hello wilders :). every time i boot up my computer it is very, very slow :( . i looked in task manager and svchost.exe was up to 95-100%. i have run AVG. and will run spybot, adaware and ewido, as well as acouple of online scanners and maybe standalones.

to get here i had to kill the process, otherwise i just couldnt get an internet connexion to work, it was just too slow. my friend iceni60 is here for an hour or so, so it would be great if someone could help while he is here :) .

last time he was here he used either process explorer or faber toys to find the process and was going to go through the modules loaded by svchosts.exe to try and find which .dll was causing the problem, are these the right tools to use?. ive already killed the process so i cant check right now.

the PID for the process is 1096 and the user name is NETWORK SERVICE.

any help is greatly appreciated :) .

thanks, iceni and helen.

Hi iceni and helen,

The first thing I would do is to see what services are running under the svchost.exe processes. If you have XP Pro, go Start/Run, type cmd, and hit Enter. At the command prompt, type tasklist /svc /fi "imagename eq svchost.exe". If you have XP Home, you can download tasklist.exe here: Tasklist (http://windowsxp.mvps.org/utils/tasklist.exe). Just drop it in your *\System32 folder. The output you will show you what services are running under each svchost PID, including the one that is causing the problem. From there, you can troubleshoot the services involved by using the services control panel.

Nick

thank you nick. its great to be able to get your help. to get tasklist to work, we'll have to reboot so the process is running, and im getting thrown out now :o . i'll be back in a few days, so we'll work it out then. again thanks for helping me the last few days (i hope these <img> tags work) ???http://www.wilderssecurity.com/images/icons/icon14.gif

sorry, but its xp home we are using. is tasklist a dos program? if so my dos skills are novice level. what is the cmd to run it, if its in the system32 folder.

C:\windows\system32\tasklist\svc\fi "imagename eq svchost.exe"

-{ Quote: "sorry, but its xp home we are using. is tasklist a dos program? if so my dos skills are novice level. what is the cmd to run it, if its in the system32 folder." }-
If you put tasklist.exe in the system32 folder, all you have to do is highlight and copy this:

tasklist /svc /fi "imagename eq svchost.exe"

and paste it into the CMD window. Then press Enter.

Nick

thanks, nick. i'll try it next time im there 8)

question: wouldn't you also like to know what is the path of the offending process?
If it has a path other than default... it could be a worm.
to do this, you'd need IARSN Taskinfo, or get Advanced Process Terminator (freeware) from www.diamondcs.com.au and find the path of the process from its console.

thanks, no13 :) . i'll come back to this thread next time im there. i _think_ i did find the path with faber toys. either way i'll use this thread 8)

This has been interesting and I learning a lot reading all this.

I did two things that got rid of this on a customer's Windows 2000 workstation. First I searched the disk for all svchost files. There were two svchost files that were 8K in size and one that was 5K in size. I renamed the 5K file, also because it wasn't in the system32 directory, to svchost.exepak. (The pak being my initialls) I don't delete anything until I prove I don't need it.

That stopped the problem right now and it didn't come back on the reboot.

Next, I went into the registry and deleted the pointer to the bad svchost file, in this case it was located at c:\winnt\svchosts.exe.

Customer now has a great performing computer.

You could also try running an Anti-Trojan, an Anti-Virus and an anti-spyware program, one-by-one, because this is symptomatic of a virus/trojan/spyware...
Have phun.
Recommemnded:
AV: KAV, McAfee
AT: ewido, a2
AS: Lavasoft AdAware, Spybot - Search & Destroy.
your errant trojan may be too old for NOD to detect, so in spite of NOD being a great AV... I can't recommend it in your case. and as I've never seen TDS in action, I won't say anything about it. A2 or Ewido on demand (free versions) work just fine (catching stuff that NAV doesn't know about)

is there another place where i can get tasklist? i can't get to the site, i wanted to see if i could trace PIDs to listening ports then try it out on Helen's computer.
ive got this far - netstat -ano :o but i havent got tasklist on my computer to try anything out >:(

-{ Quote: "is there another place where i can get tasklist? i can't get to the site, i wanted to see if i could trace PIDs to listening ports then try it out on Helen's computer.
ive got this far - netstat -ano :o but i havent got tasklist on my computer to try anything out >:(" }-Hi iceni60,

Here you go: Tasklist.exe (http://www.computerhope.com/download/winxp.htm).

Nick

-{ Quote: "Hi iceni60,

Here you go: Tasklist.exe (http://www.computerhope.com/download/winxp.htm).

Nick" }-
thanks Nick ;D