high memory usage in one svchost.exe process

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jpksampath

Thread Starter
Joined
Jan 18, 2013
Messages
3
Hi Experts,
I have encountered a very high memory usage in one svchost.exe process on my win 7 64-bit. Attached screen shots of process associated with it. Some times it goes up about 300Mb too.

er1.png

er2.png

I have tried several suggestions already available for this issue. But No luck :( .
I've tried by updating Windows (ref), scanning PC by TREND officescan.
Also when I tried with only
with Microsoft Services using Selective Startup option in msconfig as suggested here, issue remains same. (With that can I conclude that it is related with malware?)

Also need to note that the WLAN AutoConfig service (wlansvc) associated with that svchost.exe make sense as I've encountered some problem uninstalling wireless router software.I feel that that has not been properly uninstalled. But I dont have any idea how to check/or rectify it.

HJT log is also attached.

View attachment hijackthis.log

Your response is highly appreciated.
Thanks
Rgrds,
SAM
 
Joined
Dec 28, 2004
Messages
8,256
Dear Sam:


Please provide the following:
brand, model & model # of your computer, or its motherboard
brand, model & model # of: CPU, ram / memory, video card; hard disk drive [ HDD ]
Capacity of HDD; amount of free space on C: partition; size of C: partition
antimalware program [ s ] installed on your computer
date of problem onset
activities in which computer is engaged when problem occurs

I have tried several suggestions already available for this issue
Good that you have tried on your own, but we need more information.

Can you relate the problem onset to:
installation or removal of a program or hardware;
update of W7 or a program such as your antimalware program [ s ]
Check Windows updates [ control panel; upper right, view by large icons; open Windows Updates; on the left look for Update History ]

In event viewer, go to the most recent error. Open it by double left clicking on it.
On the right, you will see a button with 2 pieces of paper. Hover over it. A message such as "copy to clipboard" will appear.
Left click the button.
Paste the results into Notepad
Repeat for each DIFFERENT error that is noted for the time of your computer's problem.

Copy that data from notepad
Paste it into a reply area at this thread.

Does the problem happen in safe mode?
Good job of using selective startup.

The more information that you provide, the sooner can we help you solve your problem.

Best of success.

edit:
Welcome to TGF.
Would you describe yourself as a beginning, intermediate or advanced computer use?

RF123
 

jpksampath

Thread Starter
Joined
Jan 18, 2013
Messages
3
Hi rainforest123,
Thanks for the prompt response,

brand, model & model # of your computer, or its motherboard
Acer Virtion 490M
brand, model & model # of: CPU, ram / memory, video card; hard disk drive [ HDD ]
Intel core i5 760, KIngton DDR3 (Dual Ch) (4)+(2+2)GB, Nvidia 1GB

Capacity of HDD; amount of free space on C: partition; size of C: partition
hdd- 500GB, free space of C: 106 GB of 220GB

antimalware program [ s ] installed on your computer
Officescan
Mcfee security scan plus -Uninstalled ( as it was suggested some where)
date of problem onset
two weeks back. I noticed it after uninstallation of a wireless router software. (It prompted some error during uninstallation process, but I ignored :( ) Also restored the system to a date before the installation of this router SW.

I tried updating Win 7 but no luck.

In event viewer
The Event log is attached.
Some Recent errors
Code:
[LIST]
[*]Error    Service Control Manager    7009    None - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
[/LIST]

[LIST]
[*]Error    DistributedCOM    10005    None -DCOM got error "1053" attempting to start the service ehRecvr with arguments "-Service" in order to run the server:
[/LIST]
Above two errors were there for a long time(since September 2012 :eek:). Even before I noticed this issue. But these errors has quite high occurrence rate and I'm bit worried.

Following Errors seems to be after causing this issue.
Code:
[LIST]
[*]Error    26/12/2012 13:28:48 PM    Dhcp-Client    1001    Address Configuration State Event - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x3085A937B6AA.  The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server
[*]Error    26/12/2012 13:26:25 PM    Application Error    1000    (100)-Faulting application name: RaUI.exe, version: 1.0.0.5, time stamp: 0x4fd952ff Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
[*]Error    26/12/2012 13:04:02 PM    ESENT    623    Transaction Manager -wuaueng.dll (1020) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
[*]Error    26/12/2012 12:58:55 PM    Kernel-EventTracing    2    Session - Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035
[*]Error    26/12/2012 14:10:35 PM    TermDD    50    None -The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
[*]Error    15/1/2013 17:03:28 PM    AnsoftRSMService    256    None -The IP address for this machine is resolved to a loopback address 'x.x.x.x'. Ansoft RSM Service will not be able to respond to remote analysis requests with this address. Shutting down.
[/LIST]
Note.- My Network connection is DHCP enabled. It seems to be some issue with Network configuration. I don't have any idea about how to proceed.
Does the problem happen in safe mode?
I will let you know the result as I am remotely logged in now.
Would you describe yourself as a beginning
Sorry. I should have done it at the beginning. :) I am in Electronic engineering. Advance user of tools like Matlab, Ansoft, Cadence etc. Not much knowledge in computer systems.
Thanks & Regards,
SAM
 

Attachments

Joined
Dec 28, 2004
Messages
8,256
Thanks for providing the requested information.

