Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'd appreciate some advice...


  • Please log in to reply
5 replies to this topic

#1 winona

winona

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 23 August 2010 - 06:41 PM

Hi, thanks for taking a look at my post.

While playing casual games recently, at the site I have played at for ages, I began experiencing a lot of lag. When I look at the task manager at those times, cpu usage is very high - sometimes it's at 100% for ages but, I can't figure out why. My firewall intermittently lists so many connections - it seems like way too many but I don't know enough about what I'm looking at to know what to do. It's frustrating because I would like to learn more but, there is SO much I don't know. It's disheartening.

TCPView log is attatched, if there's anything else you need to know, please tell me.

Thanks again.

Windows XP Home Edition Service Pack 3 (build 2600)
Avira Free Antivirus
Online Armor Free Firewall
I'm making do with a dial-up connection, for now, also (for other reasons).
Using Firefox 3.6.4.

Attached Files


Edited by winona, 23 August 2010 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:27 AM

Posted 24 August 2010 - 04:27 PM

Way to many UDP ports open on that svchost.

Run TCPView again and find the svchost that has all the UDP connections in it. You need to find the process id.

This is the number after the svchost.exe

So a process that lists as : svchost.exe:1812

The process ID is 1812.

The use this guide:

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/

To find out what services are associated with that svchost process.

#3 winona

winona
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 24 August 2010 - 08:34 PM

Thank you for responding. I have a lot of respect for people who offer their skill as a public service.

I downloaded Process Explorer and ran it but, the list was nowhere near as long as the TCPView log. Also, because it is just my luck on the day when I can finally try to do something about it, my CPU usage is next to nothing right now.

The services that were listed were:

DcomLaunch PID: 620
RpcSs PID: 668
AudioSrv PID: 716
DNSCache PID: 788
LMHosts PID: 852
WebClient PID: 1124


Technologically retarded. Did I mention that?

winona

Edited by winona, 24 August 2010 - 09:28 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:27 AM

Posted 25 August 2010 - 02:25 PM

Wait until you see a svchost entry with a ton of UDP ports like we did shown below. Then get the pid and check procexp again.

