Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SvcHost is running the CPU at 100%


  • Please log in to reply
19 replies to this topic

#1 GatorKen

GatorKen

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 02 November 2011 - 07:45 PM

Hi - I posted this in the Windows XP forum, and after I ran a Microsoft Security Essentials scan, MalwareBytes Scan and a SuperAntiSpyware scan, I'm still having the same problem. The SvcHost is for the wuauclt.exe program, per ProcessExplorer.

A member is wanting to rule out Malware, though I think it was caused from a Windows Update. He wanted me to post here and reference my original thread: http://www.bleepingcomputer.com/forums/topic425898.html/page__gopid__2461747#entry2461747

I have a demo I need to do on this laptop Friday, so I'm praying that I can get this resolved before then. Thank you in advance for any help you can provide.

BC AdBot (Login to Remove)

 


#2 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 15 November 2011 - 11:17 AM

Hi - I know you guys don't like bumping threads, but I haven't gotten a response for help in over a week. I really need to resolve this so I can get back to work. Please help!
Thanks,
Ken

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 15 November 2011 - 01:13 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 16 November 2011 - 03:08 PM

Thanks for taking the time to help me. I'm attaching the results of all the scans. Please note that I had to stop the problem svchost.exe that is causing the cpu to run at 100% before running these scans or else it would have taken 3 weeks to run them.

SECURITY CHECK:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Symantec AntiVirus Client
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
EasyCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



MALWAREBYTES:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8176

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/16/2011 10:27:52 AM
mbam-log-2011-11-16 (10-27-52).txt

Scan type: Quick scan
Objects scanned: 207941
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




MINITOOL:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MiniToolBox by Farbar
Ran by aclemente (administrator) on 16-11-2011 at 10:05:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : LAPTOPDELL Primary Dns Suffix . . . . . . . : metapharmacy.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : 00-12-3F-DA-76-63Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection Physical Address. . . . . . . . . : 00-12-F0-AB-E8-06Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f da 76 63 ...... Broadcom 440x 10/100 Integrated Controller - SecuRemote Miniport
0x3 ...00 12 f0 ab e8 06 ...... Intel® PRO/Wireless 2200BG Network Connection - SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2011 09:51:31 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/15/2011 01:51:16 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/14/2011 04:45:22 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/14/2011 08:45:27 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/11/2011 04:14:30 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/11/2011 08:14:36 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/10/2011 11:30:01 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/10/2011 03:30:01 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/09/2011 07:30:01 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/09/2011 11:30:01 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (11/16/2011 10:00:02 AM) (Source: DCOM) (User: aclemente)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/16/2011 09:51:25 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/15/2011 01:51:10 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/14/2011 01:00:23 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/14/2011 08:45:23 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/11/2011 00:29:31 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/11/2011 08:14:31 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/10/2011 03:45:02 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/10/2011 11:45:02 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/10/2011 07:45:02 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain METAPHARMACY due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (09/13/2010 09:28:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1353 seconds with 180 seconds of active time. This session ended with a crash.

Error: (09/13/2010 09:05:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 519 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/13/2010 08:48:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 68924 seconds with 540 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

