Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost: Dcom and Plug&Play taking up very high CPU Usage!


  • Please log in to reply
50 replies to this topic

#1 The Sacred One

The Sacred One

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 22 March 2010 - 11:21 PM

Well I have read a lot about this problem on the Internet, and up until now, I have not found a solution. Here are the details of this problem:

Specifications:

I use a Dell XPS 1640
Processor Intel Core 2 Duo P8700 @2.53 GHz
4 GB DDR3 RAM
Windows Vista Home Premium service pack 1 32 bit
ATI Mobility Radeon HD 4670

The problem mainly occurs when I play games, commonly 5 minutes or more into the game, where CPU usage goes up to 100%. This causes the games to lag very badly, and I usually have to close it, to be bombarded by high cpu usage until I restart my laptop. As this is an XPS, the main reason I bought it was to play games too.

After searching on google, I stumbled upon process explorer, downloaded it, and it gave me the first step in finding out what the problem was. Svchost, one of which was taking between 30-50+ CPU usage when this happens. With the help of procexp, I found out that the services responsible for this was Dcom and Plug&Play. However, these services cannot be killed, as killing them results in the automatic reboot. However, I have to point out that once I kill this process, in the time before the reboot, CPU usage returns to normal.

Steps Taken:

Well the problem started almost 2 months after I bought my laptop, last year in August. After that, I was pretty frustrated because I could not at all solve the problem or figure out what was causing it. So, I decided to completely format my laptop, and reinstall windows, which I did, 2 days back. I thought I had solved the problem, but turns out the problem still existed. Now I for certain know that this is not a virus, spyware or adware or any sort of that which is causing the problem because one of my first steps was to run Mcafee and scan the system completely. I have McAfee installed right now and it does not show any suspicious activity.

The enhancement problem pointed out be a lot of people of the internet also does not work for me, as I have already disabled all of them on my laptop. One thing I noticed when this problem existed before I reinstalled windows was that right clicking on my desktop took the CPU Usage to a shocking 20% to 40% sometimes. Then I used procexp to find out why, and it wasn't shocking at all. Dcom and Plug&Play again! But then again, ATI Catalyst Center was one of the items which appeared when I right click on the desktop. So, when I reinstalled, this time, the only thing I installed was the ATI Driver and not the program.

This seemed to have solved the right clicking problem. However, the problem of CPU Usage spikes when playing games still exists, where few minutes into a game, and CPU usage goes to 100%, with Dcom taking up to 40% or more. Back to system reboot... :huh:

I am very desperate to solve this problem, so any help would be very highly appreciated. Thanks :huh:

Edited by The Sacred One, 22 March 2010 - 11:31 PM.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


BC AdBot (Login to Remove)

 


#2 DeathStalker

DeathStalker

  • Banned
  • 868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 March 2010 - 01:13 AM

McAfee is your problem It does not work with Vista. Nor Does Norton. Get rid of it. Don't tell me, let me try to guess. You get McAfee free from your internet provider right? THEY get paid when you use it, not you. Dump it. There are so many free AV's out there that there is no point in paying for any.

You play games? I play games. I have tried McAfee, Norton, AVG and Avast! just to name a few. They all screw up when I am playing my games (online FPS games like COD ect.......). Microsoft Security Essentials has not screwed me up once since I installed it maybe 6 months ago.

#3 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 03:22 AM

Actually, I have been using McAfee even before the problem popped up, and that was 2 months into using the laptop. Plus McAfee came with my laptop, and got a subscription until December this year. However, I will not yet rule out that it might be what is causing Svchost to screw up. But right now, I am just confused to what is causing Dcom and Plug&Play to take such a high cpu usagee, and only when I am playing games O.o
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 AM

Posted 23 March 2010 - 05:17 AM

Hello there,

I noticed you posted a duplicate thread, I have deleted this. Sometimes it can happen, no harm done :huh:

This kind of problem can also be caused by malware (especially rootkits). Therefore I would like to rule out that first.

GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


@ DeathStalker, you are making some statements without having valid arguments. You can't just call McAfee, Norton, AVG and Avast bad programs without coming with some facts.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 07:08 AM

Well I downloaded GMER (main mirror) and followed all your instructions. However, a problem started after I pressed Scan (Followed all the previous steps.) A few seconds into scanning, and CPU Usage suddenly goes to 100% and caused complete instability. I rebooted, this time in safe mode. Did the same steps as before, and pressed Scan. Few seconds into scanning, and a message pops up saying GMER has stopped working. I tried it a second time, and this time it got worse. Blue screen! Rebooted again in safe mode, tried to see if it works again. Nothing, a message pops up saying GMER has stopped working.

