SVCHOST.EXE Maximizing CPU, No Start Menu

I am running Windows XP Home Edition and currently I have a process named SVCHOST.EXE that is using 100% of my CPU. Plus, my desktop loads but I get no start menu. I can still use all of my desktop applications, even IE. I have run my McAfee Antivirus and removed the two viruses it found, nothing recognizable by name. I ran my AdAware and SpyBot applications and quarantined any problems found there. However, my problem still exists. I cannot do a system restore. Also, I cannot run an online virus scan at McAfee or Symantec because they say I don't have the right version of IE. I am running IE 6, but curiously, if I go to "Help>About", it doesn't tell me that. All that information is blank. I have downloaded Hijack This if a log file from that application would help. Any help you can provide would be greatly appreciated.

 

A customer brought in a PC with the exact same problem today, svchost maximizes the CPU and the taskbar wont show. Just a question....If you CTRL_ALT_DEL, is your explorer loaded as explorer.EXE ?

 

This is a very popular spyware issue. It is spyware related. Check and clean your system of all spyware. If you do not know how or what spyware is, check the malware forum.

 

I do have an instance of "explorer.exe" running on my PC. Also, I used AdAware to do a complete system scan last night. I quarantined the 321 objects it located. I also removed the three objects SpyBot found, but my problem still persists. A co-worker told me it may be a corrupt user account, but I have the same problem for all three users on the PC. Really frustrating because I can still browse the internet, my wireless network still works, and all my desktop applications still function, just slowly. Just no taskbar and 100% CPU utilization.

 

Install SP2?

 

No, I have not installed SP2. I did see that as a fix for a similar issue, article 823830 on Microsoft's web site. However, my pc does respond. I can get to the screen with the list of my user accounts and I can access each of those accounts. However, I still get no taskbar and 100% CPU maximization from SVCHOST.EXE.

 

This will help you get back corrupted system files.
Try this

Taskmgr>File>New task>sfc /scannow>Insert XP cd.

If you have sp1 or sp2,you can integrate the sp into the original cd and try the above.To do the integrate command visit ms site or download "autostreamer" the sister of autopatcher,this program will do everything for you.This will make a cd that can install xp along with all sps.

 

I'll give that a try. Anything to avoid having to do a complete rebuild. Any recommendations whether I should just go right to SP2? I have not done that so far but I suppose at some point I should.

 

Hello everyone, I am new to this thread ... I thought I would piggyback on this one instead of starting a new one.

I have the same problem as above, EXCEPT, I can't get on the net. My system:

Vaio Laptop
windows xp SP2
McAfee
20GB hd
1K MHz

Symptoms:
--No start Menu
--SVCHOST maxing CPU 100%
--ALL search functions are down
--System restore doesn't work
--McAfee will not initialize
--MSN thinks it is already connected to the net and just tries to sign in
instead of actually connecting.
--anything I try to install from a CD gets as far as the install page and
then goes blank

And another thing that I am getting that BostonHawk86 wasn't: When I end process the svchost process that is maxing the cpu performance, I immediately get the old blaster countdown box ARGH! It give me a minute to save work and then it shuts me down and restarts me. There is the winlogon.exe process as well.

I have search the long way through all files and can't find anything to delete.

I have started in safe mode and get the same symptoms.

so I am stuck! I can't use McAfee, I can't get on the net, I can't search, etc ...

My recently updated Ad aware still works but doesn't find anything.

The ONLY thing I have downloaded within the last week was the messenger 6.2 upgrade fro MSN.

I read through this thread and didn't see anything that would help ...

any suggestions?

Thanks in advance,

Lee

 

You Guys Are Virused.
Get An Anti-virus.
If Yours Is Not Working Uninstall And Install Again Or Another One.
Disable Unnecessary Services:information Available At Blackviper Site.

 

I tried Kadavill's suggestion with no success. I also tried to install Sophos, another anti-virus application but I cannot install it because the system cannot locate my Windows Installer. Also, like Gordon Lee, if I end the svchost.exe process that is maximizing the CPU I get the countdown and a restart of the PC. At this point I don't what else to try. I think I'm just going to buy an external drive, move my documents and music files to that drive, and do a rebuild. I can't keep wasting my time troubleshooting this issue at the risk of breaking something else.

 

... I have McAfee .. it will not initialize. I can't remove it because add/remove programs doesn't work. I can't relaod it because each time I try to load anything, it gets to the install page and blanks out.

 

Both of you should head over to the Spyware Forum, do the instructions in the sticky located there and ask for help getting your PC's clean. As for SP2, usually they recommend not installing that until your computer is clean as you could run into all kinds of problems installing it on an infected computer. Good Luck.

 

I currently use McAfee Antivirus, a requirement from my employer since I access the company network via VPN. I was able to do a virus scan but it didn't come up with anything. However, I was not able to get my Liveupdate (McAfee app that gets the latest virus files) to run prior to that scan . Maybe if I did that and then ran another scan I would find something. I did try to install a trial version of Sophos last night but was unable to because my Windows Installer was not available. Maybe I can try to download that from Microsoft and try the install again. I will also look at that BlackViper site you recommended. I am also going to talk to a friend who just had a virus on their PC. They got it via instant messaging but they were able to fix their PC somehow. That may be my cuprit since my teenage daughter is a big user of that appl.

 

If you already have an anti-virus on your computer, most people will tell you not install another without uninstalling the first. You can, however do free online scans. In all honesty it sounds like your computer is totally infected with spyware/adware/malware. If you follow the steps located here http://forums.majorgeeks.com/showthread.php?t=35407 then ask for help with your hijack this log in the Spyware Forum, the guys there will get you cleaned up.

