Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: Bubba Euler on May 22, 2014, 12:06:02 pm
-
Howdy, Shane. I have a long boot because of svchost.exe, seemingly because of the WIFI network svchost.exe. I'm running Windows 7 x64 Enterprise. 4 GB RAM.
System Explorer tells me that svchost.exe (of which there are MANY within Windows!) is utilizing near 100% CPU cycles at boot,. It is taking "forever" to get ready to use. Here's a clue: When I "disconnect" from the wireless network and connect to another wireless network within my area, I get the very same svchost.exe utilizing near 100% CPU cycles for 4 to 5 minutes at a time. This has been a very recent occurrence and is out of the ordinary. My "System Explorer" tells me nothing more than what I've conveyed. I'm perplexed and kind'a frustrated that I can't figure out the cause of it!
I've run all the tests, et al, from Windows Repair and can't seem to get a "feel" for the solution. Any ideas?
Bubba Euler
-
Hi, bubba
did you try to look at the process tab, in the task manager, which is causing 100% of cpu. Did there any gif desktop running continueously, . Please check the process tab, and note which process is responsible for the maximum cpu usage. Try to stop, if it is not system normal processes.
You could also download process explorer from sysinternational and check the processes hidden, which is causing this. Pl stop those processes and your problem will be solved
-
Remove & re-install the network driver.
-
As willy said, trying updating the network card driver since we know it is network related.
The wireless service is going to try and work with the wireless card, if the drivers have a bug or if the wireless card itself is going bad then that service will not work correctly and could explain the maxed out CPU.
It is also always possible it is an infection as most rootkits try to bind themselves to the network. But before we go and think it is a rootkit or virus the easiest thing to do is to update the network drivers :-)
Go to your device manager and tell me the make and model of the wireless card and I will see if I can find new drivers for you, let me know the current driver version you have now.
Shane
-
Broadcom 802.11G Network Adapter
Date: 5/8/12
Version: 5.100.82.139
"svchost.exe" Variant 1140279
Microsoft® Windows® Operating System
Company:
Microsoft Corporation
Description:
Host Process for Windows Services
Version:
6.1.7600.16385
MD5:
c78655bc80301d76ed4fef1c1ea40a7d
SHA1:
619652b42afe5fb0e3719d7aeda7a5494ab193e8
SHA256:
93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8
Size:
27136
Directory:
C:\Windows\System32
Operating System:
Windows 7
Discovered:
February 15, 2010
Occurence:
High oc2
-
This hasn't been "solved", as yet. I'm still looking for a solution and the newest driver. Task Manager says I have the latest Driver version!?! This problem exists only at boot and just beyond. The rest of the operation period is without hindrance. The wireless network works well and has no other visible problems. Have you found a newer Driver for Networks or, perhaps, a newer version of SVCHOST.exe? Thanks!!
-
One thing looks like you forgot to say is what version you are running. Is it 32 bit or 64 bit.
-
One thing looks like you forgot to say is what version you are running. Is it 32 bit or 64 bit.
64 Windows 7 Enterprise. New install w/i 2 months.
-
svchost.exe is used by almost all the services, so dont worry about that file itself.
Task Manager says I have the latest Driver version!?
task manager doesnt tell you if you have the latest driver, where did you see that?
Also go to the device manager, go to network adapters and go to the properties of the wireless adapter, post a screen shot of the driver tab which shows what version it is, if it is a store bought machine what model is it, I can go see what version drivers they have listed :-)
Shane
-
I checked the Update Driver button and it told me that I had the latest version. The wireless network is seemingly working just fine and dandy.
The computer is an ACER 5517 (Single Core AMD CPU).
This 100% clock problem at boot and at various other times during the day is a NEW occurrence several months after installing Win 7 Enterprise x64.
svchost.exe" Variant 1140279 is what is using the CPU time. This .exe has about 7 Windows programs it services. Thank goodness for my System Explorer. At least it lets me see a little bit about what is happening at the time.
Oh! I'm a Viet Nam veteran and I hope that you and your family have a wonderful Memorial Day/Weekend of good memories.
-
The update driver button doesn't go on the net to look for drivers, it simply looks on the current system and Windows updates if there is a updated driver, otherwise you use that button when you want to manually point it to drivers you might have downloaded :-)
I looked at acers website and they actually have a older version of the driver listed on their site, it might be worth removing the driver you have now and using the older one, sometimes that can make a difference as the newer driver could be trying to load something with the wireless that isnt supported on that model but it is on newer models, so by using the driver version that is on their site we can test that.
http://global-download.acer.com/GDFiles/Driver/Wireless%20LAN/Wireless%20LAN_Broadcom_5.60.18.8_W7x86W7x64_A.zip?acerid=633918985603329761&Step1=NOTEBOOK&Step2=ASPIRE&Step3=ASPIRE%205517&OS=711&LC=en&BC=ACER&SC=PA_6
You said it worked fine for a while and then started doing this, is it possible the driver got updated and thats when it started?
