services\NetBT\Parameter s\Interfaces
Key HKLM\SYSTEM\ControlSet004\Services\NetBT\Parameter s
Key HKLM\SYSTEM\ControlSet004\Services\WinSock2\Parame ters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet004\Services\WinSock2\Parame ters\NameSpace_Catalog5
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\DNSResolver
Process SVCHOST.EXE(1000)
Thread SVCHOST.EXE(1000): 740
Thread SVCHOST.EXE(1000): 776
Thread SVCHOST.EXE(1000): 1004
Thread SVCHOST.EXE(1000): 776
Thread SVCHOST.EXE(1000): 1076
Thread SVCHOST.EXE(1000): 1080
Thread SVCHOST.EXE(1000): 904
Thread SVCHOST.EXE(1000): 904
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$
thank you!
Sign In
Create Account