I forgot to ask if the cpu, gpu or ram are over clocked. Are any over clocked?
If so, set the normal clocking.

Does your computer malfunction; perform without satisfaction? I am not trying to minimize your concerns. If it performs unsatisfactorily, other than the errors in the event viewer, please provide information about those problems. Information which will be useful:
date of problem onset
activities in which computer is engaged when problem occurs

Steps you have taken to try to fix the issue
Can you relate the problem onset to:
installation or removal of a program or hardware;
update of W7 or a program such as your antimalware program [ s ]
Check Windows updates [ control panel; upper right, view by large icons; open Windows Updates; on the left look for Update History ]

Please explain SW as in
before the installation of this router SW.
Software, probably.

Please provide more information re:
I tried updating Win 7 but no luck.
\
Does that have anything to do with your router?
Please provide router brand, model & model #.
Do you refer to an installation / config program? If you refer to something else, please elaborate.



Do you connect to a LAN, or the internet using wi fi or ethernet?
•Error 26/12/2012 13:28:48 PM Dhcp-Client 1001 Address Configuration State Event - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x3085A937B6AA. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server
is not important if you can connect to the internet.

Regarding Ansoft, do you recognize any of the products here?
http://www.ansys.com/Support/Platform+Support/Ansoft+Products+14.0
To be honest with you, I am unfamiliar with the company's products.

RE: RAUI.exe
http://www.pcpitstop.com/libraries/process/i/RaUI.exe.html

Is this the router software to which you refer?
http://www.ralinktech.com/en/

RE: ehrecvr
http://www.neuber.com/taskmanager/process/ehrecvr.exe.html
Do you use it?

My Network connection is DHCP enabled. It seems to be some issue with Network configuration. I don't have any idea about how to proceed.
TGF has a networking forum. As long as you can connect to the internet, I suggest that you focus on the other issues, at the moment. Then, you can ask a moderator to transfer this thread, or you can create a new thread, AFTER the other issues in this thread have been addressed. DO NOT begin a separate thread at this time.

How many computers are on your LAN?

RF123
 

jpksampath

Thread Starter
Joined
Jan 18, 2013
Messages
3
Hi thanks for the response,
Are any over clocked?
No nothing is overclocked.
Does your computer malfunction
No. It runs smoothly. But near 300MB of RAM cost me when I am running some simulations.
date of problem onset
I noticed it when I started my simulation which require more memory. So don't have exact idea about the date. I've noticed it 30th Dec 2012.
Please explain SW
Actually I must say the whole story with regards this wireless router installation. This PC is in an educational/research institute. Dedicated to me. But once, (26th Dec) a technician had tested his wireless router in this PC in my absence. So I dont know about the brand or model. When I came back I just uninstalled the software that he had installed. So I cant remember the software. :mad: ( i will try to contact this technician and know about it) I only can remember that some error saying "the hardware not plugged in" came out in uninstallation process and I just ignored.I noticed this memory problem after few days of this incident. So, I suspected this problem related to this router thing as WLAN AutoConfig service (wlansvc) was there in the associated services.
Steps you have taken

Selective Startup only with Microsoft Services.
Uninstalled Mcfee security scan plus.
System restore to a date before installation of this wireless router software.
Windows update. (using automatic update. There were 64 components installed)
Also tried manually stopping the WLAN AutoConfig service.
Do you connect to a LAN, or the internet using wi fi or ethernet?
Yes. I am in a LAN which contains many number of PCs (around 1000) and it connects to the internet through ethernet (no wifi).

Well jugged! Yes that should be the software. This error could be the one i got during the uninstallation.
RE: ehrecvr Do you use it?
No I have never used TV Reciever or any thing related to that. But I just noticed that this ehrecvr error was there even before I started using this PC. May be the one who used this pC before me could have used. but don't know.
What could be the reason for this error below? it is continuously occurring.
Code:
Error    Service Control Manager    7009    None - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
can you pls tell me how to get rid of these errors in event viewer?Thanks for the information and concern. I've never used event viewer before. It is really helpful.
hope some experts will help me regarding the HJT log as well.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,608
If the PC belongs to an educational/research institute then it must have been set up and supported by their IT Department. It would be best that we don't interfere with that and let your IT Department take care of it. :)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,608
Since there's nothing more we can do here, I'm closing this thread.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top