Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: Svchost.exe high memory usage


(!)

cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
16-Apr-2008, 02:41 AM #1
Solved: Svchost.exe high memory usage
I have recently become annoyed at the high memory usage of the svchost.exe process. I have 8 of these services running at the moment. I havent had reason to complain until recently when they seem to be using more memory than necessary. I might just be over reacting here but perhaps someone can verify it for me. I have included a hijackthis log at the bottom.
my system is running WindowsXP SP2, Asus K8VSE deluxe, Athlon 64 3200, 1.75 GB RAM, updated via drivers and windows updates (except one that just came in and I havent done yet).
These just seem like too much memory for these. I have check at blackviper and didnt really see a lot of things I could turn off. I could be wrong though.


svchost.exe Username: system mem usage: 33, 240 k
- DCOM server process launcher
- terminal services

svchost.exe Username: network service mem usage: 28,828 k
- remote procedure call

svchost.exe Username: system mem usage: 74,020 k
- 18 services registered to this process.

svchost.exe Username: network service mem usage: 25,776 k
- dns client

svchost.exe Username: local service mem usage: 36,832 k
- alerter
- tcp/ip netbios helper
- ssdp discovery service
- universal plug and play device host
- webclient

svchost.exe Username: system mem usage: 30,988 k
- windows image acquisition

svchost.exe Username: system mem usage: 50,436 k
-automatic updates

svchost.exe Username: system mem usage: 27,060 k
- http ssl


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:57 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
G:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
G:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Canon\CAL\CALMAIN.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\PROGRA~1\McAfee.com\Agent\mcagent.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\system32\ctfmon.exe
G:\Program Files\RealVNC\VNC4.2\winvnc4.exe
G:\Program Files\FlashGet\flashget.exe
F:\WINDOWS\system32\taskmgr.exe
Q:\ProcessExplorerNt\procexp.exe
Q:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OutpostMonitor] G:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - G:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126128245015
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "G:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: g:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: Notadpol - {46DB9B18-6350-475F-9038-9E0D59B2A077} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0136681207900384) (0136681207900384mcinstcleanup) - McAfee, Inc. - F:\WINDOWS\TEMP\013668~1.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - G:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - F:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: HDDlife HDD Access service - BinarySense, Ltd. - G:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - f:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - F:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - G:\Program Files\RealVNC\VNC4.2\winvnc4.exe

--
End of file - 11340 bytes
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
06-May-2008, 11:11 AM #2
still getting this problem. any suggestions?
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
10-May-2008, 05:57 PM #3
last bump before i give up.
raybro's Avatar
raybro   (Ray) raybro is offline raybro has a Profile Picture
Computer Specs
Member with 5,811 posts.
 
Join Date: Apr 2003
Location: Santa Barbara, CA USofA
Experience: Advanced
10-May-2008, 07:42 PM #4
NEVER GIVE UP!!! Take a look at this thread started by yours truly. Not exactly the same problem, but you may find the thread helpful. Particularly, the link provided for Process Explorer. The little utility provided some insight to the question I had.

BTW... The memory usage you show does seem somewhat excessive. I looked at mine again and still have 7 incidents of svchost running. Memory usage is no where near what yours is. Most are in the range of 2K to 4K with one at 24K. Of course, that's not a very compeling arguement and only a sample of one

Raybro
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
10-May-2008, 08:22 PM #5
Thanks for the reply raybro. I have process explorer and used it to figure out what services were running and verified they were all valid services running under svchost.exe. To add to this, a reboot and check of the svchosts shows they are running at "normal" memory usage immediately after login. So something must be occurring to make them use more memory.
raybro's Avatar
raybro   (Ray) raybro is offline raybro has a Profile Picture
Computer Specs
Member with 5,811 posts.
 
