Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SVCHOST.exe(network service) CPU spikes, System lockups.


  • Please log in to reply

#16
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.75 0 K 28 K
procexp.exe 3580 3.13 12,144 K 16,980 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
TeaTimer.exe 1740 1.56 55,416 K 57,112 K System settings protector Safer-Networking Ltd.
explorer.exe 1732 1.56 24,580 K 13,536 K Windows Explorer Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 4072 2,796 K 5,460 K WMI Microsoft Corporation
winlogon.exe 728 18,708 K 1,952 K Windows NT Logon Application Microsoft Corporation
ViewpointService.exe 1452 1,036 K 3,076 K ViewMgr Viewpoint Corporation
TSVNCache.exe 1800 2,132 K 5,104 K TortoiseSVN status cache http://tortoisesvn.net
taskmgr.exe 2560 1,740 K 1,616 K Windows TaskManager Microsoft Corporation
System 4 0 K 260 K
svchost.exe 1140 15,932 K 27,800 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 940 3,556 K 5,732 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1032 2,144 K 4,828 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1172 2,788 K 3,948 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1324 1,712 K 4,160 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 1,876 K 4,428 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1692 1,744 K 4,392 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 108 2,772 K 4,748 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 492 3,608 K 5,536 K Spooler SubSystem App Microsoft Corporation
smss.exe 616 176 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 772 2,168 K 4,100 K Services and Controller app Microsoft Corporation
rundll32.exe 1456 5,116 K 6,564 K Run a DLL as an App Microsoft Corporation
realsched.exe 664 1,344 K 208 K RealNetworks Scheduler RealNetworks, Inc.
nvsvc32.exe 308 5,296 K 7,052 K NVIDIA Driver Helper Service, Version 275.33 NVIDIA Corporation
lsass.exe 784 4,300 K 1,240 K LSA Shell (Export Version) Microsoft Corporation
jusched.exe 1776 1,224 K 3,388 K Java™ Update Scheduler Sun Microsystems, Inc.
jqs.exe 2016 2,656 K 1,424 K Java™ Quick Starter Service Sun Microsystems, Inc.
firefox.exe 3956 173,772 K 188,892 K Firefox Mozilla Corporation
csrss.exe 704 1,960 K 4,652 K Client Server Runtime Process Microsoft Corporation
AvastUI.exe 3564 16,052 K 8,768 K avast! Antivirus AVAST Software
AvastSvc.exe 1584 14,260 K 23,924 K avast! Service AVAST Software
alg.exe 2616 1,572 K 4,152 K Application Layer Gateway Service Microsoft Corporation
aim.exe 300 47,860 K 25,428 K AOL Instant Messenger AOL Inc.
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
sigverif files are OK.

You have a file missing:
"The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified."

This is a third party file used to allow a program to talk to a PC's ports directly. It says it is a service so you could right click on My COmputer and select Manage then Services and Applications then Services then find NTPosrt Library service. Right click and select Properties then change the Startup Type to Disabled. OK.

Alternatively you could download the program:

http://www.zealsofts...rt/ntportev.zip

Unzip it and then put it where the service thinks it should be. (Should tell you in Properties)

Your Process Explorer log looks clean. Perhaps you could keep it open and if you notice a slowdown, create a new log and capture the problem that way.
  • 0

#18
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I'll do that, how do we go about fixing the visible hidden albumart and desktop.ini's along with the recovery console debug mode thing.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Look for the file C:\boot.ini

Open it in notepad. Copy and paste the text into a reply.

You may want to hold off on this next one until we are finished with boot.ini:

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Ron
  • 0

#20
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Make a backup copy then right click on boot.ini and uncheck the read only box then OK and then edit boot.ini to say:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

(We are just deleting the one line)
  • 0

#22
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Ok, I've done all that what should we do now?
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.
  • 0

#24
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Ok, I've done that aswell.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Now we just wait until you get a process explorer log during a spike.

Ron
  • 0

Advertisements


#26
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
It looks like it's SF.bin that's causing it, which is apparently related to avast. I'll keep looking for other things.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
That's their definitions - can't see it as a cause of system lockups tho.
  • 0

#28
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Could it possibly be a hardware related issue?
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Looking back at your last Combofix log. I see signs of Symantec still there. I think we need to run the Norton Removal tool:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Download , Save and Run it.

I'd also uninstall SuperAntiSpyware just in case it is fighting with Avast.

As for hardware, it's always a possibility. You could run one of the free benchmarking programs:

http://www.makeuseof...hmark-programs/

and see if they find any problems.

Ron
  • 0

#30
DarkPhase

DarkPhase

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I'll run the benchmarking tests, and i had already previously ran the norton removal tool as you had requested a couple days back, do you want me to run it again?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP