Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe at 100% CPU @ log in


  • Please log in to reply
15 replies to this topic

#1 The Gyro39

The Gyro39

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 11 August 2012 - 04:50 PM

Hi, haven't posted in a long time (Because I haven't had to deal with problems until now) but this problem is very annoying.

I log in, and wait for things to settle but I notice programs start start up slow. I recently found out that one svchost was bogging down my PC:

Posted Image

I am 1005 sure I do not have any malware/spyware/trojans or what ever. I spent a couple of months trying to fix my taskbar problems and during that it was announced my computer was clean. I have pretty clean boot up, so not a lot of things start upon login.I would just like to fix this problem. Tired of Ctrl+Alt+Del'ing, ending the process & going into services.msc to restart Themes (When I kill the process, my appearance goes to "Classic")

BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:58 AM

Posted 11 August 2012 - 05:02 PM

1) How are you 100% sure your system is malware-free?

2) Have you tried a clean boot? If not, let's do it now. Open msconfig and on the General tab choose "selective startup" (uncheck all three items) and reboot. Does the problem still occur? If not, start adding items back to msconfig one or two at a time, rebooting after each change, until the problem reappears and you'll have identified the offending process. This is clearly a time consuming procedure, but it is the best way to determine if some process loading with the system is the cause of your problem.
After you've isolated the cause, do not use msconfig to permanently disable the process. Instead, if it is a service go to START - RUN and type: services.msc (then press enter) and disable the service OR, if it a program, you can download & run a simple app such as Mike Lin's Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) to enable, disable, or otherwise manage startup programs.

#3 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 13 August 2012 - 06:35 PM

1) How are you 100% sure your system is malware-free?

2) Have you tried a clean boot? If not, let's do it now. Open msconfig and on the General tab choose "selective startup" (uncheck all three items) and reboot. Does the problem still occur? If not, start adding items back to msconfig one or two at a time, rebooting after each change, until the problem reappears and you'll have identified the offending process. This is clearly a time consuming procedure, but it is the best way to determine if some process loading with the system is the cause of your problem.
After you've isolated the cause, do not use msconfig to permanently disable the process. Instead, if it is a service go to START - RUN and type: services.msc (then press enter) and disable the service OR, if it a program, you can download & run a simple app such as Mike Lin's Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) to enable, disable, or otherwise manage startup programs.



1.) Trust me, there's a thread in the Malware section and after a good 7 pages, the guy assisting declared my pc was clean. Ran combofix, Mbam, SAS & Avast.
Mod Edit: Referenced topic at http://www.bleepingcomputer.com/forums/topic437192.html/page__st__60 - Hamluis.

2.) I'll have to try that again. And there's 4 items

Edited by hamluis, 14 August 2012 - 09:55 AM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 13 August 2012 - 06:51 PM

Lets see what is going on with that machine of yours.

download FarbarServiceScanner and run it on the computer with the issue.


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and Attach the result.

#5 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 19 August 2012 - 01:21 PM

Farbar scan log:

Farbar Service Scanner Version: 06-08-2012
Ran by Mohammed (administrator) on 19-08-2012 at 14:09:49
Running from "E:\Documents and Settings\Mohammed\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3, v.6223 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Attached Files



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 19 August 2012 - 01:46 PM

Download Ad-ware Cleaner Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


Download Autoruns and Autorunsc unzip Autoruns to your desktop run it.See any entries that read file not found when you see them right click and select delete (or just simply uncheck if you do not feel comfy deleting)do this only for the entries that read file not found also uncheck any scheduled task that are set to run on your machine,close the program.
http://download.sysinternals.com/files/Autoruns.zip



1. Right click on My Computer > Properties > Hardware Tab > Device Manager
2. Left click the IDE ATA/ATAPI Controllers group
3. Right click on Primary IDE and hit Uninstall if there are more than one then unistall them all each one will request a reboot wait until you have uninstalled them all and when the last one reuquest the reboot then do it.
4. Reboot the computer, the Primary IDE drivers will re-install themselves after you reboot.
5. Go back to the Device Manager and Left click the IDE ATA/ATAPI Controllers group again.
6. Right click on Primary IDE Channel and go to Properties > Advanced Settings tab.
7. Make sure that both Device's Modes are on "DMA if available".
8. Link Explaining http://msdn.microsoft.com/en-us/library/windows/hardware/gg463526.aspx

Open msconfig and disable everything from your startup except avast.


