Weird issue with svchost.exe

For about the last week I've had an annoying little issue. Once or twice a session, the game will get some dramatic slowdown for about 10-30 seconds. Some investigation revealed that svchost.exe was taking up all the memory for that short period when that happens. So I did the usual - ran Avast antivirus, Avira, Malware Bytes, Superantispyware, Spybot, checked the registry, ran Process Explorer, and ran the game while Process Monitor was running (whew!) - nothing, and all Process Monitor told me was that it was accessing the hosts file, which has nothing suspicious.

Some quick googling led to some posts saying that this was an issue of Windows automatic updates. Except I keep that service disabled until I do my weekly manual updates. It's merely annoying, but I don't know what's causing it and so it's been driving me up the wall! Here's my info from CoH Helper, any thoughts or help would be greatly appreciated. Thanks!

---System information gathered by CoH Helper version 0.1.1.8---

DxDiag gathered at April 10, 2010 19:36 (-06:00)
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.091208-2036)
System Manufacturer: System manufacturer
System Model: System Product Name
BIOS: Phoenix - AwardBIOS v6.00PG
Central Processor: AMD Athlon(tm) 64 Processor 3800+, MMX, 3DNow, ~2.4GHz
Memory: 2046MB
.Net Memory Report: 1508MB out of 2046MB available
Page File: 5441MB (544MB currently in use)
C Drive: (WDC WD3200AAKS-00VYA0) 253238MB out of 305234MB (82%) free
D Drive: (WDC WD800JD-00MSA1) 34953MB out of 76308MB (45%) free
E Drive: (SONY DVD-ROM DDU1615) zero-size drive
F Drive: (SONY DVD RW AW-Q170A) zero-size drive
Windows directory location: C:\WINDOWS
DirectX: DirectX 9.0c (4.09.0000.0904)
DirectX Diag version: 5.03.2600.5512 (32-bit version)

Display Notes: No problems found.
Sound Notes: No problems found.
Input Notes: No problems found.

Monitor: SyncMaster 731B/731BF/731BA/730BA(Digital)
Monitor's Max Resolution: 1280,1024
Video Device Name: NVIDIA GeForce 7600 GS
Manufacturer / Chip: NVIDIA / GeForce 7600 GS
Video Memory: 512.0 MB
Driver Version: 6.14.0011.9621
Driver Date: 1/11/2010 10:03:33 PM
Driver Language: English

Sound Device Description: SB Live! 24-bit
Driver File: P17.sys
Driver Version: 5.12.0001.0514
Driver Date: 6/15/2007 2:47:26 AM


WMI Information
Motherboard Manufacturer: ASUSTeK Computer INC.
Motherboard Model: (empty)
Motherboard Product: M2N32-SLI DELUXE
Motherboard Version: 1.XX
BIOS Manufacturer: Phoenix Technologies, LTD
BIOS Name: Phoenix - AwardBIOS v6.00PG
BIOS Version: Nvidia - 42302e31
BIOS Release: 20060821000000.000000+000

Registry Information for Current User
Resolution: 1024x768
3D Resolution: 1024x768 (Not using renderscale)
Full Screen: Yes
Maximized: No
Screen Position: 0, 0
Refresh Rate: 60Hz
Vertical Sync Enabled: Yes

Physics Quality: None
Maximum Particles: 50000
Max Particle Fill? 10.000
Physics Card Enabled: No

Anti-aliasing: 2x
Anisotropic Filtering: 4x
Texture LOD Bias: Smooth
Water Effects: None
Bloom: 1.000 (turned off)
Depth of Field Enabled: No
Desaturation Effects (Sepia) Enabled: Yes
Shader Detail: Low (no world bumpmaps)

World Texture Level: Low
Character Texture Level: Very High
World Detail Level (Vis_Scale): 0.798
Entity Detail Level: 1.000
Shadows Enabled: Yes
Gamma Correction: 1.000
Geometry Buffers (VBOs) Enabled: Yes
Suppression of Extra Player FX Enabled: No
Suppression of FX When Camera Close Enabled: Yes
Close Suppression Range: 3.000
Show Advertisements: Yes

Audio Mode: Compatiblity
3D Audio: No
FX Sound Volume: 0.000
Music Sound Volume: 0.000

Show Advanced Graphics Options: Yes
Overall Graphics Quality: 0.300
Reverse Mouse Buttons: No
Save Login Username: Yes
Transfer Rate: Unknown bytes/second
Current Game Version: 1600.20100114.11T
Installation Directory: C:\Program Files\City of Heroes

Mod files in the Data directory
.\texture_library\MAPS\city has 1 file
.\texture_library\MAPS\Midnight_Squad has 1 file
.\texture_library\MAPS\Safeguard has 9 files
.\texture_library\MAPS\sewers has 44 files
.\texture_library\MAPS\static has 32 files
.\texture_library\V_MAPS\Outdoor_Missions has 9 files
.\texture_library\V_MAPS\Static has 16 files

---

A HijackThis log would be useful, it will let us see what is running on your machine. There could be some undetected malware or simply some software conflict.

---

"I used to make diddly squat, but I've been with the company for 16 years and have had plenty of great raises. Now I just make squat" -- Me

Pediatric brain tumors are the #1 cause of cancer related deaths in children.