Join Date: Apr 2003
Location: Santa Barbara, CA USofA
Experience: Advanced
10-May-2008, 09:35 PM #6
I'm no expert on system files, but if you get no further constructive input on this thread, I suggest you go to the M$ Knowledge Base and run a search there regarding svchost.exe and see what you can find that may apply to your situation.

Good Luck... Raybro
jasaiyajin's Avatar
jasaiyajin jasaiyajin is offline jasaiyajin has a Profile Picture
Member with 230 posts.
 
Join Date: Mar 2008
Experience: Intermediate
10-May-2008, 11:20 PM #7
Could the problem be McAfee related? Try running your system after removing software one by one and looking at the memory consumption.

In process explorer, there's a physical memory section and a virtual memory section that pertains to each running process. Could you list an example for us of virtual and physical memory consumption for a single running svchost with it's services?
oshwyn5's Avatar
oshwyn5 oshwyn5 is offline
Senior Member with 730 posts.
 
Join Date: May 2007
Experience: Advanced
11-May-2008, 11:59 AM #8
Some background on SVCHOST and possible causes
Okay lets start with a simple explanation of SVCHOST , what it does and why you have so many. Just as a dll (dynamic link library) is a program (not an application) which does a specific task as part of a larger application but can be run all by itself by the application rundll32.exe (or dllhost.exe) ; a service is a component of a larger application which cannot run itself, but it can be run by the windows service host svchost.exe even if the application in question (the one which installed and created this service) is not running.
In windows XP the registry is built from scratch each time your computer boots from several files called hives. The exact number varies depending on your configuration , but generally speaking there are at least five one for each section in the registry. Now each time during the construction of the registry when any services are loaded, if their supporting application is not running an instance of svchost.exe is launched to host them. Each instance of svchost.exe can host many different services.

So, having eight instances of svchost.exe running is not unusual or bad.
As you have found out you can see that they are running , to some extent what launched them (the system account, network account, your user account....) and how much cpu usage they have in Task manager.
Process Explorer and CodeStuff Starter both allow you to get more information as to the specific services running under each svchost entry, although this information is often of little use and overwhelming to the average user. None the less, it is worth installing one of these to have a closer look.

If you go to start/ run and type services.msc and hit enter you can see many of the services which are installed and their status. Do not mess around in here unless told to do so. There are guides like Black Vipers
to aid in tweaking these, but the default settings are adequate.
http://www.blackviper.com/WinXP/servicecfg.htm

Now as to what causes high CPU usage by svchost.exe.
In my experience; the most common cause on a properly maintained machine is a problem with an automatic updater. Windows update, and most antivirus or internet security suites run their updaters as services.
Often if there is a problem, the automatic updater service just keeps running full throttle. The simple solution in most cases is to disable automatic updates for windows (control panel / security center/ manage settings for / automatic updates => turn off.) and your antivirus/ internet security suite (inside the application itself.).
If this solves it, the next step is to manually go to the windows update site for windows updates and get all the critical updates one at a time. I also recommend checking the custom/ recommended software updates to see if anything like the .net framework which may be required by other applications are not up to date as this can cause the problem too.
Repeat for your antivirus ,manually run the antivirus updater and again get updates one at a time. This may require many runs of the updaters, but it will identify if one is out of sequence and jamming the update process (if it fails to download / install proceed to the next and then come back for that one).
Once all updates are installed and you have restarted, return the updaters to automatic status and see if the problem is solved.


The second most common cause of this problem that I encounter is when someone disables an application improperly. They use MSCONFIG and do not realize that they are disabling the startup entry for the applicaiton, but not its service entries. The services are loading and searching for another component which is not running, so they keep checking. Proper management of applications is a must in the XP and Vista environment. Sure many people still disable things with MSCONFIG and have no problems but this is not safe.
If you have been using MSConfig as a startup manager please read this.
http://forums.majorgeeks.com/showthread.php?t=149804
http://support.microsoft.com/kb/310560


The third most common cause I see is an improper / incomplete uninstall of an application which leaves behind a service entry after the application is removed.
I see two of these in your HJT log
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

You should go to start / run and type services.msc
hit enter
Locate Eset HTTP Server
Double click it to open its options, click stop service if it is running , change startup behavior to disabled.
Repeat for Eset Service

Go to start / run and type
sc delete EhttpSrv
hit enter
type
sc delete ekrn
hit enter
(Or you may do this in the command prompt window if you want to- go to start/ run and type cmd and hit enter. Type the sc commands in the black box and hit enter after each)

Restart your computer and run hijackthis and those two entries should be gone.



The fourth most likely cause is a virtual drive (like Alcohol 120% ) which is running as a service. Sometimes these develop problems over time sometimes they just are not properly compatible with your hardware configuration. So you may want to try disabling the virtual drive (burn its contents first if there is anything mounted)



I will leave it to a malware guy to tell you what to do with this.
O21 - SSODL: Notadpol - {46DB9B18-6350-475F-9038-9E0D59B2A077} - (no file)
It appears to be a leftover ShellServiceObjectDelayLoad entry which is not on any of the master databases of approved applications. This means it is most likely a leftover from an incomplete cleaning of malware. Did you have one of the smitfraud infections recently ? Anything popping up warnings about your being infected and prompting you to buy a removal product?



However this is something you can deal with now
F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
This is a very old version of java runtime environment with over 300 security exploits. Please go to control panel => add/remove programs and uninstall all versions of java and java runtime environment listed. Best to start with the oldest.
When done please go to one of these sites and get one of the latest versions 1.6.0_05 or 1.6.0_06
http://majorgeeks.com/Sun_Java_Runti...ent_d4648.html
http://www.java.com/en/download/index.jsp
It may also be worth running the secunia online software inspector scanner
http://secunia.com/software_inspector/
to see if you have any other software with major security holes.

Finally
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Unless you are a web page designer or software author (VBS or java) no need to have this running.
Please go to Internet Explorer => Tools => Internet Options => advanced=> browsing
Check "Disable script debugging Internet Explorer"
Check "Disable script debugging other"
Uncheck "notify me of every script error"

Apply and restart.
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
11-May-2008, 10:51 PM #9
Quote:
Originally Posted by oshwyn5 View Post
Okay lets start with a simple explanation of SVCHOST , what it does and why you have so many.
Great explanation and thanks for the time it took.



Quote:
Originally Posted by oshwyn5 View Post
In my experience; the most common cause on a properly maintained machine is a problem with an automatic updater. Windows update, and most antivirus or internet security suites run their updaters as services.
Often if there is a problem, the automatic updater service just keeps running full throttle. The simple solution in most cases is to disable automatic updates for windows (control panel / security center/ manage settings for / automatic updates => turn off.) and your antivirus/ internet security suite (inside the application itself.).
If this solves it, the next step is to manually go to the windows update site for windows updates and get all the critical updates one at a time. I also recommend checking the custom/ recommended software updates to see if anything like the .net framework which may be required by other applications are not up to date as this can cause the problem too.
Repeat for your antivirus ,manually run the antivirus updater and again get updates one at a time. This may require many runs of the updaters, but it will identify if one is out of sequence and jamming the update process (if it fails to download / install proceed to the next and then come back for that one).
Once all updates are installed and you have restarted, return the updaters to automatic status and see if the problem is solved.
I originally thought the windows updates were causing this as well. I had an update that wouldnt install for some reason, and still wont. I thought the update was constantly running then and causing it. Disabling it didnt help as I disabled it awhile back. the one that wont install is Security Update for Windows XP (KB944338).



Quote:
Originally Posted by oshwyn5 View Post
The third most common cause I see is an improper / incomplete uninstall of an application which leaves behind a service entry after the application is removed.
I see two of these in your HJT log
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
I thought i had uninstalled this. Dumb mistake on my part! A couple days ago i went back and looked and uninstalled it. the services are gone now as well.

