Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost process takes off until memory is near maxed out


  • Please log in to reply
14 replies to this topic

#1 helpful55

helpful55

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 September 2015 - 03:46 AM

I have a really strange one here that I hope you can help me with. I just bought this Dell M5110 laptop that has W7 64 bit. It seemed to be working ok and I went ahead and put all of the minor programs I want in it and I added AVG antivirus and Zone Alarm firewall. I had done some maintenance tasks also. I use downloads only from where I have gotten these before and am careful. The only thing that may be likely suspect is a program called OfficeAdRemover. I have uninstalled it but it may have left changes of course. Somewhere along the line it seemed to get kind of lame in its response. I thought wow I guess some of these programs I use must be slowing it up. Then when I tried to check and do windows update pretty soon I started getting processe(s) with max ram usage and it would nearly freeze up. Sometimes this starts right from startup, sometimes it takes opening a browser. Checking for windows updates always starts the svchost appetite.

 

I tried to find out why something in one of the svchost processes would go crazy and I also started doing virus/malware scans. Ultimately I came to the conclusion that it has contracted something as it is doing some of the really strange actions like erratic operation, no or slow response and even the internet connection being stopped at times.

 

Since the problem started I have run Malwarebytes scan, Superantispyware scan, AVG scan, ESETand MS security scanner, Adwcleaner, JRT, Rkill and TDSSKiller. Some things that seemed minor were found but nothing ever helped.

 

I have had two other groups look at this. One seemed to think that it was not infected and seemed upset that I had tried combofix several times with no results. I think that since this may not be an “easy” one they give up. The last “tech’s” statement was that it was a low power, small ram laptop and “it is inevitable to choke sometimes.” Running up the svchost to near freeze up when there is not even any browsers open and just sitting on the desktop doesn’t seem like “choking sometimes”. This acts exactly how other pc’s have acted with malware.

 

Do you have a scan or other investigations I can do to fix this? Thanks for any help.



BC AdBot (Login to Remove)

 


#2 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 September 2015 - 04:11 AM

One other idea I have is related to some kind of windows update process causing this. This pc shows no updates since Feb or 2014! The only thing that has happened is W update installed Windows Update Agent 7.6.7600.320 since I have started using it. I see people having a similar problem and it may be related to windows update and maybe even this update specifically.



#3 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 September 2015 - 04:13 AM

No option to uninstall it like the others listed in the history, so have to find a different way to do that if it may be the problem. Working on this.



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 21 September 2015 - 04:47 AM

Both AVG free and Zone Alarm free install adware. New computers often come with adware. Use the programs below to clean the computer and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 21 September 2015 - 05:07 AM

If the problem process is causing you a problem with running the above programs, then find the problem service under the process and disable it.

 

Check out the Process Explorer tool from Microsoft. The tool is completely free and gives you detailed information for each process currently running. Once you download it, just run the exe file as it does not have to be installed. Hover your mouse over the svchost process and you’ll get a popup showing you which services are running under that process.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 September 2015 - 12:31 AM

As I alluded to this may just be a problem with some kind of windows update service. I posted on this separately in the W7 forum as that would not be a malware issue but it may have been deleted here as I don’t see it. Anyway there are definitely people with this problem and in recent times. I just couldn’t figure out what to do and I want to be sure I am doing the right thing for that, so I may have to get some MS advice there.  The things this PC does are so goofy even when the svchost process is low or off it sure seems like some kind of malware though.

 

I was able to run these scans and run CCleaner which I regularly use anyway. I notice that things get the goofiest with flashing icons/screens when malware tools are involved like my AVG, etc. It was hard just to suspend the AVG protection. Also a notification popped up to update SpyBot and although I did that the notification is doing a strange fast flickering and won’t click off. The ESET said it found nothing and made no mention of a log. I am doing this post on my desktop and I will upload the logs from the laptop if it will even do that.

 

I had tried some kind of process tool, but it didn’t seem to help me with what to do. I’ll try what you recommend there.