*shrug* here you go.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:20 PM, on 4/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\that program.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1268380069031
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

---

---

---

---

"I used to make diddly squat, but I've been with the company for 16 years and have had plenty of great raises. Now I just make squat" -- Me

Pediatric brain tumors are the #1 cause of cancer related deaths in children.

There could be an updater running from another program I like to go here and look at what I have running and see if there is anything I can turn off, I usually find a few programs running scheduled updates that I don't want. It is for xp but it works for vista too.

---

I notice you are using COMODO Internet Security. I remember something from a while back about someone having problems with the firewall and CoH. Their solution was to disable the firewall entirely, but that seems a bit drastic.

Does COMODO have any way to set exceptions or allowed programs? If so, set everything you can from the CoH directory to be allowed. If it will allow you to set a directory to be unmonitored or allowed, I'd set the entire directory.

A simple test to see if it's causing the problems might be to temporarily disable the firewall and see if the problem still occurs. If it does, then explore how to configure it to not interfere with CoH. If not, then the problem is likely elsewhere. Note that I said likely. I've seen a few firewall programs over the years that even though you set them to Off still interfered with things until you actually uninstalled them. Usually, it was part of a security suite instead of a standalone firewall.

As a side note, even if you've set an exception or allowance in the past, updates to COMODO may be over-riding those settings, or more likely the changes to the updater have caused COMODO to not recognize it as the same program you have allowed. Usually, removing and re-adding the program to the allow list fixes this behavior.

---

If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.

Black Pebble is my new hero.

You can try to track down exactly what programs are utilizing svchost and clogging your CPU by running cmd.exe then use the command tasklist /svc

How to guide

COMODO comes bundled with an anti-virus app doesn't it? And Avast can come with its own firewall too. Have you disabled COMODO's anti-virus and Avast's firewall, or otherwise configured them to work together?

I see you have SUPERAntiSpyware, which I'm not familiar with at all. Could it be doing some type of active scan which is slowing you down?

I see no problems, you have a very clean and lean machine. Since there is so little running the only real targets I see are the 3 different sets of security software you are running. You could try disabling them one at a time and see if you can find a culprit.

---

"I used to make diddly squat, but I've been with the company for 16 years and have had plenty of great raises. Now I just make squat" -- Me

Pediatric brain tumors are the #1 cause of cancer related deaths in children.

Post explosion this morning! Thanks for the input everyone! Now to go down the list---

Eislor, you are correct. I changed Hijack This's file name for just that reason at some point. as for COMODO, it does have antivirus, but it's been disabled as it's a little redundant with all my other protection. Superantispyware is also dormant until I feel the need to run it - all my protection except for Avast and Comodo is like that. Speaking of Avast, I did not know it came with a firewall, but I do not have it installed, so yeah

Texas Justice, thank you for that suggestion, I hadn't thought to put City on COMODO's (why is that in all caps anyway?) exceptions list, I will see if that helps any.

_Klaw_, Thank you for linking me to that website! I actually used said website a long time ago to disable a whole lot of services and lost track of it, now I have it bookmarked Looking through my services again I found a few redundant ones that I switched off.

I've made a few tweaks based on the comments I've received here, I'll see if that improves the situation anyway, thanks again!

---

I don't see it on your list, but Steam seems to make a copy of svchost use cpu and bandwidth like that when it checks for updates to itself. However, force killing Steam doesnt cause it to go away. Svchost keeps using a lot of resources for a little while afterwords.

---

---

Don't worry, Master-Blade, I don't think anyone's holding that against you. Then again, this IS an internet forum

Update! I put City on COMODO's exceptions list, and I disabled the following services:

DNS client (I couldn't find a website saying that disabling this was a bad idea, and doing so seems to have made my connection much faster. hmmm.)
Windows User-Mode Driver Framework (This is apparently a Vista service. What does it do? Why do I have it? Why was there two of it? Why were they set to automatic? Yeah, disabled in a heartbeat.)

After taking those steps, everything seems to be fine. Thanks for your input, everyone!

---

Necrothread WOO! Bit of an update.

Well, I figured out what exactly was causing the slowdown - the DNS Client service. Turning it back on brought back the occasional slowdown, and the svchost.exe that runs that service is the one that takes up all memory. I flushed the DNS cache to see if that will make a difference. This seems rather odd, does any of this sound familiar to anyone?

---

Do you operate with a modified HOSTS file? The DNS client service is responsible for local caching of IP mappings. Having a big HOSTS file loaded into the cache can cause it to have slowdowns when searching the cache from what I read. Generally speaking though, you don't need it if you're operating a home machine with no fancy home network setups.

---

It is known that there are an infinite number of worlds, simply because there is an infinite amount of space for them to be in. However, not every one of them is inhabited. Therefore, there must be a finite number of inhabited worlds. Any finite number divided by infinity is as near to nothing as makes no odds, so the average population of all the planets in the Universe can be said to be zero. From this it follows that the population of the whole Universe is also zero, and that any people you may meet from time to time are merely the products of a deranged imagination.

That.... actually makes a lot of sense, Back_Blast. Part of Spybot Search & Destroy's "immunization" process is loading a megaton of websites set to 127.0.0.1 into the hosts file as a preventative measure. Something like 13,000 websites. I have removed those from the hosts file, let's see if that does anything. Thanks for the tip!

---