VanAlex
asked on
Svchost in Windows Xp
I have installed Windows XP with service pack 1 on a computer, and before connecting it to the itnernet i made all the updates possible to the anti virus and installed all the hotfixes not included in the service pack ( including the blaster fix ).
But shortly after the install, svchost is constantly putting the cpu in max charge.
How can i fix this?
But shortly after the install, svchost is constantly putting the cpu in max charge.
How can i fix this?
Try disabling unneeded services:
http://www.blackviper.com/WinXP/servicecfg.htm
http://www.techspot.com/tweaks/win2k_services/index.shtml
You can also try the following method to eliminate items from startup:
Click Start->Run->MSCONFIG
In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
Optionally, you can also disable non-Microsoft services from the Services tab.
If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
startup. To permanently remove these item(s), proceed as follows...
Click Start->Run->Regedit
*Be careful when editing the registry as an accidental deletion can render your system inoperable.
First navigate to the following key in the registry:
HKEY_CURRENT_USER\Software
*You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)
Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
After the file has been saved, delete items as needed from the right pane.
Now find the next startup key:
HKEY_LOCAL_MACHINE\Softwar
*You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
Follow the previous procedures to export a copy before deleting items from the right pane.
http://www.blackviper.com/WinXP/servicecfg.htm
http://www.techspot.com/tweaks/win2k_services/index.shtml
You can also try the following method to eliminate items from startup:
Click Start->Run->MSCONFIG
In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
Optionally, you can also disable non-Microsoft services from the Services tab.
If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
startup. To permanently remove these item(s), proceed as follows...
Click Start->Run->Regedit
*Be careful when editing the registry as an accidental deletion can render your system inoperable.
First navigate to the following key in the registry:
HKEY_CURRENT_USER\Software
*You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)
Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
After the file has been saved, delete items as needed from the right pane.
Now find the next startup key:
HKEY_LOCAL_MACHINE\Softwar
*You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
Follow the previous procedures to export a copy before deleting items from the right pane.
You have the Coolwebsearch hijacker I think.
Go to this page http://www.spywareinfo.com/~merijn/downloads.html and download CWshredder
Read that page for further info on that. Say's to run HijackThis afterward's.
Direct Link: http://209.133.47.200/~merijn/files/CWShredder.exe
Get that and run it to remove it.
Go to this page http://www.spywareinfo.com/~merijn/downloads.html and download CWshredder
Read that page for further info on that. Say's to run HijackThis afterward's.
Direct Link: http://209.133.47.200/~merijn/files/CWShredder.exe
Get that and run it to remove it.
ASKER
I checked the running processes and there is nothing abnormal, neither on the registry. I also ran the CWshredder but the problem still remains.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I believe Veegertx got the right awnser, I reinstalled the system and I didn't have the problem again because I still have not placed the original Hosts file with one I have to block ads that is over 1 MB.
Even though I haven't tested it , I'm pretty sure that is it because this was the only PC in the network that was using it.
I noticed it blocked some msft sites, that can explain why it would mess the system when I opened Outlook.
THanks man, sorry for the delay, way too much work.
Even though I haven't tested it , I'm pretty sure that is it because this was the only PC in the network that was using it.
I noticed it blocked some msft sites, that can explain why it would mess the system when I opened Outlook.
THanks man, sorry for the delay, way too much work.
Thanks and
Glad you enlightened us to this also. I've used those really large HOST files before and I remember problem's but not exactly like you had. Perhap's a firewall may be better with a limited HOST file.
Glad you enlightened us to this also. I've used those really large HOST files before and I remember problem's but not exactly like you had. Perhap's a firewall may be better with a limited HOST file.
4660 » What is the Svchost.exe process(es) in Windows XP?
In tip 2060, I explained the Svchost process in Windows 2000.
In tip 4310, you can see multiple Svchost processes in Windows XP.
%SystemRoot%\System32\Svch
HKEY_LOCAL_MACHINE\Softwar
Each Value Name contains a list of included serviceDLL values, in a REG_MULTI_SZ data type. These servies are extracted from HKEY_LOCAL_MACHINE\System\
To see the list of active services in each process, open a CMD prompt and Type:
Tasklist /SVC
The following was displayed from one of my Windows XP Professional computers:
Image Name PID Services
========================= ====== ==========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 372 N/A
csrss.exe 484 N/A
winlogon.exe 512 N/A
services.exe 572 Eventlog, PlugPlay
lsass.exe 584 Netlogon, PolicyAgent, ProtectedStorage,
SamSs
svchost.exe 748 RpcSs
svchost.exe 816 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Messenger, Netman, Nla,
Schedule, seclogon, SENS, ShellHWDetection,
srservice, TermService, Themes, TrkWks,
uploadmgr, W32Time, winmgmt, WmdmPmSp,
wuauserv, WZCSVC
svchost.exe 920 Dnscache
svchost.exe 964 Alerter, LmHosts, RemoteRegistry, SSDPSRV,
WebClient
spoolsv.exe 1048 Spooler
explorer.exe 1328 N/A
TaskSwitch.exe 1484 N/A
taskmgr.exe 1512 N/A
point32.exe 1536 N/A
msmsgs.exe 1560 N/A
fastkey.exe 1568 N/A
IEXPLORE.EXE 1580 N/A
prntscrn.exe 1596 N/A
SetiSpy.exe 1604 N/A
setiathome-3.03.i386-winn 1676 N/A
svchost.exe 1828 stisvc
UdServe.exe 1852 UndeleteService
Fast.exe 1984 InteractiveLogon
dllhost.exe 1224 COMSysApp
msdtc.exe 1208 MSDTC
wmiprvse.exe 3056 N/A
cmd.exe 3428 N/A
tasklist.exe 3460 N/A
The matching registry entries are:
Key Name: SOFTWARE\Microsoft\Windows
Name: imgsvc
Type: REG_MULTI_SZ
Data: StiSvc
Name: LocalService
Type: REG_MULTI_SZ
Data: Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
Name: netsvcs
Type: REG_MULTI_SZ
Data: 6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibi
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
uploadmgr
Name: NetworkService
Type: REG_MULTI_SZ
Data: DnsCache
Name: rpcss
Type: REG_MULTI_SZ
Data: RpcSs
Name: termsvcs
Type: REG_MULTI_SZ
Data: TermService