 

I hope you won’t give up if this isn’t the easiest job.



#7 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 September 2015 - 12:46 AM

Here are those logs

 

MB:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/21/2015
Scan Time: 1:57 PM
Logfile: MB.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.21.07
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360154
Time Elapsed: 32 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0

 

AdwCleaner:

 

# AdwCleaner v5.008 - Logfile created 21/09/2015 at 14:38:41
# Updated 18/09/2015 by Xplode
# Database : 2015-09-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\SecTaskMan

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector

***** [ Web browsers ] *****

[-] [C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : r
[-] [C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1100 bytes] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dell on Mon 09/21/2015 at 14:49:24.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\PCDEventLauncher

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\windows\SysWOW64\sho258B.tmp

~~~ Folders

Successfully deleted: [Folder] C:\Users\Dell\AppData\Roaming\nico mak computing

~~~ Chrome

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Dell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/21/2015 at 15:22:20.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 22 September 2015 - 07:26 AM

Use Download Revo Uninstaller Freeware in Advanced Mode to uninstall Spybot S&D. It has long since lost its security pros favor. It

interferes with malware removal, too.

 

Please post the THREE lists using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 23 September 2015 - 04:09 AM

This pc will go through some kind of machinations like it is going to safe mode  then back after a start or restart. Now it is doing it randomly more.

 

Uninstalled spybot using revo in advanced mode.

 

I have restarted so I don't know why it still shows spybot in startups. I think I clicked all of the right options. Maybe it is just listed but has no components to run anything though. I had uninstalled offficeadremover in programs and features, but I see it is still listed in these startups. That program is what I have been suspicious of. Maybe it had some kind of malware riding on it. I didn't want to use revo on it unless you tell me to.

 

startups:

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

 

Yes    HKCU:Run    SpybotPostWindows10UpgradeReInstall    Safer-Networking Ltd.    "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

 

Yes    HKCU:Run    WinPatrol    Ruiware    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe

 

Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

 

No    HKLM:Run    QuickSet    Dell Inc.    C:\Program Files\Dell\QuickSet\QuickSet.exe

 

Yes    HKLM:Run    ZoneAlarm    Check Point Software Technologies Ltd.    "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

 

Yes    Startup Common    OfficeAdRemover.lnk        C:\Program Files (x86)\OfficeAdRemover\OfficeAdRemover.exe

 

scheduled tasks:

 

(empty file)

 

installed programs:

Adobe Acrobat Reader DC    Adobe Systems Incorporated    9/9/2015    186 MB    15.008.20082
Adobe Flash Player 18 NPAPI    Adobe Systems Incorporated    9/9/2015    17.8 MB    18.0.0.232
Adobe Flash Player 19 ActiveX    Adobe Systems Incorporated    9/23/2015    17.4 MB    19.0.0.185
Advanced Audio FX Engine    Creative Technology Ltd    12/12/2011        1.12.05
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    12/12/2011    22.6 MB    3.0.838.0
Auslogics DiskDefrag    Auslogics Labs Pty Ltd    9/9/2015    26.1 MB    6.0.2.0
AVG 2015    AVG Technologies    9/9/2015        2015.0.6140
Belarc Advisor 8.5a    Belarc Inc.    9/11/2015        8.5.1.0
CCleaner    Piriform    9/9/2015        5.09
Cozi    Cozi Group, Inc.    12/12/2011    2.18 MB    1.0.6505.38692
Dell DataSafe Local Backup    Dell    12/12/2011        9.4.47
Dell DataSafe Local Backup - Support Software    Dell    12/12/2011        
Dell DataSafe Online    Dell    12/12/2011    6.46 MB    2.1.19634
Dell Product Registration    Dell Inc.    12/12/2011    4.04 MB    1.1.3
Dell System Detect    Dell    9/21/2015        6.6.0.2
Dell Touchpad    ALPS ELECTRIC CO., LTD.    12/12/2011        7.1209.101.204
Dell Webcam Central    Creative Technology Ltd    12/12/2011        2.00.44
Dell WLAN and Bluetooth Client Installation    Dell Inc.    12/12/2011        9.0
ESET Online Scanner v3        9/21/2015        
Google Chrome    Google Inc.    4/24/2013        45.0.2454.93
HitmanPro 3.7    SurfRight B.V.    9/15/2015        3.7.9.245
IDT Audio    IDT    12/12/2011        1.0.6341.0
Java 8 Update 60    Oracle Corporation    9/9/2015    88.4 MB    8.0.600.27
Malwarebytes Anti-Malware version 2.1.8.1057    Malwarebytes Corporation    9/21/2015    64.5 MB    2.1.8.1057
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    12/12/2011    38.8 MB    4.0.30319
Microsoft .NET Framework 4 Extended    Microsoft Corporation    12/12/2011    51.9 MB    4.0.30319
Microsoft Office 2010    Microsoft Corporation    12/12/2011    6.31 MB    14.0.4763.1000
Microsoft Office Click-to-Run 2010    Microsoft Corporation    4/25/2013        14.0.4763.1000
Microsoft Office Starter 2010 - English    Microsoft Corporation    4/25/2013        14.0.4763.1000
Microsoft Silverlight    Microsoft Corporation    9/9/2015    149 MB    5.1.40728.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    4/26/2013    300 KB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    9/10/2015    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    9/10/2015    596 KB    9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319    Microsoft Corporation    12/12/2011    13.6 MB    10.0.30319
Mozilla Firefox 40.0.3 (x86 en-US)    Mozilla    9/9/2015    84.7 MB    40.0.3
Mozilla Maintenance Service    Mozilla    9/9/2015    233 KB    40.0.3
Quickset64    Dell Inc.    12/12/2011    6.82 MB    10.09.22
Realtek Ethernet Controller Driver    Realtek    12/12/2011        7.48.823.2011
Realtek USB 2.0 Card Reader    Realtek Semiconductor Corp.    12/12/2011        6.1.7600.30127
Security Task Manager 2.1d    Neuber Software    9/19/2015        2.1d
Sophos Virus Removal Tool    Sophos Limited    9/12/2015    134 MB    2.5.4
SUPERAntiSpyware    SUPERAntiSpyware.com    9/9/2015    54.6 MB    6.0.1204
Visual Studio 2012 x64 Redistributables    AVG Technologies    9/9/2015    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    9/9/2015    10.5 MB    14.0.0.1
WinPatrol    Ruiware    9/10/2015    3.06 MB    33.6.2015.18
ZoneAlarm Free Firewall    Check Point    9/10/2015    75.0 MB    14.0.508.000

 


Edited by helpful55, 23 September 2015 - 04:10 AM.


#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 23 September 2015 - 05:34 AM

Disable these Startups: Use CCleaner by clicking on each item to highlight and then on the right choose Disable, Remove or Uninstall.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    SpybotPostWindows10UpgradeReInstall    Safer-Networking Ltd.    "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

(Remove the Spybot entry...not just Disable)

 

Yes    Startup Common    OfficeAdRemover.lnk        C:\Program Files (x86)\OfficeAdRemover\OfficeAdRemover.e (Remove...not just Disable)

 

EDIT: I just noticed that Office 10 was installed BEFORE Office Starter according to the dates given above. Do you have an explanation for why

that is?

 

Uninstall these programs:

Dell System Detect    Dell    9/21/2015        6.6.0.2 ( according to the web this program is vulnerable to malware if left installed)

Security Task Manager 2.1d    Neuber Software    9/19/2015        2.1d 

Sophos Virus Removal Tool    Sophos Limited    9/12/2015    134 MB    2.5.4

 

Any luck using Process Explorer?

 

After doing the above and removing some adware has the computer improved any in performance?


Edited by buddy215, 23 September 2015 - 05:42 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 23 September 2015 - 05:44 PM

After disabling those startups it took about 1 minute to shut down and about a minute and a half to desktop and net connection. firefox opened up pretty easily. That is about what I consider normal. But still the process going up happens.