Shane
-
If the Driver was updated, it was accomplished without my permission!! ~Ha~!
I use IObit's Driver Booster and have not had a download since Jan/Feb this year. It only acknowledges certified-by-M$ Drivers.
Question: Will the existing Driver be retained on the HDD when I install the "older" Driver? I would like the option of having the existing Driver handy if I need to re-install it, for some reason.
-
You can tell if the driver had been replace by clicking the roll back driver button. If there was no older driver it will say so. At least that way you will know :-)
Shane
-
Ah! Will do. Between this svchost.exe excess cycles and the newly DARK screen problem, I'm hesitant to press the Power Button!!! Golly, gee whiz!!!!!!!!!! I've got the White Collar Windows 7 Enterprise! I've maintained this little sucker of a laptop and STILL I get this "crap"~! Good grief, Charlie Brown. Apple's looking pretty good, right now.....................
-
You may just need to do a proper power reset.
Shut down the laptop, pull the battery and unplug the power cord.
With both pulled out hit the power button a couple of times. When the system tries to turn on it will drain all the electricity out. The hardware is now properly reset. Plug everything back in and boot up :-)
Shane
-
Did the Power Reset. Still exhibiting the unexpected Dark Screen. Also the near 100% SVCHOST.EXE CPU cycles during and after each re-boot. I also "rolled back" the Wireless Driver - to an even EARLIER number than you provided. ~Ha~!
I expected BETTER operation from my laptop after installing Windows 7 x64 Enterprise.
Here's the strange thing I've noticed: After about 30 to 45 minutes of use, the DARK Screen and SVCHOST.EXE problems disappear until the next Boot. Hmmm?
System Explorer still gives the same data about the svchost.exe variant. Wow! I'll have learned some good stuff about Windows when this gets solved!!!!!!!!!!!
-
Have you done all of the Windows updates yet? and I mean all of them until the point it says there is no more updates?
Shane
-
Have you done all of the Windows updates yet? and I mean all of them until the point it says there is no more updates?
Shane
YES! I keep updates updated!!! ~ha~!
-
I never had the problem with 7 that you are having. So thats why I asked on the updated :-)
So far it looks like it is a hardware/driver problem. But it is odd that it just started happening out of nowhere, which means it most likely isn't driver related but instead it is hardware related. But at the same time if it was then it wouldnt just start working.
So instead lets see if the system just needs tweaked.
Download and run my simple system tweaker
http://www.tweaking.com/content/page/simple_system_tweaker.html
This will turn off some of the services and I want to see if it helps.
Shane
-
Before I read your last missive (Simple System Tweaking), I did a Safe Mode SFC /scannow. It found no faults. However, on that next re-boot, the SVCHOST.EXE ran at near 100% for only ~30-45 seconds. The DARK Screen issue did not appear.
Well? I'll run the Simple System Tweaking, as I've done prior; However, I'm gonna' wait until after the next boot to see IF the problems re-appear. It's good to see some daylight, ahead!! .... or maybe it's headlights....~ha~!
-
Hi, I think that your computer is affected by autorun.inf , which hide as system svchost.exe. It was a old attack and yes, it only shows the process for a few seconds before vanishing.Usually this attack is spread through pen drives. The cure is , please download malware bytes and update and scan. It may fix. But this is a hidden process , and some times it is called new folder virus.
This is the tool i used to get rid of it
http://oldmcdonald.wordpress.com/2012/02/17/autorun-eater-v26/
Please try this.
Normally malware bytes removes any malware and suspicious processes
-
Ran the Old MacDonald/Auto-Run and MalwareBytes. Re-booted. No found objects (except for Nirsoft - Ha!!)
:smiley:
-
Have you done combofix yet? There have been a TON of times where combofix was the only thing that found and cleaned anything. Just make sure to do a registry backup first :-)
http://www.bleepingcomputer.com/download/combofix/
Shane
-
According to info from "Super User" the soft/hard-ware from Broadcom is (more) than a bit buggy. Some users complain about the software using too much memory & resources.
-
According to info from "Super User" the soft/hard-ware from Broadcom is (more) than a bit buggy. Some users complain about the software using too much memory & resources.
Ah, so!!! Recourse?
-
Have you done combofix yet? There have been a TON of times where combofix was the only thing that found and cleaned anything. Just make sure to do a registry backup first :-)
http://www.bleepingcomputer.com/download/combofix/
Shane
I will do this! Tweaking.com's Windows Repair has a wonderful Registry Backup service! Thank you, Shane!!!
-
Have you done combofix yet? There have been a TON of times where combofix was the only thing that found and cleaned anything. Just make sure to do a registry backup first :-)
http://www.bleepingcomputer.com/download/combofix/
Shane
I will do this! Tweaking.com's Windows Repair has a wonderful Registry Backup service! Thank you, Shane!!!