However, I have to point out that before I saw your post, I did try a malware removal program called Malwarebytes', from which I performed a full-scan (Took almost an hour and half) and it came out clean.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 AM

Posted 23 March 2010 - 07:13 AM

Yes, MBAM was a good step. However it does not detect the more nasty rootkits.

Please download MBR.exe and save it to your desktop.

Rightclick on mbr.exe and select run as administrator.

A command window will flash and a log will be created on your desktop (mbr.log). Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 07:36 AM

Here's the log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


It's so short, now I'm not sure it worked properly :huh:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 AM

Posted 23 March 2010 - 07:58 AM

To doublecheck... you did run mbr.exe from your desktop (and not from a flashdrive?).

Please try to re-run GMER with the Devices box unchecked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 09:26 AM

Yes I ran mbr.exe from my desktop. I did run GMER again in safe mode (cause running it normally is almost impossible even with devices unchecked, as cpu usage goes to 100% and system complete crashes) twice to be sure, and here are the logs.

Log from first scan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 21:34:43
Windows 6.0.6001 Service Pack 1
Running: rxzv70m1.exe; Driver: C:\Users\Ashjau\AppData\Local\Temp\ufryqpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225fb6c6ec
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225fb6c6ec (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Log from second scan


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 22:12:25
Windows 6.0.6001 Service Pack 1
Running: rxzv70m1.exe; Driver: C:\Users\Ashjau\AppData\Local\Temp\ufryqpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225fb6c6ec
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225fb6c6ec (not active ControlSet)

---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#10 DeathStalker

DeathStalker

  • Banned
  • 868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 March 2010 - 10:18 AM

SacredOne: I'm going to step away from this until the malware pro's either rule out malware or find malware and clean your system. I'm not qualified to give advise on that. They don't need nor want someone giving you other advise nor should you do ANYTHING they don't tell you to do until they resolve the malware issue. I just didn't want you to think I abandoned you lol.

@Elise: I have facts. On the microsoft webpages, they have a complete thread thread entitled something like McAfee and Vista: Known issues. I found it researching the problems i was having with McAfee. I have also experienced it myself with Norton. The evidence of the improper usage of computer resources I have also experienced and is documented quite extensively on a simple google search.

AVG and Avast! are good programs, just not always the best for online gaming, they caused crashes while gaming according to my log files when I used them. I have personal experience with both having used each, nor did I say THEY were bad programs, just that I found Microsoft Security Essentials better for gaming. If you wish further "proof" i will be happy to provide it, but not on this thread lol, I don't wish to argue here, but I will stand behind what I type. I speak both from personal experience and from research done on the programs brought about by those programs themselves. In short, the problems went away when the programs did. My logic is sound and my arguments valid. As a former reporter, I'll be happy to do an article for you. :huh:

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 AM

Posted 23 March 2010 - 10:38 AM

@ DeathStalker, the way you present it now is fine :huh: This way everyone knows where you base your conclusions on.

Good news is that we can indeed rule out malware.

It can very well be caused by the ATI video card. I've had some trouble with them a few times. I believe there are also a few options in the ATI catalyst center you can tweak to take care of certain issues (its some time ago so I will have to look into it a bit).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 10:58 AM

Good to hear I don't have malware, which otherwise would have sent me to a state of "How did that happen." On the ATI card issue, to be very sure, I downloaded the driver from the dell website, after entering the code on my laptops back. During installation, I did select custom install, and only installed the ATI card driver. I did not install the Catalyst center nor the HDMI Audio drivers because I didn't want to take a risk. However, right clicking and causing CPU usage to go amazingly high was solved by not installing the Catalyst center.

So I have to ask though, now do I need to provide information from procexp to further go on to find out whats wrong? If so, please tell me what details I should provide :huh: At the moment, the svchost which hosts Dcom and Plug&Play is the process using the most CPU. Not even Chrome! It is just there, changing the % its using from a mere 5 to almost close to 20.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#13 DeathStalker

DeathStalker

  • Banned
  • 868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 March 2010 - 11:34 AM

Elise: :huh: Thanks I was afraid that was going to come across as combative or rude.

Sacred: I found this. See if it helps. It worked for the guy who posted it and seems pretty simple.

#14 The Sacred One

The Sacred One
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 23 March 2010 - 12:30 PM

Well like I mentioned earlier, I have searched on the internet for a very long time, and that link is just more than familiar to me lol. I did try it, doesn't work though. I think it all comes down to determining what specific item is causing the problem, which may differ from computer to computer. Well atleast that's the conclusion I came upon after trying most of the solutions I found on google :huh:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Government is a contrivance of human wisdom to provide for human wants. People have the right to expect that these wants will be provided for by this wisdom.

Posted Image


#15 DeathStalker

DeathStalker

  • Banned
  • 868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 March 2010 - 12:58 PM

Have you tried running it down with sysinternals?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users