BleepingComputer.com: High wuauclt.exe & svchost.exe memory usage

I acquired the fake XP Security Center virus a couple months ago, and a team member from this website helped me successfully remove it. However, ever since I've executed the steps in the preparation guide, my computer has been sluggish. The slower speed even interfered when the team member was directing me on what steps to take after finishing the steps from the preparation guide. I have already executed the steps from the "Slow Computer?" topic, but my computer is still sluggish. Specifically, I've noticed that the wuauclt.exe and svchost.exe processes spike up in memory usage when I boot the computer and load my desktop. The processes eventually decline in memory usage after the computer has been on for a while, and at that point, my computer actually feels "normal." I also notice, in general, that if I execute too many actions for my computer, my mouse goes invisible. What I mean by this is that the cursor image remains in one spot, but the actual mouse function still works. At that point, I usually 1) have to restart my computer and deal with the sluggishness all over again or 2) navigate my computer with what hotkeys I know while using highlighted buttons and links as guides to show me where my mouse actually is. I'm wondering if the wuauclt.exe process was damaged by the fake XP Security Center virus? I searched my problem already on google and it seems some other people have had issues with spikes in the wuauclt.exe. I'd appreciate any help I can get.

Please download MiniToolBox and run it.

Checkmark following boxes:

• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=========================================================================================

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

=======================================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=====================================================================================

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

Hello Broni, here is the result from MiniToolBox:

MiniToolBox by Farbar
Ran by Kevin (administrator) on 22-05-2011 at 16:28:08
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/15/2011 09:16:38 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/15/2011 09:15:14 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/11/2011 04:06:31 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (05/11/2011 04:06:10 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (05/11/2011 04:06:03 PM) (Source: Application Error) (User: )
Description: Faulting application napster.exe, version 4.6.3.4, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [napster.exe!ws!]

Error: (05/11/2011 04:05:52 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (05/11/2011 04:05:47 PM) (Source: Application Error) (User: )
Description: Fault bucket -1855483389.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/11/2011 04:05:43 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (05/11/2011 04:05:38 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (05/11/2011 04:05:15 PM) (Source: Application Error) (User: )
Description: Faulting application napster.exe, version 4.6.3.4, faulting module unknown, version 0.0.0.0, fault address 0x5d7af2b3.
Processing media-specific event for [napster.exe!ws!]


System errors:
=============
Error: (05/20/2011 01:47:05 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/20/2011 01:47:01 PM) (Source: DCOM) (User: Kevin)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (05/20/2011 01:40:03 PM) (Source: DCOM) (User: Kevin)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx86
ccHP
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
OMCI
RasAcd
Rdbss
SRTSPX
SymIRON
SYMTDI
Tcpip

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (05/20/2011 01:29:31 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBT service which failed to start because of the following error:
%%31

Error: (05/20/2011 01:28:50 PM) (Source: DCOM) (User: Kevin)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (05/15/2011 09:16:38 PM) (Source: Application Hang)(User: )
Description: firefox.exe2.0.1.4120hungapp0.0.0.000000000

Error: (05/15/2011 09:15:14 PM) (Source: Application Hang)(User: )
Description: firefox.exe2.0.1.4120hungapp0.0.0.000000000

Error: (05/11/2011 04:06:31 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:06:10 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:06:03 PM) (Source: Application Error)(User: )
Description: napster.exe4.6.3.4unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:05:52 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:05:47 PM) (Source: Application Error)(User: )
Description: -1855483389

Error: (05/11/2011 04:05:43 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:05:38 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145unknown0.0.0.05d7af2b3

Error: (05/11/2011 04:05:15 PM) (Source: Application Error)(User: )
Description: napster.exe4.6.3.4unknown0.0.0.05d7af2b3


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 77%
Total physical RAM: 766 MB
Available physical RAM: 174.88 MB
Total Pagefile: 1875.59 MB
Available Pagefile: 1418.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.45 MB

======================= Partitions: =======================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:43.66 GB) NTFS

================= Users: ==================================================

User accounts for \\HIGHWIND

-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
Kevin SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

And here is the QuickStartup report:

