It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Svchost.exe at 99% cpu

Posted 12/12/2013 12:12 PM
#96295
User avatar

wafu Advanced member

Date Joined Nov 2016
Total Posts: 39
Hi there, having slight problems with my very old pc, with an svchost.exe at 90%+ cpu usage, bit weird as it's not always continuously at a high % usage, & whilst completing this topic entry the performance usage suddenly drops down to near nothing for a while, then returns to high again, below is a hjt and malwarebytes logs, question is, apart from that i need a new pc (and it is due replacement in the next few months) what do i need to do now ?? many thanks if anyone can help <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 11:28:18, on 12/12/2013 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe <br/>C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE <br/>C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE <br/>C:\WINDOWS\system32\FsUsbExService.Exe <br/>C:\Program Files\Java\jre7\bin\jqs.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\SearchIndexer.exe <br/>C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe <br/>C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe <br/>C:\Documents and Settings\user\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe <br/>C:\Program Files\VIA\RAID\raid_tool.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Opera\Opera.exe <br/>C:\WINDOWS\system32\taskmgr.exe <br/>C:\Program Files\hjt2\Trend Micro\HJT\HiJackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.2.1/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll <br/>O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <br/>O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <br/>O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot <br/>O4 - HKLM\..\Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe <br/>O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Documents and Settings\user\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe" <br/>O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe <br/>O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com <br/>O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343309938984 <br/>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab <br/>O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx <br/>O20 - AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe <br/>O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe <br/>O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE <br/>O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE <br/>O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/> <br/>-- <br/>End of file - 10708 bytes <br/> <br/>Malwarebytes Anti-Malware 1.75.0.1300 <br/>www.malwarebytes.org <br/> <br/>Database version: v2013.12.11.03 <br/> <br/>Windows XP Service Pack 3 x86 NTFS <br/>Internet Explorer 8.0.6001.18702 <br/>user :: USER-9D94156C94 [administrator] <br/> <br/>12/12/2013 10:07:02 <br/>mbam-log-2013-12-12 (10-07-02).txt <br/> <br/>Scan type: Quick scan <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 227034 <br/>Time elapsed: 29 minute(s), <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 1 <br/>HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Detected: 1 <br/>HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end)
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 5:32 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.