svchost.exe 672 TCP 0.0.0.0 135 0.0.0.0 0 LISTENING
svchost.exe 728 UDP 127.0.0.1 1734 * *
svchost.exe 728 UDP 127.0.0.1 1261 * *
svchost.exe 728 UDP 127.0.0.1 1703 * *
svchost.exe 728 UDP 127.0.0.1 1765 * *
svchost.exe 728 UDP 127.0.0.1 2083 * *
svchost.exe 728 UDP 127.0.0.1 2552 * *
svchost.exe 728 UDP 127.0.0.1 4254 * *
svchost.exe 728 UDP 127.0.0.1 2428 * *
svchost.exe 728 UDP 127.0.0.1 4316 * *
svchost.exe 728 UDP 127.0.0.1 2238 * *
svchost.exe 728 UDP 127.0.0.1 3122 * *
svchost.exe 728 UDP 127.0.0.1 4285 * *
svchost.exe 728 UDP 127.0.0.1 2839 * *
svchost.exe 728 UDP 127.0.0.1 2207 * *
svchost.exe 728 UDP 127.0.0.1 1199 * *
svchost.exe 728 UDP 127.0.0.1 3688 * *
svchost.exe 728 UDP 127.0.0.1 2459 * *
svchost.exe 728 UDP 127.0.0.1 1672 * *
svchost.exe 728 UDP 127.0.0.1 2618 * *
svchost.exe 728 UDP 127.0.0.1 1420 * *
svchost.exe 728 UDP 127.0.0.1 2052 * *
svchost.exe 728 UDP 127.0.0.1 2176 * *
svchost.exe 728 UDP 127.0.0.1 1955 * *
svchost.exe 728 UDP 127.0.0.1 2145 * *
svchost.exe 728 UDP 127.0.0.1 1327 * *
svchost.exe 728 UDP 127.0.0.1 2397 * *
svchost.exe 728 UDP 127.0.0.1 2300 * *
svchost.exe 728 UDP 127.0.0.1 1986 * *
svchost.exe 728 UDP 127.0.0.1 2490 * *
svchost.exe 728 UDP 127.0.0.1 2587 * *
svchost.exe 728 UDP 127.0.0.1 2521 * *
svchost.exe 728 UDP 127.0.0.1 2366 * *
svchost.exe 728 UDP 127.0.0.1 2963 * *
svchost.exe 728 UDP 127.0.0.1 3595 * *
svchost.exe 728 UDP 127.0.0.1 2114 * *
svchost.exe 728 UDP 127.0.0.1 1075 * *
svchost.exe 728 UDP 127.0.0.1 2304 * *
svchost.exe 728 UDP 127.0.0.1 3560 * *
svchost.exe 728 UDP 127.0.0.1 2269 * *
svchost.exe 728 UDP 127.0.0.1 3498 * *
svchost.exe 728 UDP 127.0.0.1 3091 * *
svchost.exe 728 UDP 127.0.0.1 2711 * *
svchost.exe 728 UDP 127.0.0.1 2335 * *
svchost.exe 728 UDP 127.0.0.1 2118 * *
svchost.exe 728 UDP 127.0.0.1 2560 * *
svchost.exe 728 UDP 127.0.0.1 2525 * *
svchost.exe 728 UDP 127.0.0.1 4320 * *
svchost.exe 728 UDP 127.0.0.1 3126 * *
svchost.exe 728 UDP 127.0.0.1 1331 * *
svchost.exe 728 UDP 127.0.0.1 2180 * *
svchost.exe 728 UDP 127.0.0.1 4165 * *
svchost.exe 728 UDP 127.0.0.1 2149 * *
svchost.exe 728 UDP 127.0.0.1 1424 * *
svchost.exe 728 UDP 127.0.0.1 4006 * *
svchost.exe 728 UDP 127.0.0.1 1959 * *
svchost.exe 728 UDP 127.0.0.1 2463 * *
svchost.exe 728 UDP 127.0.0.1 3502 * *
svchost.exe 728 UDP 127.0.0.1 2056 * *
svchost.exe 728 UDP 127.0.0.1 1172 * *
svchost.exe 728 UDP 127.0.0.1 4103 * *
svchost.exe 728 UDP 127.0.0.1 1738 * *
svchost.exe 728 UDP 127.0.0.1 3095 * *
svchost.exe 728 UDP 127.0.0.1 3723 * *
svchost.exe 728 UDP 127.0.0.1 4386 * *
svchost.exe 728 UDP 127.0.0.1 4289 * *
svchost.exe 728 UDP 127.0.0.1 2308 * *
svchost.exe 728 UDP 127.0.0.1 2622 * *
svchost.exe 728 UDP 127.0.0.1 2370 * *
svchost.exe 728 UDP 127.0.0.1 2591 * *
svchost.exe 728 UDP 127.0.0.1 2432 * *
svchost.exe 728 UDP 127.0.0.1 2556 * *
svchost.exe 728 UDP 127.0.0.1 2021 * *
svchost.exe 728 UDP 127.0.0.1 1614 * *
svchost.exe 728 UDP 127.0.0.1 2401 * *
svchost.exe 728 UDP 127.0.0.1 2494 * *
svchost.exe 728 UDP 127.0.0.1 2273 * *
svchost.exe 728 UDP 127.0.0.1 1110 * *
svchost.exe 728 UDP 127.0.0.1 2087 * *
svchost.exe 728 UDP 127.0.0.1 2211 * *
svchost.exe 728 UDP 127.0.0.1 2242 * *
svchost.exe 728 UDP 127.0.0.1 1141 * *