7-Zip 9.10 beta
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 7.1.0 (Version: 7.1.0)
Advertising Center (Version: 0.0.0.2)
ALPS Touch Pad Driver
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI Control Panel (Version: 6.14.10.5125)
ATI Display Driver (Version: 8.063.2.1-041203a-019751C-Dell)
ATI Parental Control & Encoder (Version: 3.0)
Broadcom Management Programs 2 (Version: 7.82.01)
Calculator Powertoy for Windows XP (Version: 1.00.0001)
CCleaner (Version: 2.27)
Cisco AnyConnect VPN Client (Version: 2.5.3046)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Conexant D110 MDC V.9x Modem
DAO (Version: 3.5)
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects (Version: Release 5)
dBpoweramp FLAC Codec (Version: Release 12 (FLAC 1.2.1))
dBpoweramp m4a Codec (Version: Release 9)
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec (Version: Release 2a (v4.0.3))
dBpoweramp Music Converter (Version: Release 13.3)
dBpoweramp Ogg Vorbis Codec (Version: Release 19 (Vorbis v1.2.0))
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
DCS-900 Series Setup Wizard
Dell Digital Jukebox Driver
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Line Detect (Version: 1.14)
DolbyFiles (Version: 2.0)
EasyCleaner (Version: 2.0.6.380)
EPSON Printer Software
EPSON Scan
FileZilla Client 3.5.0 (Version: 3.5.0)
FlipShare (Version: 5.0.5.52727)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) (Version: 9.3.4053)
HDView for Firefox (Version: 1.0.20)
HP Photosmart Essential (Version: 1.12.0.46)
HP Update (Version: 4.000.006.002)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImagXpress (Version: 7.0.74.0)
InstallShield Express 5.0 Visual FoxPro Limited Edition (Version: 5.00.0300)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
Internal Network Card Power Management (Version: 1.7.0)
Internet Explorer Default Page (Version: 1.00.03)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Lexmark Printer Software Uninstall
LG USB Modem driver
LiveReg (Symantec Corporation) (Version: 2.0.6.1314)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech High Quality Video (Version: 12.10.1113)
Logitech iTouch Software
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LogMeIn (Version: 2.20.475)
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
mCore (Version: 9.03.0000)
mDriver (Version: 9.03.0000)
mDrWiFi (Version: 9.03.0000)
Menu Templates - Starter Kit (Version: 9.4.6.0)
MetaFrame Presentation Server Web Client for Win32
mHlpDell (Version: 9.03.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Bookshelf 1998 (Remove ONLY)
Microsoft Color Control Panel Applet for Windows XP (Version: 01.00.0177.00)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Internet Explorer 5 PowerTweaks Web Accessory
Microsoft Internet Explorer 5 PowerTweaks WebZone Accessory
Microsoft Location Finder (Version: 2.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.190)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.8305.0)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SOAP Toolkit 3.0 (Version: 3.00.1325.3)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (Version: 1)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (Version: 6.1.5294.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (Version: 6.1.5294.17011)
MiniTool Power Data Recovery
mIWA (Version: 9.03.0000)
mLogView (Version: 9.03.0000)
mMHouse (Version: 9.03.0000)
Modem Helper (Version: 2.41)
Movie Templates - Starter Kit (Version: 9.4.6.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
mPfMgr (Version: 9.03.0000)
mPfWiz (Version: 9.03.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.03.0000)
mSSO (Version: 9.03.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
mToolkit (Version: 9.03.0000)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.03.0000)
mZConfig (Version: 9.03.0000)
Nero 9 Trial
Nero BurnRights (Version: 3.4.13.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.12.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero PhotoSnap (Version: 2.4.28.0)
Nero Recode (Version: 4.4.38.1)
Nero Rescue Agent (Version: 2.4.14.100)
Nero ShowTime (Version: 5.4.21.100)
Nero StartSmart (Version: 9.4.19.100)
Nero Vision (Version: 6.4.16.100)
Nero WaveEditor (Version: 5.4.37.1)
NeroBurningROM (Version: 9.4.26.100)
NeroExpress (Version: 9.4.26.100)
neroxml (Version: 1.0.0)
Network Stumbler 0.4.0 (remove only)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pidgin (Version: 2.9.0)
Pixia (Version: 4.70j)
PowerDVD 5.5
QuickSet (Version: 3.9.4)
QuickTime (Version: 7.69.80.9)
Remote Control USB Driver (Version: 2.3.2.317)
RSA SecurID Toolbar 1.4.2 for Internet Explorer (Version: 1.4.2.0)
ScreenPrint32 v3.5
ScreenPrint32 v3.5 (C:\Program Files\ScreenPrint32 v3\)
Secunia PSI
SiSoftware Sandra Lite 2007 (Win64/32/CE) (Version: 10.99.2007.6)
Smart Defrag 1.03
Sonic DLA (Version: 4.95)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SoundTrax (Version: 4.4.37.1)
SQL Server System CLR Types (Version: 10.0.1600.22)
SUPERAntiSpyware (Version: 5.0.1134)
Symantec AntiVirus Client (Version: 8.0.0.374)
Symantec pcAnywhere (Version: 10.5.1)
TClockEx
TeamViewer 6 (Version: 6.0.10722)
TightVNC 1.2.9 (Version: 1.2.9)
TitanTV Client components for ATI (Version: 1.0.4)
TortoiseSVN 1.5.6.14908 (32 bit) (Version: 1.5.14908)
Total Commander (Remove or Repair)
Trust Setter
Tweak UI
Visual C++ 2008 IA64 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 2008 x64 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148) (Version: 9.0.30729.4148)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (Version: 9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) (Version: 9.0.30729.4148)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (Version: 9.0.30729.4148)
Visual FoxPro 8.0 Baseline - English (Version: 8.00.2518)
Visual FoxPro 9.0 Baseline - English (Version: 9.00.2412)
VPN Client
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
WinRAR archiver
Wireshark 1.6.0 (Version: 1.6.0)
Xilisoft Video Converter Ultimate (Version: 5.1.39.0305)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 767.4 MB
Available physical RAM: 460.78 MB
Total Pagefile: 2258.28 MB
Available Pagefile: 2050.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.17 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:33.43 GB) (Free:4.44 GB) NTFS
2 Drive d: (STUFF_FOR_KEN) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
3 Drive f: (KENSTHUMB) (Removable) (Total:3.72 GB) (Free:2.28 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
LogMeInRemoteUser meta Stan
SUPPORT_388945a0