WOW! WOW!! WOW!!! ComboFix did it!!!! It did give about a 5 minute fuss over "AutoRun Eater", however. ~~~Ha~~~! BUT, the boot time was back to normal and the SVCHOST.EXE was so short I didn't even see it using CPU time. I did not have the chance to write down the programs/.exe that ComboFix deleted, but I'm going to find them (log?) and post them for y'all.
Wow. Whew. Golly, geewhiz. I am so thankful. Oh, and not a flicker from the DARK Screen on this re-boot. What fun and what relief.
-
Good to hear it is fixed :-)
The it was a rootkit or infection that was doing it and once again combofix was the only one to find it, man I would love to talk to the fellow programmer of that tool lol
Shane
-
Good to hear it is fixed :-)
The it was a rootkit or infection that was doing it and once again combofix was the only one to find it, man I would love to talk to the fellow programmer of that tool lol
Shane
I'd be a fly-on-the-wall...
Combofix downloaded to the desktop. Couldn't find any logs or files, since it wasn't installed, per se. I need to post the files that were causing the consternation!?!? As I recall, there were three. Maybe, four?!? They disappeared quickly, as it were.
Where would these deleted files (remnants ?) be located so that I can post them for other users?
-
The log file is normally on the root of the C: drive :-)
Shane
-
The log file is normally on the root of the C: drive :-)
Shane
Here's a Zip File of what was under the heading on C:/
If this isn't the correct file, please let me know. I want to help as many people as I can.
-
The log file is normally on the root of the C: drive :-)
Shane
Here's a Zip File of what was under the heading on C:/
If this isn't the correct file, please let me know. I want to help as many people as I can.
Re-booted. Less than 2.5 minutes!!!!!!!! Before, it was 4.5 to 5.5 minutes! No SVCHOST.EXE hogging the CPU. I hope that the zip file I sent will help everyone, from now on.
What a relief and weight off my shoulders. If the ZIP file didn't have the info that is needed, please let me know. I'll search and find it and post it for everyone.
-
Hi,
Is combofix a root kit killer program or combined malware, trojan removal tool.
-
It deleted these files
C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)
Shane
-
It deleted these files
C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)
Shane
This morning, Boot time was under 2 minutes for Windows 7 x64!!! Still have the DARK screen during and after Boot (just now, in fact!! ~Ha~!) I can live with that. To recover the screen, I double-click Fn/F6 combination. It is wonderful to have a responsive computer, again.
Thank you! Social Security on Tuesday!!!! YeeHah!!
-
Hi,
Is combofix a root kit killer program or combined malware, trojan removal tool.
Jraju, looks to me like it's a "root killer". I performed many A/V scans, multiple sources,with no "catches" or "snags".
-
It deleted these files
C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)
Shane
Boy, Howdy! Powerful program in ComboFix!! If you do get an interview, I want to be a fly on the wall...! ~Ha~!
-
It deleted these files
C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)
Shane
This morning, Boot time was under 2 minutes for Windows 7 x64!!! Still have the DARK screen during and after Boot (just now, in fact!! ~Ha~!) I can live with that. To recover the screen, I double-click Fn/F6 combination. It is wonderful to have a responsive computer, again.
Thank you! Social Security on Tuesday!!!! YeeHah!!
"Only a life lived for others is a life worthwhile"
Honor & Respect is all that matters. AMEN!
-
It deleted these files
C:\setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
Those dll files attach to the network, so you did have something hooked to it that was causing it. it doesnt tell me what rootkit or virus it was, just the files names :-)
Shane
This morning, Boot time was under 2 minutes for Windows 7 x64!!! Still have the DARK screen during and after Boot (just now, in fact!! ~Ha~!) I can live with that. To recover the screen, I double-click Fn/F6 combination. It is wonderful to have a responsive computer, again.
Thank you! Social Security on Tuesday!!!! YeeHah!!
"Only a life lived for others is a life worthwhile"
Honor & Respect is all that matters. AMEN!
Maybe if you can do a little digging you can figure out where you got these files from. I wish it wouldn't have deleted those files automatically until you could have uploaded to virustotal.com and scan it, see what kind of rootkit/virus it was.
-
Yes! If I'd have known that the files were deleted, I'd have "isolated 'em" and sent them to you. I am very impressed with the capabilities of ComboFix, though. Windows 7 x64 Enterprise booted under 2 minutes, this morning!!
I have no idea from where I got this infection. Gmail, Hotmail, MajorGeeks, Breitbart, DrudgeReport, Chron.com, WND.com, Statesman.com, youtube.com, .... and the various links from each of those.
I use CCleaner. This is the "downside" to cleaning the system, isn't it?
I placed VirusTotal.com in my Bookmarks!!!