 

If your antivirus won't initialize, you may be ok to do an online scan. I had a friend that was having similiar problems with the control panel not working, and all of his executables tried to open in MSPaint. After trying for hours to figure out how the association got screwed up, I finally went to the Trend Micro site to do an online scan. After a full system scan and finding a bunch of crap, the system worked ok again. http://housecall.trendmicro.com/ Can't hurt.

 

I did try to do a free online scan at Symantec. However, whatever I have did something to IE. The scan at Symantec kept telling me I needed at least IE 5.5 with ActiveX and scripting enabled. I have IE 6 and I did enable ActiveX and scripting, but the scan will not run. When I do a "Help>About Internet Explorer" in IE, the version, the product ID, and update version information is all blank. I tried a repair of IE but that didn't fix the problem. Same with an uninstall and a reinstall of IE. I will still head over to that forum and try the procedures they recommend.

 

The best thing to do is to go to the Spyware Forum and follow their recommendations, and if necessary you can post a Hijack This log file for one of them to look at.

That is the only way you are going to get anywhere.

Good luck.

 

The online scan at TrendMicro turned up nothing. I can't do the security scan at the Symantec site because my IE browser is messed up. Some pages don't render, some hyperlinks don't work, stuff like that. Tonight I will try the spyware clean-up applications recommended on this site. If that doesn't work, I'll post my Hijack list and see if anybody sees anything unusual.

 

I'm having exactly the same problem. I had a completely clean system with no problems, stupidly I copied some files off my friends hard drive which was infected with this issue - as I was about to reformat for him, and lo and behold when i rebooted to remove his hdd from my pc I had the same problem. I figured mcafee would have cleaned it in the transfer.

So now I have no taskbar, start menu or systray. Svchost.exe is running at 100%, which when you close it down tries to shut your computer down with the NT Authority Shutdown command (if you then go to run in your taskmanager and type 'shutdown -a' then it won't reboot).

I'm running winxp and sp1. Unfortunately when I try to install SP2 it won't let me, it goes to install, unpacks, inspects environment then borks, citing Can't Find File when it looks for the product key. Mcafee won't initialise and Microsoft Antispyware no longer works either.

I can access the internet but can't copy/paste or move files, or even restore from my recycle bin. I've scanned the hdd in another pc with Mcafee, Panda Online, Kav5, spybot, hijackthis and ad-aware - but it doesn't seem to show up any likely virus/malware/trojan results. Certainly nothing that fixes it on the reboot.

At first I thought it had corrupted the explorer.exe file itself as all the icons appear on the desktop but just all the windows explorer stuff is borked, but after several scans and double checking the creation dates with other versions it seems to be the same size and date.

Good luck to all and I really am loathe to have to reformat for such a simply caused thing.. I will keep watching in the vague hope we find a solution. Here is a link to another thread with the same issue:

http://castlecops.com/postp511141.html

and another:

http://forums.techguy.org/showthread.php?t=351034

Keep us informed of your progress. Thanks

 

and another: http://forums.techguy.org/t348249.html

From that thread, if I right click and add Address or Quicklinks I can then pull up the taskbar and I get my start menu back. But mcafee et al, copy and paste etc aren't working still.

 

Wow. I think i actually may have fixed it.

This thread: http://forums.spywareinfo.com/lofiversion/index.php/t44133.html

Says to modify or CREATE (which I had to do) this registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableDCOM" from "N" to "Y".

Now I dont have svchost.exe @ 100%, I have all my network items back and I can copy and paste. Mcafee still looks to be borked but I can probably reinstall.

Sweet merciful sweet things.

 

I "fixed" mine too ... on a whim, I tried to remove SP 2 ... first, I was surprised add/remove programs was now working ... but anyway, I removed SP 2 (which took an hour) ... and everything started to work again.

So, I guess the virus was in one of those files ... anyway, it is working for now.

thanks everyone for your help.

 

I have tried most of the fixes and tools recommended in the spyware forum and my problem still exists. My last ditch effort before a rebuild is an examination of a Hijack This log file. Here is mine. If anybody sees anything malicious, please provide a recommendation.

Logfile of HijackThis v1.99.1
Scan saved at 10:25:36 AM, on 4/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CYBERG~1\cgasvc.exe
C:\PROGRA~1\CYBERG~1\cgagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CYBERG~1\cgahelp.exe
C:\PROGRA~1\CYBERG~1\cgav.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"

/STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [CgaHelper] C:\PROGRA~1\CYBERG~1\cgahelp.exe -check
O4 - HKLM\..\Run: [CgaViewer] C:\PROGRA~1\CYBERG~1\cgav.exe -check
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service

/auto:TivoServer
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN

Client\ipsecdialer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTim

eInstaller.exe
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) -

http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) -

http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: CyberGatekeeper Agent (CGAgent) - InfoExpress -

C:\PROGRA~1\CYBERG~1\cgasvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. -

C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo

Shared\Beacon\TivoBeacon.exe

 

You're posting this in the wrong forum. To get this fixed you should start a new thread in the spyware forum requesting help. Before you do, check out this http://forums.majorgeeks.com/showthread.php?t=38752 for MG's requirements for HijackThis logs. Good Luck!

 

I was able to resolve my problem last night with a solution from a similar post. It was No Taskbar and svchost swamps CPU . I had to create a registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableDCOM" from "N" to "Y".

It was frustrating because according to that post, the solution is on the TrendMicro web site. However, I did numerous online scans using TrendMicro's online scanning tool and not once did it come up with this problem. Any ways, I'm back up and running and I didn't have to rebuild my home PC. Thanks for everybody's help.