Quote:
Originally Posted by oshwyn5 View Post
The fourth most likely cause is a virtual drive (like Alcohol 120% ) which is running as a service. Sometimes these develop problems over time sometimes they just are not properly compatible with your hardware configuration. So you may want to try disabling the virtual drive (burn its contents first if there is anything mounted)
Done.


Quote:
Originally Posted by oshwyn5 View Post
I will leave it to a malware guy to tell you what to do with this.
O21 - SSODL: Notadpol - {46DB9B18-6350-475F-9038-9E0D59B2A077} - (no file)
It appears to be a leftover ShellServiceObjectDelayLoad entry which is not on any of the master databases of approved applications. This means it is most likely a leftover from an incomplete cleaning of malware. Did you have one of the smitfraud infections recently ? Anything popping up warnings about your being infected and prompting you to buy a removal product?
I dont know what that is either and it is hard to find information on. I have not had an infection recently at all. No warnings about spyware infections or anything.
Another I am curious about is this one...O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - F:\Program Files\WinPcap\rpcapd.exe
I am not sure what it is.


Quote:
Originally Posted by oshwyn5 View Post
However this is something you can deal with now
F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
This is a very old version of java runtime environment with over 300 security exploits. Please go to control panel => add/remove programs and uninstall all versions of java and java runtime environment listed. Best to start with the oldest.
When done please go to one of these sites and get one of the latest versions 1.6.0_05 or 1.6.0_06
http://majorgeeks.com/Sun_Java_Runti...ent_d4648.html
http://www.java.com/en/download/index.jsp
It may also be worth running the secunia online software inspector scanner
http://secunia.com/software_inspector/
to see if you have any other software with major security holes.
Removed and installed updated version.

Quote:
Originally Posted by oshwyn5 View Post
Finally
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Unless you are a web page designer or software author (VBS or java) no need to have this running.
Please go to Internet Explorer => Tools => Internet Options => advanced=> browsing
Check "Disable script debugging Internet Explorer"
Check "Disable script debugging other"
Uncheck "notify me of every script error"

Apply and restart.

Done.
Here is an updated hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:35 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\Program Files\Canon\CAL\CALMAIN.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\McAfee.com\Agent\mcagent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Q:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OutpostMonitor] G:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - F:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - G:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210471143602
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: g:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: Notadpol - {46DB9B18-6350-475F-9038-9E0D59B2A077} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - G:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - F:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: HDDlife HDD Access service - Unknown owner - G:\Program Files\BinarySense\HDDlife 3\hldasvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - f:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - F:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - G:\Program Files\RealVNC\VNC4.2\winvnc4.exe

--
End of file - 10361 bytes

Last edited by cosmokramer; 11-May-2008 at 11:47 PM.. Reason: added hijackthis log
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
11-May-2008, 10:56 PM #10
Quote:
Originally Posted by jasaiyajin View Post
Could the problem be McAfee related? Try running your system after removing software one by one and looking at the memory consumption.

In process explorer, there's a physical memory section and a virtual memory section that pertains to each running process. Could you list an example for us of virtual and physical memory consumption for a single running svchost with it's services?

For example:

svchost.exe - alerter, lmhosts, ssdpsrv, webclient
Virtual memory- Private bytes - 5, 180 K
virtual size- 42, 064 K

Physical memory:
working set- 33,380 K
WS private: 4,692 K
WS Shareable : 28688K
WS Shared: 28,380 K
Peak working set - 33920 K
jasaiyajin's Avatar
jasaiyajin jasaiyajin is offline jasaiyajin has a Profile Picture
Member with 230 posts.
 
Join Date: Mar 2008
Experience: Intermediate
12-May-2008, 05:42 PM #11
To confirm, I will need to know how every service is starting, may I have the txt output from your C: drive after running this command:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

In the meanwhile, you can try removing anything McAfee related as a test and running your system. Put it back if you really need it, but it looks like a resource hog to me.

