Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost 60-100% cpu


  • Please log in to reply
14 replies to this topic

#1 kjh242

kjh242

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 20 December 2010 - 09:18 PM

I've had my computer;
Dell Studio I1 735
Windows Vista Home premium Service Pack 1 32-bit
Intel Core 2 Duo T5850 @2.16GHz
3GB RAM

for a while, and recently the svchost process running the Plugplay and DComlauncher services has become extremely cpu-hogging, usually using most, if not all, of it at a time.
Process Explorer has the threads taking up most of this memory as being
TID Start Address
4888 ntdll.dll!Rt!UserThreadStart
2908 ntdll.dll!Rt!UserThreadStart

any thoughts?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 20 December 2010 - 11:14 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 20 December 2010 - 11:33 PM

Attached File  Procexp.txt   9.54KB   5 downloads

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 20 December 2010 - 11:49 PM

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Post new PE log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 21 December 2010 - 02:07 AM

Attached File  Procexp.txt   5.94KB   9 downloads

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 21 December 2010 - 02:24 PM

Pretty bad...
McAfee eating up 43.94% of CPU and Chrome another 35.16%.

Go back to "msconfig" and re-enable all items, you just disabled.

Uninstall McAfee, using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Make sure, you turn Windows firewall ON.

Post fresh PE log.

This is all just for testing. We'll worry about your AV program, when we see PE results.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 22 December 2010 - 04:05 PM

Attached File  Procexp.txt   7.3KB   5 downloads

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 22 December 2010 - 04:54 PM

OK, let's get little bit more info....

Please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    • System Info
    • Services
    • Tasklist
    • Startup Items
    • Event Log
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.

The log can be found in C:\SINO

Note: If you try to interact with the program once itís started scanning it might appear to hang. The scan however will continue.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 22 December 2010 - 05:06 PM

Attached File  SINOLog_1558_22-12-2010.log   43.97KB   6 downloads

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 22 December 2010 - 05:22 PM

Please copy all of the content into your next reply.


System Investigator by Olrik
Log Created On: 1558_22-12-2010
SINO Version: 3.1.0.0

