Tech Support Forum banner

svchost.exe using up 99%CPU

1477 Views 1 Reply 2 Participants Last post by  sUBs
Hello, I've been having a lot of trouble with my computer lately, and it all seemed to start when I switched over to a new dial-up connection here in Spain. My ISP (Wanadoo) made me download a new dialer to access the internet and it all went haywire from then.

I apparently had some spyware on my computer from before but it was not causing any noticeable nuisance, but now whenever I get on the internet, a few minutes after I connect, a svchost.exe process starts that uses 99% of the CPU. When that happens, half of the times I am able to keep surfing, although slower, and the other half of the times I can't open up any new pages. In all of these cases, it is impossible to get off the internet unless I manually reboot.

I am running XP pro, with Panda Titanium. I am running the antivirus at least twice a day, have dowloaded and run Ad-Aware, Hijackthis, the Symantec FixWelchia tool (I thought this could be the Welchia worm, but nothing was detected, maybe it's a new variation?). I have managed to get a lot of trojans, malware, etc. off my system, but this particluar problem persists. Panda antivirus also seems to detect and neutralize a lot of worms lately, maybe this could be related?

Many thanks in advance, here is my log, through the HijackThisAnalyzer.

PS funnily enough, things seem to be ok if I get on the internet through my old account, maybe this can give an indication of what's going on.

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at

***Security Programs Detected***


Logfile of HijackThis v1.99.1
Scan saved at 15:51:35, on 23/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
C:\Archivos de programa\iPod\bin\iPodManager.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\SEC\MagicTune 2.5\GammaTray.exe
C:\Archivos de programa\SEC\Natural Color\NaturalColorLoad.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodManager] C:\Archivos de programa\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{895F8CA3-00D4-4148-81ED-FB264F9B1998}: NameServer =,
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe

End of KRC HijackThis Analyzer Log.


See less See more
Not open for further replies.
1 - 2 of 2 Posts
svchost.exe which resides in the system32 folder is a legitimate process. I dont really see anything bad in your log. Just a remnant entry from a previous infection. Let's fix that & do an online scan at Kasperskys.

Have HijackThis fix this entry:

O15 - Trusted Zone: *.

Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post along with a new HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan
See less See more
1 - 2 of 2 Posts
Not open for further replies.