Please download TFC by Old Timer and save it to your desktop.
tempfilecleaner
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.If TFC doesnt prompt a reboot then please do so manually

#7 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 22 August 2012 - 04:41 PM

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 17:35:10
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.6223 (32 bits)
# User : Mohammed - MOHAMMED-PC
# Boot Mode : Normal
# Running from : E:\Documents and Settings\Mohammed\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Deleted : E:\Documents and Settings\Mohammed\Local Settings\Application Data\AskToolbar
Folder Deleted : E:\Documents and Settings\Mohammed\Application Data\AVG Secure Search
Folder Deleted : E:\Documents and Settings\Mohammed\Application Data\Viewpoint
Folder Deleted : E:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : E:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : E:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : E:\Program Files\Viewpoint
Folder Deleted : E:\Program Files\Common Files\AVG Secure Search
Folder Deleted : E:\Program Files\Common Files\Software Update Utility
Folder Deleted : E:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : E:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\ae2ftbiv.default\searchplugins\Askcom.xml
File Deleted : E:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : E:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : E:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : E:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : E:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C490BF5-4244-4310-B4A7-3361F288DAC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41069220-F72A-40EA-A8F3-BCD5E1FBC8F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : E:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\ae2ftbiv.default\prefs.js

E:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\ae2ftbiv.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "E:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bed96cbc2-7307-43ae-9c4c-a3a75030084c%[...]

Profile name : default
File : E:\Documents and Settings\Administrator.MOHAMMED-0C15F1\Application Data\Mozilla\Firefox\Profiles\r71i7t1d.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : E:\Documents and Settings\Mohammed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "path": "E:\\Documents and Settings\\Mohammed\\Local Settings\\Application Data\\Unity\\Web[...]

*************************

AdwCleaner[S1].txt - [10081 octets] - [22/08/2012 17:35:10]

########## EOF - E:\AdwCleaner[S1].txt - [10210 octets] ##########

#8 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 22 August 2012 - 05:11 PM

So after disabling everything except for avast and running TFC, my computer is a tad faster but there's that one svchost that's STILL using a lot of memory & CPU usage... And in the Auton Runs program, I found no "file not found"

#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:58 AM

Posted 22 August 2012 - 05:39 PM

Have you seen this tutorial for potential tips or additional information: How to determine what services are running under a SVCHOST.EXE process.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#10 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 27 August 2012 - 08:19 PM

EDIT: The svchost (PID 1104 atm)that has the issues has these processes running in the image below:



Posted Image

Edited by The Gyro39, 27 August 2012 - 08:30 PM.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,272 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:58 AM

Posted 28 August 2012 - 09:11 AM

FWIW: http://www.techsupportforum.com/forums/f217/solved-svchost-exe-unusual-activity-superfetch-471157.html

Louis

#12 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 04 September 2012 - 03:15 PM

I couldn't find a Prefetch service under that troubling svchost.

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,272 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:58 AM

Posted 04 September 2012 - 08:09 PM

You did as suggested by jcgriff in the link I provided?

"SysInternals Process Explorer by Mark Russinovich, Microsoft TechNet -- Nice!

The svchost is question - PID = 1104
- 102 MB = screenshot #1
- 144 MB = screenshot #2

Hover the mouse over the svchost in Process Explorer and you should see the list of system services appear like this -
"

Louis

Edited by hamluis, 04 September 2012 - 08:11 PM.


#14 The Gyro39

The Gyro39
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 06 September 2012 - 03:46 PM

Yes I did

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,272 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:58 AM

Posted 06 September 2012 - 05:37 PM

I have no idea what's going on...let's see what others here think.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users