Total RAM: 3069 MB | Free RAM: 1852 MB | Pagefile Size: 3369 MB
C: | 19271 MB out of 228083 MB Free | Local Fixed Disk
D: | 5475 MB out of 10239 MB Free | Local Fixed Disk
E: | 0 MB out of 7892 MB Free | CD-ROM Disc
F: | None | CD-ROM Disc
G: | None | CD-ROM Disc
T: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: MICHAELS_PC
Username: Michael
Language Setting: ENU
Windows Directory: C:\Windows
Windows Version: Windows Vista Service Pack 1
UAC Status: On
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 532
[C:\Windows\system32\csrss.exe] - Process ID: 600
[C:\Windows\system32\wininit.exe] - Process ID: 660
[C:\Windows\system32\csrss.exe] - Process ID: 672
[C:\Windows\system32\services.exe] - Process ID: 704
[C:\Windows\system32\lsass.exe] - Process ID: 716
[C:\Windows\system32\lsm.exe] - Process ID: 724
[C:\Windows\system32\winlogon.exe] - Process ID: 848
[C:\Windows\system32\svchost.exe] - Process ID: 916
[C:\Program Files\Fingerprint Sensor\AtService.exe] - Process ID: 960
[C:\Windows\system32\svchost.exe] - Process ID: 1008
[C:\Windows\System32\svchost.exe] - Process ID: 1056
[C:\Windows\system32\Ati2evxx.exe] - Process ID: 1144
[C:\Windows\System32\svchost.exe] - Process ID: 1168
[C:\Windows\System32\svchost.exe] - Process ID: 1232
[C:\Windows\system32\svchost.exe] - Process ID: 1260
[C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe] - Process ID: 1280
[audiodg.exe] - Process ID: 1368
[C:\Windows\system32\svchost.exe] - Process ID: 1448
[C:\Windows\system32\SLsvc.exe] - Process ID: 1464
[C:\Windows\system32\svchost.exe] - Process ID: 1492
[C:\Windows\system32\Ati2evxx.exe] - Process ID: 1564
[C:\Program Files\Dell\DellDock\DockLogin.exe] - Process ID: 1640
[C:\Windows\system32\svchost.exe] - Process ID: 1720
[C:\Windows\System32\WLTRYSVC.EXE] - Process ID: 1856
[C:\Windows\system32\WLANExt.exe] - Process ID: 1864
[C:\Windows\System32\spoolsv.exe] - Process ID: 1980
[C:\Program Files\DigitalPersona\Bin\DpHostW.exe] - Process ID: 2004
[C:\Windows\system32\svchost.exe] - Process ID: 564
[C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe] - Process ID: 544
[C:\Windows\System32\svchost.exe] - Process ID: 604
[C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe] - Process ID: 1136
[C:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 2068
[C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe] - Process ID: 2080
[C:\Windows\system32\dlcfcoms.exe] - Process ID: 2120
[C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe] - Process ID: 2156
[C:\Windows\system32\PnkBstrA.exe] - Process ID: 2216
[C:\Windows\system32\svchost.exe] - Process ID: 2284
[C:\Windows\system32\svchost.exe] - Process ID: 2368
[C:\Windows\System32\svchost.exe] - Process ID: 2412
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE] - Process ID: 2488
[C:\Windows\system32\SearchIndexer.exe] - Process ID: 2516
[C:\Windows\system32\taskeng.exe] - Process ID: 2600
[C:\Program Files\DigitalPersona\Bin\DpAgent.exe] - Process ID: 3064
[C:\Windows\system32\Dwm.exe] - Process ID: 3156
[C:\Windows\Explorer.EXE] - Process ID: 3200
[C:\Windows\system32\taskeng.exe] - Process ID: 3248
[C:\Windows\System32\alg.exe] - Process ID: 3720
[C:\Windows\System32\WLTRAY.EXE] - Process ID: 3812
[C:\Program Files\DellTPad\Apoint.exe] - Process ID: 3824
[C:\Program Files\Windows Media Player\wmpnscfg.exe] - Process ID: 3940
[C:\Windows\System32\mobsync.exe] - Process ID: 3948
[C:\Windows\ehome\ehtray.exe] - Process ID: 3972
[C:\Program Files\Dell\QuickSet\quickset.exe] - Process ID: 3984
[C:\Program Files\Windows Media Player\wmpnetwk.exe] - Process ID: 3284
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe] - Process ID: 4052
[C:\Windows\ehome\ehmsas.exe] - Process ID: 2808
[C:\Program Files\DellTPad\ApMsgFwd.exe] - Process ID: 3908
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 524
[C:\Program Files\DellTPad\HidFind.exe] - Process ID: 2400
[C:\Program Files\DellTPad\Apntex.exe] - Process ID: 3852
[C:\Windows\System32\bcmwltry.exe] - Process ID: 3840
[C:\Windows\system32\wuauclt.exe] - Process ID: 5596
[c:\program files\windows defender\MpCmdRun.exe] - Process ID: 4136
[C:\Users\Michael\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 3040
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 3076
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 3004
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 4520
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 4516
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 4172
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 5392
[C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe] - Process ID: 5620
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 3056
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 4428
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 4148

<<<< Startup Items >>>>

[QuickSet.lnk] - <Common Startup> - C:\Program Files\Dell\QuickSet\quickset.exe
[Windows Defender] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SysTrayApp] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\IDT\WDM\sttray.exe
[Malwarebytes' Anti-Malware (reboot)] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[Broadcom Wireless Manager UI] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Windows\system32\WLTRAY.exe
[Apoint] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\DellTPad\Apoint.exe
[PlayNC Launcher] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> -
[WMPNSCFG] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[ehTray.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Windows\ehome\ehTray.exe

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Background Intelligent Transfer Service (BITS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Extensible Authentication Protocol (EapHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Event Log (Eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Human Interface Device Access (hidserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k LocalService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Terminal Services (TermService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
WMI Performance Adapter (wmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe

<<<< Non-MS Services >>>>

Application Experience (AeLookupSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Andrea ST Filters Service (AESTFilters) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
Akamai NetSession Interface (Akamai) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k Akamai
Application Information (Appinfo) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Ati External Event Utility (Ati External Event Utility) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\Ati2evxx.exe
AuthenTec Fingerprint Service (ATService) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Fingerprint Sensor\AtService.exe
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Bonjour\mDNSResponder.exe"
Browser Defender Update Service (Browser Defender Update Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe"
dlcf_device (dlcf_device) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\dlcfcoms.exe -service
Dock Login Service (DockLoginService) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Dell\DellDock\DockLogin.exe
Biometric Authentication Service (DpHost) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
ReadyBoost (EMDMgmt) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Function Discovery Provider Host (fdPHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Resource Publication (FDResPub) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k GPSvcGroup
Intel® Matrix Storage Event Monitor (IAANTMON) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
CNG Key Isolation (KeyIso) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
KtmRm for Distributed Transaction Coordinator (KtmRm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Network List Service (netprofm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Program Compatibility Assistant Service (PcaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
PnkBstrA (PnkBstrA) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\PnkBstrA.exe
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Software Licensing (slsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SLsvc.exe
Secure Socket Tunneling Protocol Service (SstpSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Audio Service (STacSV) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Tablet PC Input Service (TabletInputService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic System Host (WdiSystemHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Error Reporting Service (WerSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WLAN AutoConfig (Wlansvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Live ID Sign-in Assistant (wlidsvc) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Dell Wireless WLAN Tray Service (wltrysvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe
Portable Device Enumerator Service (WPDBusEnum) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
Certificate Propagation (CertPropSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
DFS Replication (DFSR) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\DFSR.exe
Windows Media Center Service Launcher (ehstart) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
GoToAssist (GoToAssist) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service
Google Update Service (gupdate1c9f2d5cde320e0) (gupdate1c9f2d5cde320e0) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Google Software Updater (gusvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
iPod Service (iPod Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\iPod\bin\iPodService.exe"
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
nProtect GameGuard Service (npggsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\GameMon.des -service
Peer Networking Identity Manager (p2pimsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Name Resolution Protocol (PNRPsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Smart Card Removal Policy (SCPolicySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
PC Tools Auxiliary Service (sdAuxService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Spyware Doctor\pctsAuxs.exe
PC Tools Security Service (sdCoreService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Spyware Doctor\pctsSvc.exe
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Terminal Services Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SL UI Notification Service (SLUINotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SNMP Trap (SNMPTRAP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
Steam Client Service (Steam Client Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
stllssvr (stllssvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
TPM Base Services (TBS) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic Service Host (WdiServiceHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k wdisvc
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
[color=#0000FF]Problem Reports and Solutions Control Panel Support (wercplsupport)[/color] - [color=#CC6600]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - C:\Windows\System32\svchost.exe -k netsvcs
[color=#0000FF]WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)[/color] - [color=#CC6600]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - C:\Windows\system32\svchost.exe -k LocalService
[color=#0000FF]Windows Remote Management (WS-Management) (WinRM)[/color] - [color=#CC6600]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - C:\Windows\System32\svchost.exe -k NetworkService
[color=#0000FF]Parental Controls (WPCSvc)[/color] - [color=#CC6600]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[color=#0000FF]Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400)[/color] - [color=#CC6600]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[color=#FF0000]<<<< Last 5 Application Errors or Warnings >>>>[/color]

[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 11[/color] | [color=#CC6600]Source: Microsoft-Windows-CAPI2[/color] | Type: Error | Date: 22-12-10 15:1:51 | Log: Application
Message: <The description for Event ID ( 11 ) in Source ( u'Microsoft-Windows-CAPI2' ) could not be found. It contains the following insertion string(s):u'http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab, A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.\r\n'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 10[/color] | [color=#CC6600]Source: WinMgmt[/color] | Type: Error | Date: 22-12-10 15:1:34 | Log: Application
Message: <The description for Event ID ( 10 ) in Source ( u'WinMgmt' ) could not be found. It contains the following insertion string(s):u'//./root/CIMV2, SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99, 0x80041003'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 1000[/color] | [color=#CC6600]Source: Application Error[/color] | Type: Error | Date: 22-12-10 15:1:15 | Log: Application
Message: Faulting application bcmwltry.exe, version 4.170.75.0, time stamp 0x47bcd2d7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01e483db,

process id 0x754, application start time 0x01cba21b3ea827d2.


[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 11[/color] | [color=#CC6600]Source: Microsoft-Windows-CAPI2[/color] | Type: Error | Date: 21-12-10 1:2:45 | Log: Application
Message: <The description for Event ID ( 11 ) in Source ( u'Microsoft-Windows-CAPI2' ) could not be found. It contains the following insertion string(s):u'http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab, A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.\r\n'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 10[/color] | [color=#CC6600]Source: WinMgmt[/color] | Type: Error | Date: 21-12-10 1:2:6 | Log: Application
Message: <The description for Event ID ( 10 ) in Source ( u'WinMgmt' ) could not be found. It contains the following insertion string(s):u'//./root/CIMV2, SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99, 0x80041003'.>
[color=#FF0000]<<<< Last 5 System Errors or Warnings >>>>[/color]

[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 31004[/color] | [color=#CC6600]Source: ipnathlp[/color] | Type: Error | Date: 22-12-10 15:9:43 | Log: System
Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.


[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 7[/color] | [color=#CC6600]Source: Microsoft-Windows-Kernel-Processor-Power[/color] | Type: Warning | Date: 22-12-10 15:0:58 | Log: System
Message: <The description for Event ID ( 7 ) in Source ( u'Microsoft-Windows-Kernel-Processor-Power' ) could not be found. It contains the following insertion string(s):u'1, 71, 1, 0'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 7[/color] | [color=#CC6600]Source: Microsoft-Windows-Kernel-Processor-Power[/color] | Type: Warning | Date: 22-12-10 15:0:58 | Log: System
Message: <The description for Event ID ( 7 ) in Source ( u'Microsoft-Windows-Kernel-Processor-Power' ) could not be found. It contains the following insertion string(s):u'0, 71, 1, 0'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 15016[/color] | [color=#CC6600]Source: HTTP[/color] | Type: Error | Date: 22-12-10 15:0:22 | Log: System
Message: <The description for Event ID ( 15016 ) in Source ( u'HTTP' ) could not be found. It contains the following insertion string(s):u'\\Device\\Http\\ReqQueue, Kerberos'.>
[color=#0000FF]Computer Name: Michaels_PC[/color] | [color=#CC6600]ID: 23[/color] | [color=#CC6600]Source: Microsoft-Windows-Eventlog[/color] | Type: Error | Date: 22-12-10 15:0:10 | Log: System
Message: <The description for Event ID ( 23 ) in Source ( u'Microsoft-Windows-Eventlog' ) could not be found. It contains the following insertion string(s):u'5, RtsLauncher'.>
[color=#FF0000]<<<< Special Events >>>>[/color]

There were no special events found



------ End of File ------

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 22 December 2010 - 05:37 PM

OK, let's summarize, what we found so far.
PE indicates two processes hogging your CPU:
- svchost.exe 44.64% C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted (involves wlanext.exe and dwm.exe)
- svchost.exe 47.66% C:\Windows\System32\svchost.exe -k WerSvcGroup (involves WerFault.exe)

Before we go any further, my question is...
Why there is no Service Pack 2 installed?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 22 December 2010 - 06:36 PM

you know, that's a good question. should i install it, then repost PE?

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 22 December 2010 - 07:01 PM

Go ahead.
Make sure, all other Windows updates are current.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 kjh242

kjh242
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 23 December 2010 - 09:20 PM

Attached File  Procexp.txt   7.47KB   4 downloads

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:45 PM

Posted 23 December 2010 - 09:26 PM

It looks pretty decent...
System Idle Process at 82.11%
Acceptable.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users