**** End of log ****




GMER:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 15:00:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400VE-75HDT0 rev.09.07D09
Running: Gmer.exe; Driver: C:\DOCUME~1\ACLEME~1\LOCALS~1\Temp\uxrciuow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\Tcp Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\Udp Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\RawIp Scap.sys (Check Point Software Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011f6057d2e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011f6085a3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158316bd9b (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6057d2e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6085a3d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158316bd9b
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011f6057d2e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011f6085a3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158316bd9b (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\LocalServer32@ C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ gcasDtServ.Agents
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {CEACE91F-3F71-4A8C-B952-63716B2BC026}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VERSION@ 1.0

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 16 November 2011 - 07:45 PM

You're running two AV programs, Norton and MSE.
One of them has to go.
If Norton, use this tool to uninstall it: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

When done....

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 17 November 2011 - 09:30 AM

I have tried to remove the Symantic AntiVirus Client before. I don't use it and usually just keep it so it doesn't load. I reset the applications that load in msconfig trying to resolve this svchost.exe.

When I try to remove the Symantic Antivirus in Add/Remove - I get an error message that "The InstallScript engine is missing from this machine. If available, please run ISScript.msi or contact support". When I run the Norton uninstall tool, it tells me that I need to uninstall from Add/Remove programs first.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 17 November 2011 - 05:53 PM

I posted a link to Norton Removal Tool.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 18 November 2011 - 08:20 AM

I posted a link to Norton Removal Tool.

I know you did and I used it.

When I try to remove the Symantic Antivirus in Add/Remove - I get an error message that "The InstallScript engine is missing from this machine. If available, please run ISScript.msi or contact support". When I run the Norton uninstall tool, it tells me that I need to uninstall from Add/Remove programs first.


So when I use the tool, it tells me to use the Add/Remove Programs first. When I try to use Add/Remove Programs, it tells me that the ISScript.msi is missing. I had it set that it wouldn't load on start up and was getting the svchost problem without it running, so uninstalling it will not fix the problem, IMHO.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 18 November 2011 - 08:00 PM

Try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 November 2011 - 03:43 PM

OK, I uninstalled the Symantic Client Antivirus using the Revo tool. Thanks!

However, it didn't help the CPU issue. Anything else you can suggest I do to fix it?

Thanks again!

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 28 November 2011 - 09:59 PM

Give me fresh Process Explorer log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 November 2011 - 09:24 AM

OK, I'll post it soon. I will be running it with the problem svchost.exe process killed since it would take FOREVER for it to run with that process eating up all of the CPU. I'm downloading and installing the latest XP update first in hopes that they've come out with a fix for this. The one that supposedly had a fix didn't fix it. If you need me to run the Process Explorer log with the problem svchost.exe running, I'll have to initiate that and let it run overnight. Let me know if you need the log with the problem svchost.exe running or if it's ok to give you the log without it running. Thanks again!

#13 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 November 2011 - 11:35 AM

