Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe And Hidserv.dll Problems


  • Please log in to reply
10 replies to this topic

#1 cagedmidget

cagedmidget

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 30 June 2007 - 12:14 PM

Hi, I noticed the other day in task manager that svchost.exe is taking 95-100% of cpu at all times. I downloaded Process Explorer and when I look at the svchost.exe process I see that 6 threads are started with 'hidserv.dll' in the start address. If I kill these threads the cpu usage of svchost goes down to 0 and everything functions fine. However, eventually they start again. Does anyone know what could be causing this?

Thanks

BC AdBot (Login to Remove)

 


#2 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:11:50 PM

Posted 30 June 2007 - 12:25 PM

The file hidserv.dll is a valid Microsoft file. You can see more information here

However, I would suggest you to upload the file from the way u describe your problem.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\System32\hidserv.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html

And also perform a online scan.


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Edited by Nikas, 30 June 2007 - 12:26 PM.


#3 cagedmidget

cagedmidget
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 30 June 2007 - 03:13 PM

Here are my results from virustotal:
File "hidserv.dll" received on 06.30.2007 at 19:30:41 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.30.0 06.29.2007 no virus found
AntiVir 7.4.0.37 06.29.2007 no virus found
Authentium 4.93.8 06.29.2007 no virus found
Avast 4.7.997.0 06.30.2007 no virus found
AVG 7.5.0.476 06.30.2007 no virus found
BitDefender 7.2 06.30.2007 no virus found
CAT-QuickHeal 9.00 06.30.2007 no virus found

Aditional Information
File size: 21504 bytes
MD5: 9376e6893e52b368abc6255bf54f0b28
SHA1: 1e4107372ad0e3afb49b753b4740c8e3d45c870a

Panda also didn't find anything but cookies. What should I try next?

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:50 AM

Posted 30 June 2007 - 07:57 PM

There was a problem that was caused by a Microsoft Update. Try this procedure - it has worked on many computer for me.

1. Click Start->Run, type "services.msc" (without quotation marks) in the
open box and click OK.
2. Double click the service "Automatic Updates".
3. Click on the Log On tab, please ensure the option "Local System account"
is selected and the option "Allow service to interact with desktop" is
unchecked.

4. Check if this service has been enabled on the listed Hardware Profile. If
not, please click the Enable button to enable it.
5. Click on the tab "General "; make sure the "Startup Type" is "Automatic".
Then please click the button "Start" under "Service Status" to start the
service.
6. Repeat the above steps with the other service: Background Intelligent
Transfer Service (BITS)

Step 4: Re-register Windows Update components and Clear the corrupted
Windows Update temp folder

1. Click on Start and then click Run,
2. In the open field type "REGSVR32 WUAPI.DLL" (without quotation marks) and
press Enter.
3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message,
click OK.
4. Please repeat these steps for each of the following commands:

REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL

After the above steps are finished. Sicne temporary folder of Windows Update
may be corrupted. We can refer to the following steps to rename this folder
that

1. Click Start, Run, type: cmd and press Enter. Please run the following
command in the opened window.

net stop WuAuServ
(note, you might need to reboot before the net stop command will work)

2. Click Start, Run, type: %windir% and press Enter.
3. In the opened folder, rename the folder SoftwareDistribution to SDold.
4. Click Start, Run, type: cmd and press Enter. Please run the following
command in the opened window.

net start WuAuServ


Hope this helps

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 cagedmidget

cagedmidget
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 01 July 2007 - 02:11 PM

Hi, I tried all of that and the problem is still occurring. Any other ideas?

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:50 AM

Posted 01 July 2007 - 06:45 PM

Did you reboot the computer and the problems still occur after rebooting?
Do you have a RealTek audio card/onboard sound device?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 cagedmidget

cagedmidget
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 01 July 2007 - 09:18 PM

Yes, I did reboot the computer and the problem is still occurring.

I have a Realtek Onboard Soundcard and a Realtek PCI Wireless card. Could one of those be causing the problem?

Thanks for the help

/Brian

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 02 July 2007 - 12:42 AM

Have you seen this Microsoft article.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:50 AM

Posted 02 July 2007 - 05:36 AM

I wonder if this is a combination of the RealTek issue and the Windows Update issue. I'd suggest getting the latest version of the RealTek drivers from the hardware manufacturer - the one's that you're looking for should have been released in mid-April. It fixes a problem with a Windows Update that caused severe problems with the sound card driver ( http://www.bleepingcomputer.com/forums/ind...mp;#entry504264 )

After that, try the fixes described by Rigel and Budapest to resolve the svchost.exe at 100% issue.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 cagedmidget

cagedmidget
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 July 2007 - 09:59 PM

I tried all of the above tonight and no luck. I even tried disabling automatic updates and the automatic updates service...still nothing.

Oh well, for now I'll just keep killing the hidserv.dll threads in svchost.exe and hope the M$ comes out with an update...

If anyone else has any further advice I'm open to ideas.

Thanks to everyone for your help

#11 archer500

archer500

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 09 November 2007 - 11:56 AM

I am having the same problem with a d3dx9d_24.dll file. Will not register using regsvr32. I open to suggestions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users