Startup List report created on 5/22/2011 by Startup Manager


Name: Microsoft Works Update Detection
Path: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: nwiz
Path: nwiz.exe /install
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvMediaCenter
Path: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SoundMan
Path: SOUNDMAN.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: IgfxTray
Path: C:\WINDOWS\system32\igfxtray.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HotKeysCmds
Path: C:\WINDOWS\system32\hkcmd.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Component Manager
Path: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPDJ Taskbar Utility
Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: RemoteControl
Path: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe Reader Speed Launcher
Path: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe ARM
Path: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: TkBellExe
Path: "C:\program files\real\realplayer\update\realsched.exe" -osboot
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QuickTime Task
Path: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Software Update
Path: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SunJavaUpdateSched
Path: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ctfmon.exe
Path: C:\WINDOWS\system32\ctfmon.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NortonUpdateAgent
Path: C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Microsoft Works Calendar Reminders
Path: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\WkCalRem.exe
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: PowerReg Scheduler.exe
Path: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\\PowerReg Scheduler.exe
Location: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------
Total 20 Items

The "Procexp.txt" file is attached, and I removed the Viewpoint programs.

I'd like to double check something....

Please download Profiles by noahdfear.

* Save it to your desktop.
* Double-click profiles.exe and post its log when you reply.

Here you go:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-299502267-1972579041-1801674531-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Kevin

SystemRoot REG_SZ C:\WINDOWS

That looks good.

Process Explorer log looks good as well.

Let's start with reducing startup list, as some of those startups are not needed to operate your computer.

Re-run QuickStartup and UN-check following items:

Microsoft Works Update Detection
NvCplDaemon
nwiz
SoundMan
IgfxTray
Adobe ARM
TkBellExe
HP Software Update
SunJavaUpdateSched
PowerReg Scheduler.exe

Restart computer, use it for a while and let me know how it goes.

It seems to have alleviated the problem. The wuauclt.exe process isn't spiking in memory usage as usual.

I'm glad to see the issue solved

Thank you very much for your help, Broni, I really appreciate it!

You're very welcome

Around late May of this year, you helped me resolve an issue regarding wuauclt.exe fluctuation upon booting up. Unfortunately, the issue came back maybe two or three weeks after we resolved the issue. The problem is pretty much the same as before: the wuauclt.exe process, along with the svchost.exe or ccsvchost.exe, takes up a lot of cpu within a 20-30 minute duration after loading my desktop. The high fluctuations make my computer much slower and the response time is very choppy during the fluctuation period. Are there any additional steps that may resolve this issue? For what it's worth, I haven't messed with any of the settings on my computer or the programs you asked me to download since the time you helped me.

Re-run "Quick Startup" so we can see, if you accumulated some extra startups.

Here is the report:

Startup List report created on 6/14/2011 by Startup Manager


Name: NortonUpdateAgent
Path: C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe Reader Speed Launcher
Path: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Microsoft Works Calendar Reminders
Path: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\WkCalRem.exe
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: HotKeysCmds
Path: C:\WINDOWS\system32\hkcmd.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Microsoft Works Update Detection
Path: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPDJ Taskbar Utility
Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: RemoteControl
Path: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Component Manager
Path: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QuickTime Task
Path: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvMediaCenter
Path: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ctfmon.exe
Path: C:\WINDOWS\system32\ctfmon.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: nwiz
Path: nwiz.exe /install
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: SoundMan
Path: SOUNDMAN.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: IgfxTray
Path: C:\WINDOWS\system32\igfxtray.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: Adobe ARM
Path: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: TkBellExe
Path: "C:\program files\real\realplayer\update\realsched.exe" -osboot
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: HP Software Update
Path: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: SunJavaUpdateSched
Path: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Disabled
------------------------------------------------------------------------------------------

Name: PowerReg Scheduler.exe
Path: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup-Disabled\\PowerReg Scheduler.exe
Location: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup
Status: Disabled
------------------------------------------------------------------------------------------
Total 21 Items

OK, let get rid of some unneeded startups again.

Re-run the program and UN-check:

PowerReg Scheduler.exe
SunJavaUpdateSched
Microsoft Works Update Detection
HP Software Update
TkBellExe
Adobe ARM
IgfxTray
SoundMan
nwiz
NvCplDaemon (2 entries)

Restart computer.

I un-checked:

• Microsoft Works Update Detection
• NvCplDaemon

The other programs were already un-checked, including one of the "NvCplDaemon" programs.

I've restarted my computer and the wuauclt.exe stayed around 8,000 for a few minutes and then completely went away. Un-checking those two programs seems to have helped, but I'm not sure if the problem will persist once again tomorrow or next week.