Process Explorer log without the problem SVCHOST.exe running:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 95.31 0 K 28 K
System 4 0 K 56 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 964 176 K 60 K Windows NT Session Manager Microsoft Corporation
csrss.exe 1096 1.56 1,744 K 2,240 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1120 8,436 K 3,732 K Windows NT Logon Application Microsoft Corporation
services.exe 1172 2,048 K 1,592 K Services and Controller app Microsoft Corporation
ati2evxx.exe 1368 580 K 472 K ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1384 3,176 K 1,628 K Generic Host Process for Win32 Services Microsoft Corporation
Dot1XCfg.exe 936 6,216 K 344 K Intel 802.1x Server Intel Corporation
wmiprvse.exe 780 2,420 K 4,968 K WMI Microsoft Corporation
svchost.exe 1460 1,988 K 1,604 K Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1660 91,100 K 38,784 K Antimalware Service Executable Microsoft Corporation
svchost.exe 1748 2,412 K 116 K Generic Host Process for Win32 Services Microsoft Corporation
EvtEng.exe 160 8,396 K 352 K Intel® PROSet/Wireless Event Log Intel Corporation
S24EvMon.exe 228 9,332 K 1,700 K Wireless Management Service Intel Corporation
WLKEEPER.exe 288 8,800 K 796 K WLANKEEPER Intel® Corporation
svchost.exe 644 1,516 K 1,168 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 772 1,596 K 760 K Generic Host Process for Win32 Services Microsoft Corporation
vpnagent.exe 884 7,300 K 176 K VPN Agent Service Cisco Systems, Inc.
spoolsv.exe 840 5,252 K 1,008 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1756 1,252 K 92 K Generic Host Process for Win32 Services Microsoft Corporation
aspnet_state.exe 1988 984 K 1,068 K Microsoft ASP.NET State Server Microsoft Corporation
jqs.exe 1520 2,356 K 1,420 K Java™ Quick Starter Service Sun Microsystems, Inc.
lxdicoms.exe 928 4,660 K 2,676 K Printer Communication System
NBService.exe 1008 5,448 K 56 K Nero BackItUp Nero AG
NicConfigSvc.exe 668 3,476 K 452 K Internal Network Card Power Management Service Dell Inc.
RegSrvc.exe 2016 880 K 48 K Intel® PROSet/Wireless Registry Service Intel Corporation
svchost.exe 380 2,556 K 2,032 K Generic Host Process for Win32 Services Microsoft Corporation
TeamViewer_Service.exe 300 6,308 K 1,224 K TeamViewer Remote Control Application TeamViewer GmbH
TeamViewer.exe 3784 15,624 K 1,612 K TeamViewer Remote Control Application TeamViewer GmbH
alg.exe 3308 1,184 K 120 K Application Layer Gateway Service Microsoft Corporation
svchost.exe 400 32,032 K 26,076 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3776 6,448 K 6,880 K Windows Update Microsoft Corporation
lsass.exe 1184 4,172 K 3,200 K LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1016 620 K 872 K ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 2028 32,636 K 27,504 K Windows Explorer Microsoft Corporation
TSVNCache.exe 2764 3,456 K 2,300 K TortoiseSVN status cache http://tortoisesvn.net
E_FATI9HA.EXE 3708 696 K 660 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION
msseces.exe 2112 4,896 K 480 K Microsoft Security Client User Interface Microsoft Corporation
lxdimon.exe 2120 1,720 K 980 K Device Monitor
lxdiamon.exe 2136 18,400 K 6,384 K Device Monitor Application
ZCfgSvc.exe 1608 7,396 K 876 K ZeroCfgSvc MFC Application Intel Corporation
taskmgr.exe 2944 1,440 K 2,172 K Windows TaskManager Microsoft Corporation
iFrmewrk.exe 2948 9,736 K 1,800 K Intel Framework MFC Application Intel Corporation
hpwuSchd2.exe 3000 620 K 456 K Hewlett-Packard Product Assistant Hewlett-Packard Co.
atiptaxx.exe 3100 2,872 K 480 K ATI Desktop Control Panel ATI Technologies, Inc.
Apoint.exe 1816 1,596 K 556 K Alps Pointing-device Driver Alps Electric Co., Ltd.
jusched.exe 3144 1,512 K 88 K Java™ Update Scheduler Sun Microsystems, Inc.
ctfmon.exe 1624 992 K 1,572 K CTF Loader Microsoft Corporation
Dropbox.exe 1316 41,020 K 10,248 K Dropbox Dropbox, Inc.
Snagit32.exe 3292 1,116 K 580 K SNAGIT32 MFC Application TechSmith Corporation
Revouninstaller.exe 3720 8,840 K 2,000 K Revo Uninstaller VS Revo Group
firefox.exe 3696 1.56 562,484 K 130,824 K Firefox Mozilla Corporation
OUTLOOK.EXE 1628 55,360 K 27,684 K Microsoft Office Outlook Microsoft Corporation
procexp(2).exe 3588 1.56 26,780 K 33,028 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ApntEx.exe 908 452 K 300 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
Ymsgr_tray.exe 3200 18,424 K 404 K Yahoo! Messenger Tray Yahoo! Inc.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 29 November 2011 - 07:28 PM

CPU usage looks perfectly normal.
System Idle Process (CPU NOT used) is listed at 95.31%

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 GatorKen

GatorKen
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 November 2011 - 09:55 PM

