Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe "running in the sky"


  • Please log in to reply
3 replies to this topic

#1 richardo11

richardo11

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 27 October 2010 - 08:11 PM

Hello friends again.

I have been observing what i believe an extreme memory comsuption my just one of the many svchost.exe processes, that one is never below ~100.000K and sometimes goes well above the ~150.000K :huh:

Wonder I, it is that normal (Windows 7 Home Premium)

I have runned several times NOD32 Internet Security, last version and updated, adware, spybot, registry cleaners and what I could imagine, but none finds noting at all.

You tell me.

Thakns for your time.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:06 AM

Posted 27 October 2010 - 10:28 PM

Welcome aboard Posted Image

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 richardo11

richardo11
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 27 October 2010 - 11:36 PM

Thanks Boni for your answer.

I've trough hell, i though it could be this sticks that plugs in USB ports, i don't know how thet are called, for having a mobil internet.

So i download the new drivers, desisntall the aplication and reinstall the new one, but after installed the program was not working because one of the many drivers was lost OS was telling. I try uninstall\reoinstall several times, but with the same resault.

So i was left without internet. I extracted manually one of the cabinets (there is two, x32 and x64, neede to install first x32, and later x64) were the missed and not installing driver was showing put the installer in that folder and ...... nothing.

Put back the installer and the cabinet together but lefting the extarcted files\foler were it was (at the same root), try again and ......BINGO .... Who knows how softwar works!!!

So this little thing as an amateur-pc-digger, and now that i have back internet, here is the post with the attached file you say, B.t.w, svchost still is after all sky-rocket-device.

You must pardon me, i do not find how to attach the file, so i just copy it.

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 66.92 0 K 24 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts
DPCs n/a 2.31 0 K 0 K Deferred Procedure Calls
System 4 112 K 304 K
smss.exe 236 440 K 1 112 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 376 2 104 K 4 112 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 448 1 436 K 4 336 K Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 496 5 532 K 11 884 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 688 4 696 K 9 636 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 764 4 536 K 8 548 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
atiesrxx.exe 848 1 396 K 4 108 K AMD External Events Service Module AMD C:\Windows\system32\atiesrxx.exe
atieclxx.exe 752 2 088 K 5 896 K AMD External Events Client Module AMD atieclxx
svchost.exe 908 15 440 K 17 024 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 208 15 976 K 15 832 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2a8
svchost.exe 940 0.77 99 964 K 107 432 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1628 1.54 42 928 K 67 652 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
WUDFHost.exe 2260 2 108 K 6 064 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-396085d3-1ba5-4d07-b20b-5b059ca13b25 -SystemEventPortName:HostProcess-c6abe91a-2b05-4e37-9309-047cb7566f07 -IoCancelEventPortName:HostProcess-e5fd244d-ae47-4c60-8c92-006c4e200739 -NonStateChangingEventPortName:HostProcess-d724b644-cd36-43fc-b525-07409139248e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:039302ff-842d-4bd6-bd9d-817ce459b664
svchost.exe 984 18 660 K 33 704 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2692 1 964 K 5 660 K Task Scheduler Engine Microsoft Corporation taskeng.exe {6D3D7FC5-78BD-4240-8F28-AC4AED90890C}
CLMLSvc.exe 2728 23 312 K 4 572 K CyberLink MediaLibray Service CyberLink "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
svchost.exe 384 5 988 K 10 696 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 544 18 032 K 17 928 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1080 7 400 K 7 552 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ekrn.exe 1148 59 244 K 65 900 K ESET Service ESET "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
svchost.exe 1196 2 396 K 8 388 K Host Process for Windows Services Microsoft Corporation C:\Windows\SysWOW64\svchost.exe -k netsvcs
taskhost.exe 1600 8 076 K 9 196 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
svchost.exe 2136 1 792 K 5 280 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
SearchIndexer.exe 2452 26 940 K 24 356 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchFilterHost.exe 1160 2 632 K 6 316 K Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
SearchProtocolHost.exe 4076 3 564 K 8 896 K Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe18_ Global\UsGthrCtrlFltPipeMssGthrPipe18 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
svchost.exe 2072 83 848 K 29 672 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
SecMIPService.exe 2644 2 612 K 8 352 K Service COM module Swisscom "C:\Program Files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe"
lsass.exe 512 3 748 K 10 344 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 528 2 476 K 4 212 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 460 0.77 11 084 K 17 296 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 584 2 492 K 6 660 K Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 1656 40 404 K 82 628 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
egui.exe 1944 8 432 K 19 160 K ESET GUI ESET "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
sidebar.exe 1968 8 416 K 22 340 K Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
MagicDisc.exe 2056 3 004 K 7 600 K MagicISO Virtual CD/DVD Manager MagicISO, Inc. "C:\Program Files (x86)\MagicDisc\MagicDisc.exe"
mobilt bredband.exe 772 29 428 K 45 088 K "C:\Program Files (x86)\Telenor\mobilt bredband\mobilt bredband.exe"
iexplore.exe 1824 11 768 K 28 700 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 1788 3.85 114 468 K 123 044 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1824 CREDAT:79873
iexplore.exe 2904 47 312 K 52 072 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1824 CREDAT:79874
iexplore.exe 3428 23.08 101 488 K 105 720 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1824 CREDAT:14350
WINWORD.EXE 3916 23 896 K 42 668 K Microsoft Office Word Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
Everything.exe 3904 15 748 K 24 108 K Everything "C:\Program Files (x86)\Everything\Everything.exe"
procexp.exe 3748 1 752 K 8 356 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\richard\Desktop\Process Explorer\procexp.exe"
procexp64.exe 3136 17 748 K 33 860 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\richard\Desktop\Process Explorer\procexp.exe"
MOM.exe 2636 37 900 K 5 616 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
CCC.exe 2872 55 176 K 7 564 K Catalyst Control Centre: Host application ATI Technologies Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
dinotify.exe 2660 2 544 K 8 696 K Windows Device Installation Microsoft Corporation "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:06 AM

Posted 28 October 2010 - 12:11 AM

You shouldn't worry too much about RAM usage (Vista and 7 handle RAM differently, than previous Windows versions), but your CPU usage is not normal.

System Idle Process (CPU NOT used) is listed at 66.92% (very low) and it looks like IE (iexplore.exe) is the main culprit, using 23.08 + 3.85 = 26.93% of your CPU cycles.

Looking at some other processes makes me believe, your computer may be infected.

I suggest, you start a new topic at "Am I Infected?" forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users