 

I used produkey and it looks like this pc had office 2007 installed at the same time it was given its knowledge to perform in late 2011. Now it also has the office 2010 starter. I don't see a way to start office 2007. I could possibly ask the previous owner what he knows, but I think that is what he said when i was looking at it.

 

After removing the three programs I have the same shut down and start times. PC seems pretty normal in operations, other than the svchost process still starting and going up and up which of course then nearly freezes it up. Thankfully it seems to leave just enough ram so I can end that process rather than having to restart the whole thing.

 

Here is what all are listed under the wild svchost process as it is going nuts right now as I type (on my desktop).

Command Line:

C;\windows\system32\svchost.exe -k netsvcs

Path:

C:\Windows\System32\svchost.exe (netsvcs)

Services:

Application Experience [AeLookupSvc]

Background Intelligent Transfer Service [BITS]

Computer Browser [Browser]

Extensible Authentication Protocol [EapHost]

Group Policy Client [gpsvc]

IKE and AuthIP IPsec Keying Modules [IKEEXT]

IP Helper [iphlpsvc]

Remote Access Connection Manager [RasMan]

System Event Notification Manager [SENS]

Server [LanmanServer]

Secondary Logon [seclogon]

Themes [Themes]

Task Scheduler [Schedule]

User Profile Service [ProfSvc]

Windows Update [wuauserv]

Windows Management Instrumentation [Winmgmt]

 

After I stopped the svchost process several of these processes, including the windows update, were not running as the process memory stayed steady without climbing. I went ahead and checked for winupdates and of course it then went wild.

 

There were a couple other things that seemed sub under this svchost process, but they had listings for memory usage and they just a few thousand kbytes.

taskeng.exe, and GoogleUpdate.exe (both said error opening), 

 

I didn't see, but is there a way to break down what each of those is doing for memory usage?

 

I am still suspicious of the windows update service problem like you can find on the web. I mentioned that in my early posts. Do you know what to do there exactly or do you want me to contact MS to get straight what to do with that before we attempt more or give up?



#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 23 September 2015 - 07:57 PM

First, try the FixIt tool.

To run a Windows Update troubleshooter
  1. Click this button:

     

    15ad0d89-8be7-4885-80c5-77c64a7460e6_0.jFix this problem
  2. In the File Download dialog box, click Run, and then follow the steps in the wizard.

  3. Open Windows Update, and try to install the update again.

 

If that doesn't solve the problem, then use Windows Repair (All In One) Download

Windows Repair is a utility that contains numerous mini-fixes for Windows.  This tool will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.  This tool also comes in a portable version that allows you to use the program from a portable device such as a USB flash drive.

Run the repairs below:

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Repair Internet Explorer
  • Repair MDAC & MS Jet
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Icons
  • Repair Winsock & DNS Cache
  • Remove Temp Files
  • Repair Proxy Settings
  • Unhide Non System Files
  • Repair Windows Updates

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 23 September 2015 - 08:10 PM

Verify you are using genuine Windows 7 by following one or more of the ways described in the link below.

How to Check if Windows 7 is Genuine?

 

You can do that before or after running the repairs in post above.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 helpful55

helpful55
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 September 2015 - 07:10 AM

I'm  done with this. I have spent 8 hours at this point today. I am not going to keep up with this. It has all become surreal. I'll find a way myself to fix this. Thanks for what you have done.



#15 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:11 PM

Posted 24 September 2015 - 07:37 AM

There is always reinstall of Windows. A sure cure for software problems. Just backup whatever documents you want to save to a flash drive or other external

drive and do a clean install of Windows. Either using what is in the recovery partition now if possible or getting a fresh installable copy of Windows using your

25 digit product key. Windows 7

 

EDIT: How to Find Your Lost Windows or Office Product Keys


Edited by buddy215, 24 September 2015 - 08:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users