That's because I had killed the process that was causing the problem. Here is the ProcessExplorer log when the svchost is using up the CPU:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 0 K 28 K
System 4 0 K 60 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 728 176 K 56 K Windows NT Session Manager Microsoft Corporation
csrss.exe 832 1,840 K 1,140 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 864 7,072 K 1,768 K Windows NT Logon Application Microsoft Corporation
services.exe 908 25.00 1,924 K 1,532 K Services and Controller app Microsoft Corporation
ati2evxx.exe 1104 584 K 416 K ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1120 3,140 K 1,160 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2680 2,028 K 1,076 K WMI Microsoft Corporation
Dot1XCfg.exe 2520 6,228 K 1,552 K Intel 802.1x Server Intel Corporation
svchost.exe 1200 1,928 K 1,416 K Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1236 92,584 K 38,444 K Antimalware Service Executable Microsoft Corporation
svchost.exe 1276 73.44 21,608 K 25,288 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 1868 11,320 K 6,644 K Windows Update Microsoft Corporation
wuauclt.exe 3152 2,272 K 4,296 K

svchost.exe 1320 2,412 K 248 K Generic Host Process for Win32 Services Microsoft Corporation
EvtEng.exe 1548 8,408 K 1,640 K Intel® PROSet/Wireless Event Log Intel Corporation
S24EvMon.exe 1664 9,228 K 2,452 K Wireless Management Service Intel Corporation
WLKEEPER.exe 1696 8,820 K 1,784 K WLANKEEPER Intel® Corporation
svchost.exe 1884 1,216 K 860 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1972 1,512 K 260 K Generic Host Process for Win32 Services Microsoft Corporation
vpnagent.exe 2032 7,236 K 984 K VPN Agent Service Cisco Systems, Inc.
spoolsv.exe 592 5,320 K 1,304 K Spooler SubSystem App Microsoft Corporation
svchost.exe 452 1,272 K 568 K Generic Host Process for Win32 Services Microsoft Corporation
aspnet_state.exe 508 984 K 408 K Microsoft ASP.NET State Server Microsoft Corporation
jqs.exe 620 2,112 K 976 K Java™ Quick Starter Service Sun Microsystems, Inc.
lxdicoms.exe 200 3,056 K 2,976 K Printer Communication System
NBService.exe 124 5,460 K 1,172 K Nero BackItUp Nero AG
NicConfigSvc.exe 1160 3,488 K 1,080 K Internal Network Card Power Management Service Dell Inc.
RegSrvc.exe 1340 892 K 916 K Intel® PROSet/Wireless Registry Service Intel Corporation
svchost.exe 1532 2,528 K 824 K Generic Host Process for Win32 Services Microsoft Corporation
TeamViewer_Service.exe 1556 7,284 K 4,552 K TeamViewer Remote Control Application TeamViewer GmbH
TeamViewer.exe 2328 15,436 K 3,212 K TeamViewer Remote Control Application TeamViewer GmbH
alg.exe 3188 1,196 K 520 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 920 3,996 K 1,828 K LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1836 612 K 1,048 K ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 2128 22,188 K 24,764 K Windows Explorer Microsoft Corporation
TSVNCache.exe 2640 3,396 K 812 K TortoiseSVN status cache http://tortoisesvn.net
E_FATI9HA.EXE 3256 696 K 660 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION
msseces.exe 3660 4,784 K 1,076 K Microsoft Security Client User Interface Microsoft Corporation
lxdimon.exe 3780 1,716 K 1,008 K Device Monitor
lxdiamon.exe 3844 17,584 K 1,888 K Device Monitor Application
ZCfgSvc.exe 3912 7,424 K 2,144 K ZeroCfgSvc MFC Application Intel Corporation
iFrmewrk.exe 3984 9,748 K 2,744 K Intel Framework MFC Application Intel Corporation
hpwuSchd2.exe 3992 616 K 304 K Hewlett-Packard Product Assistant Hewlett-Packard Co.
atiptaxx.exe 4004 2,864 K 516 K ATI Desktop Control Panel ATI Technologies, Inc.
Apoint.exe 4024 1,592 K 624 K Alps Pointing-device Driver Alps Electric Co., Ltd.
msconfig.exe 4032 1,852 K 632 K System Configuration Utility Microsoft Corporation
jusched.exe 4064 756 K 860 K Java™ Update Scheduler Sun Microsystems, Inc.
ctfmon.exe 4072 952 K 1,532 K CTF Loader Microsoft Corporation
Dropbox.exe 320 37,736 K 7,036 K Dropbox Dropbox, Inc.
procexp(2).exe 324 1.56 27,008 K 8,128 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Snagit32.exe 336 1,116 K 476 K SNAGIT32 MFC Application TechSmith Corporation
firefox.exe 2428 108,272 K 55,400 K
cmd.exe 2732 2,008 K 124 K
ApntEx.exe 244 452 K 300 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
Ymsgr_tray.exe 2512 18,408 K 1,012 K Yahoo! Messenger Tray Yahoo! Inc.



It oscillates between 70 and 100% usage. At this particular moment, it was using 73%

Edited by GatorKen, 29 November 2011 - 09:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users