svchost.exe 728 UDP 127.0.0.1 2339 * *
svchost.exe 728 UDP 127.0.0.1 2843 * *
svchost.exe 728 UDP 127.0.0.1 1866 * *
svchost.exe 728 UDP 127.0.0.1 3599 * *
svchost.exe 728 UDP 127.0.0.1 4010 * *
svchost.exe 728 UDP 127.0.0.1 1773 * *
svchost.exe 728 UDP 127.0.0.1 4107 * *
svchost.exe 728 UDP 127.0.0.1 2971 * *
svchost.exe 728 UDP 127.0.0.1 4390 * *
svchost.exe 728 UDP 127.0.0.1 3316 * *
svchost.exe 728 UDP 127.0.0.1 1207 * *
svchost.exe 728 UDP 127.0.0.1 2091 * *
svchost.exe 728 UDP 127.0.0.1 2816 * *
svchost.exe 728 UDP 127.0.0.1 1994 * *
svchost.exe 728 UDP 127.0.0.1 2246 * *
svchost.exe 728 UDP 127.0.0.1 4200 * *
svchost.exe 728 UDP 127.0.0.1 2025 * *
svchost.exe 728 UDP 127.0.0.1 1963 * *
svchost.exe 728 UDP 127.0.0.1 2467 * *
svchost.exe 728 UDP 127.0.0.1 1428 * *
svchost.exe 728 UDP 127.0.0.1 4293 * *
svchost.exe 728 UDP 127.0.0.1 2564 * *
svchost.exe 728 UDP 127.0.0.1 3099 * *
svchost.exe 728 UDP 127.0.0.1 2153 * *
svchost.exe 728 UDP 127.0.0.1 1176 * *
svchost.exe 728 UDP 127.0.0.1 3727 * *
svchost.exe 728 UDP 127.0.0.1 1366 * *
svchost.exe 728 UDP 127.0.0.1 2812 * *
svchost.exe 728 UDP 127.0.0.1 2060 * *
svchost.exe 728 UDP 127.0.0.1 2215 * *
svchost.exe 728 UDP 127.0.0.1 2626 * *
svchost.exe 728 UDP 127.0.0.1 3665 * *
svchost.exe 728 UDP 127.0.0.1 3130 * *
svchost.exe 728 UDP 127.0.0.1 2405 * *
svchost.exe 728 UDP 127.0.0.1 1742 * *
svchost.exe 728 UDP 127.0.0.1 4324 * *
svchost.exe 728 UDP 127.0.0.1 2374 * *
svchost.exe 728 UDP 127.0.0.1 1145 * *
svchost.exe 728 UDP 127.0.0.1 2529 * *
svchost.exe 728 UDP 127.0.0.1 2184 * *
svchost.exe 728 UDP 127.0.0.1 3603 * *
svchost.exe 728 UDP 127.0.0.1 2122 * *
svchost.exe 728 UDP 127.0.0.1 2498 * *
svchost.exe 728 UDP 127.0.0.1 2847 * *
svchost.exe 728 UDP 127.0.0.1 2277 * *
svchost.exe 728 UDP 127.0.0.1 2595 * *
svchost.exe 728 UDP 127.0.0.1 2343 * *
svchost.exe 728 UDP 127.0.0.1 4169 * *
svchost.exe 728 UDP 127.0.0.1 2436 * *
svchost.exe 728 UDP 127.0.0.1 1618 * *
svchost.exe 728 UDP 127.0.0.1 1870 * *
svchost.exe 728 UDP 127.0.0.1 1180 * *
svchost.exe 728 UDP 127.0.0.1 4173 * *
svchost.exe 728 UDP 127.0.0.1 1998 * *
svchost.exe 728 UDP 127.0.0.1 1370 * *
svchost.exe 728 UDP 127.0.0.1 2064 * *
svchost.exe 728 UDP 127.0.0.1 2378 * *
svchost.exe 728 UDP 127.0.0.1 2095 * *
svchost.exe 728 UDP 127.0.0.1 2630 * *
svchost.exe 728 UDP 127.0.0.1 2029 * *
svchost.exe 728 UDP 127.0.0.1 2851 * *
svchost.exe 728 UDP 127.0.0.1 2126 * *
svchost.exe 728 UDP 127.0.0.1 3103 * *
svchost.exe 728 UDP 127.0.0.1 3448 * *
svchost.exe 728 UDP 127.0.0.1 2820 * *
svchost.exe 728 UDP 127.0.0.1 1715 * *
svchost.exe 728 UDP 127.0.0.1 2347 * *
svchost.exe 728 UDP 127.0.0.1 4204 * *



#5 winona

winona
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 25 August 2010 - 05:09 PM

All of those listings are:

svchost.exe
PID: 716
netsvcs

I looked in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.

Name: netsvcs
Type: REG_MULTI_SZ
Data: 6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
napagent
hkmsvc

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:27 AM

Posted 25 August 2010 - 05:58 PM

Yes, but we need to know the services that are actually started when the issue is occurring.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users