It may also be beneficial to look into a Security Task Manager http://www.neuber.com/taskmanager/
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
15-May-2008, 08:26 PM #12
Quote:
Originally Posted by jasaiyajin View Post
To confirm, I will need to know how every service is starting, may I have the txt output from your C: drive after running this command:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid

In the meanwhile, you can try removing anything McAfee related as a test and running your system. Put it back if you really need it, but it looks like a resource hog to me.

It may also be beneficial to look into a Security Task Manager http://www.neuber.com/taskmanager/
Caption CommandLine ProcessId
System Idle Process 0
System 4
smss.exe \SystemRoot\System32\smss.exe 928
csrss.exe F:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 988
winlogon.exe winlogon.exe 1024
services.exe F:\WINDOWS\system32\services.exe 1068
lsass.exe F:\WINDOWS\system32\lsass.exe 1080
ati2evxx.exe F:\WINDOWS\system32\Ati2evxx.exe 1244
svchost.exe F:\WINDOWS\system32\svchost -k DcomLaunch 1264
svchost.exe F:\WINDOWS\system32\svchost -k rpcss 1380
svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs 1492
svchost.exe F:\WINDOWS\system32\svchost.exe -k NetworkService 1576
ati2evxx.exe Ati2evxx.exe -Client 1604
svchost.exe F:\WINDOWS\system32\svchost.exe -k LocalService 1740
aawservice.exe "G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" 1768
spoolsv.exe F:\WINDOWS\system32\spoolsv.exe 1916
schedul2.exe "F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" 2032
acs.exe 332
DkService.exe "F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" 456
mcmscsvc.exe F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 752
McNASvc.exe "f:\program files\common files\mcafee\mna\mcnasvc.exe" 844
McProxy.exe f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 924
Mcshield.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 992
MDM.EXE "F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" 1548
StarWindServiceAE.exe "G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" 1728
svchost.exe F:\WINDOWS\system32\svchost.exe -k imgsvc 2008
ULCDRSvr.exe "F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" 2096 wmiapsrv.exe F:\WINDOWS\system32\wbem\wmiapsrv.exe 2260
CALMAIN.exe "F:\Program Files\Canon\CAL\CALMAIN.exe" 2368
svchost.exe F:\WINDOWS\System32\svchost.exe -k HTTPFilter 3224
mcsysmon.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 432
mcagent.exe F:\PROGRA~1\McAfee.com\Agent\mcagent.exe -Embedding 3816
explorer.exe F:\WINDOWS\Explorer.EXE 3680
op_mon.exe 1328
jusched.exe "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" 2808
ctfmon.exe "F:\WINDOWS\system32\ctfmon.exe" 1480
flashget.exe "G:\Program Files\FlashGet\flashget.exe" 708
firefox.exe "G:\Program Files\Mozilla Firefox\firefox.exe" 3372
wmic.exe "F:\WINDOWS\System32\Wbem\WMIC.exe" /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid 3448
wmiprvse.exe F:\WINDOWS\system32\wbem\wmiprvse.exe 2200
jasaiyajin's Avatar
jasaiyajin jasaiyajin is offline jasaiyajin has a Profile Picture
Member with 230 posts.
 
Join Date: Mar 2008
Experience: Intermediate
26-May-2008, 10:53 PM #13
Remove everything mcafee, check svchost mem usage then report your findings here.
cosmokramer's Avatar
cosmokramer cosmokramer is offline
Junior Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2007
27-May-2008, 12:11 AM #14
I since I posted my last reply, I have removed Mcafee. I have not had the high memory usage on svchost.exe since removing Mcafee. Have to say that I never expected it to be Mcafee because I have used it for a long time without issue. Makes me wonder if I did something to cause this.
At any rate we can mark this solved in my opinion.
thanks to all for your help.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