I ended up at bleepingcomputer while trying to troubleshoot my wifes Windows XP Pro computer (Dell). The first signs began a couple of weeks ago when the computer started getting very slow and unresponsive. After running AVG, Spybot, Adaware, SysInternals RootkitRevealer and cleaning up with CCleaner and HiJak-this (only minor items were found), I found that the culprit was a runaway svchost.exe process.
Using Sysinternals Process Explorer tool, I discovered that it was the latest (usually the largest PID of all running svchost processes) svchost process that start at a few Mb and grow to 500 Mb or more if I let it. Additionally, this process would consume nearly all of the CPU cycles, and started creating dozens of TCP/IP connections to numerous hosts on the Internet. By using Sysinternals TCPview, I was able to watch the number of connections grow that were started by this particular svchost process.
I was able to verify that it was this svchost process controlling these issues since Process Explore can pause and resume processes. If I delete the svchost process, another one would be created shortly thereafter. However, by pausing this svchost process early on, the cpu will be freed up and the network traffic stops, but memory is still allocated. Pausing svchost allows other applications to work better, but no new applications will run (They show up in task manager and Process Explorer, but no window shows in the GUI.) unless svchost is resumed.
I think someone else in the forum may have a similar problem. I'd like to hear any suggestions. I'm at the point where I am backing up data and getting ready to reinstall the OS, by my curiosity is getting the better of me and I'd like to find out what the real issue is.
Edited by Budapest, 16 December 2011 - 05:09 PM.
Moved from Introductions ~Budapest