System Running Slowly(5-10 instances of svchost.exe running)

[dyckah]

Ok, my PC has been running really slow lately, and I brought up my Taskmanager to see what is using all my resources up, as I have just recently done anti-virus, and anti-spyware scans, defragmented my drives, and got Registry Mechanic to fix up my registry. To my dismay, I see 5-10 instances of svchost.exe running whenever I start up my computer. I asked a buddy of mine how many instances of it he had running, and on his computer, his laptop, his dads computer, and his dads laptop, there were only 2 instances of it running.
evidently this is a problem, as I can shutdown some of them, but sometimes my random choosing picks the wrong one, and Boom! Windows decides it needs to shutdown.
Any ideas on how I can get rid of these extra instances of svchost.exe?
Thanks for any help

 

[paranoid guy]

Ok, the thing with all the svchost.exe's is they are currently running a whole pile of, not malicious, but mostly useless .dll's. The cause? That crap-importer msn messenger. But I wouldn't worry too much about it, I just checked and I have 7 svchost.exe's running. If you can tell us how much memory these processes are using that could determine the problem. svchost.exe shouldn't be a huge resource hog. As for your hjt log:

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan and delete whatever it finds. No antivirus programme can delete anything in a restore point. Turning off system restore will delete all your restore points and any infections that are in them.

Once you`ve done that, follow the instructions below.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

Reboot into normal mode and turn system restore back on.

Tell us if that helps.

 

[howard_hopkinso]

You should have HJT fix the following entries from safe mode.

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRfox000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazz....cab?refid=1123

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...wn.cab31267.cab

The svchost.exe files are in all likelyhood safe. If you want to check what processes are associated with them, download and run the Systernals process explorer from HERE.

Other than the above entries, your HJT log is clean.

Regards Howard

 

[dyckah]

ok, havent done the safe mode bits yet, but looking at my task manager, here is the memory usage of the svchost.exe files.
Image name User Name Mem usage
svchost.exe SYSTEM 4,940K
svchost.exe SYSTEM 5,208K
svchost.exe NETWORK SERVICE 4,280K
svchost.exe SYSTEM 22,648K
svchost.exe NETWORK SERVICE 3,240K
svchost.exe LOCAL SERVICE 7,772K
svchost.exe SYSTEM 3,364K
svchost.exe SYSTEM 3,776K
thanks for the help
Kevin

 

[howard_hopkinso]

Looks ok to me.

Did you try the Process explorer programme I linked to?

Regards Howard

 

[dyckah]

yes i did, thanks.. they seemed to all be ok.
I did the reboot into safe mode, and the suggested fixes.
Thanks for the advice.. I am also uploading the new HJT log

 

[howard_hopkinso]

Your HJT log is clean.

Regards Howard