Computer Hope
Microsoft => Microsoft Windows => Windows Vista and 7 => Topic started by: paudashlake on March 01, 2009, 01:30:29 PM
-
I just bought Vista Ultimate this morning. Installed just fine. With one problem.... Even idle, it is always using at least 25% cpu. The program using it is always different. But most of the time is it svchost. Any idears?
by the way, i have an amd phenom quad core 2.3ghx, so it should be using much less.
-
::) ::)
http://www.technibble.com/how-to-fix-svchost-using-100-cpu-memory-leak/ (http://www.technibble.com/how-to-fix-svchost-using-100-cpu-memory-leak/)
-
Well, that says for xp only. I have vista. :-\
-
All I could find was something about uninstalling your antivirus
doubt this will help but w/e
http://www.somelifeblog.com/2007/05/windows-xp-svchostexe-100-cpu-high.html (http://www.somelifeblog.com/2007/05/windows-xp-svchostexe-100-cpu-high.html)
-
Clean install, or upgrade?
Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")
- security programs in use (antivirus, firewall)
-
Did you put your mouse over the spec thing
-
Clean install.
amd phenom 9600 quad core 2.3ghz
4.00gb ram
431 of 465gb hdd space is free
Comodo firewall, avast antivirus, mbam, sbs@d
-
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download)
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:40 PM, on 2/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\GIGABYTE\I-Cool\icool.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4287 bytes
There you go.
-
I see nothing out of order.
Regarding Comodo...are you running firewall only, or a whole suite?
-
nope, just the firewall
-
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Process PID CPU Description Company Name
System Idle Process 0 64.18
Interrupts n/a Hardware Interrupts
DPCs n/a 0.38 Deferred Procedure Calls
System 4 0.38
smss.exe 528
csrss.exe 592
wininit.exe 628
services.exe 676
svchost.exe 900 16.23
svchost.exe 968
cmdagent.exe 1072
svchost.exe 1116
svchost.exe 1132
Ati2evxx.exe 1184
Ati2evxx.exe 1796
svchost.exe 1220 0.76
audiodg.exe 1440
svchost.exe 1288 10.57
dwm.exe 2212 0.76 Desktop Window Manager Microsoft Corporation
WUDFHost.exe 3144
svchost.exe 1304 0.76
taskeng.exe 2168 Task Scheduler Engine Microsoft Corporation
taskeng.exe 2436
wuauclt.exe 5376 Windows Update Automatic Updates Microsoft Corporation
SLsvc.exe 1548
svchost.exe 1652
aswUpdSv.exe 1960
ashServ.exe 2004
spoolsv.exe 1364
svchost.exe 1352
McSACore.exe 2708
rundll32.exe 2764
svchost.exe 2792
RichVideo.exe 2884
ashMaiSv.exe 3132
ashWebSv.exe 3180
svchost.exe 1452
VSSVC.exe 4536
svchost.exe 5312
TrustedInstaller.exe 3556
SearchIndexer.exe 1396 0.38
lsass.exe 688
lsm.exe 696
csrss.exe 640
winlogon.exe 812
explorer.exe 2332 2.27 Windows Explorer Microsoft Corporation
RtHDVCpl.exe 2728 HD Audio Control Panel Realtek Semiconductor
ashDisp.exe 520 avast! service GUI component ALWIL Software
aim6.exe 2088 AIM AOL LLC
aolsoftware.exe 1680 AOL AOL LLC
firefox.exe 4716 2.64 Firefox Mozilla Corporation
procexp.exe 5380 0.38 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MOM.exe 1256 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
CCC.exe 4072 Catalyst Control Centre: Host application ATI Technologies Inc.
ICool.exe 2836
HijackThis.exe 2404
notepad.exe 5584
there you go.
-
Can you attach .txt file?
It's easier to read columns in Notepad, then in your post.
-
yeah, sure.
[attachment deleted by admin]
-
Right click on two svchost.exe entries:
- svchost.exe 900 16.23
- svchost.exe 1288 10.57
(in bold are PID numbers)
Click Properties, then Services tab.
Can you post screenshots for both?
-
well, I could only find 1 of those. the 1288 one was not there.
[attachment deleted by admin]
-
No, no, I was talking about right clicking on svchost in Process Explorer.
-
oh im sorry
ill get right to that.
-
No problem :)
-
i still could not find the 1288
[attachment deleted by admin]
-
That's fine. 900 process was the main CPU taker. Nothing horrible, but still at 14%.
What do you have connected to your computer, beside monitor, keyboard, and mouse?
-
I have my webcam, speakers, internet(wired)
-
See, if same thing happens, if you.....
Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).
Click on Startup tab.
Click Disable all
Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.
Click OK.
Restart computer in Normal Mode.
NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.
-
okay i did that. Now what?
-
Same CPU usage?
-
still 59%
-
It's even more. Same svchost usage?
I'll be gone for couple of hours.
-
It sems to be the same. Not runing anything more than I was earlier.
Good night broni. We will pick this up tomorrow.
-
OK.
-
alright, so should I change the startup items back to the way they were originally?
-
Yes. Restart, and by that time I'll ask you to do something else.
-
Get Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Open it.
Go Filter>Filter...
Select Process Name from drop-down menu, type svchost.exe in the field.
Click Add, then OK.
(http://209.85.48.8/228/109/upload/p4320080.gif)
Go Edit>Clear Display.
From now on, only svchost.exe entries should be displayed.
Run the tool for a few minutes.
Click File>Save
Make sure, the settings read as below:
(http://209.85.48.8/228/109/upload/p4320084.gif)
Save the log to known location.
Zip it, and attach it to your next reply.
-
okay, every time i run this, it says I am out of memory. So I open task manager and it says i am using all 4gb of ram. What is this about? So when it says I don;t have enough memory, it shuts down.
-
Hmmmm....I have no clue.
Does it happen, when you try to open the program?
-
i can open the program just fine, but when it runs for a minute or so, it uses all 4gb of ram, says it is out of memory, then shuts down.
-
Are you able to set that filter thing?
If so, running it for a minute will give us a lot of info, if you're bale to save the log.
-
I am not able to save the log. When it tries to save, it loads it for a long time then craches
-
You know what?
Let's make sure....
Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Start new topic here: http://www.computerhope.com/forum/index.php/board,7.0.html
-
alright so you think it is a virus or something?
-
I don't know, but I want to eliminate that option.
-
When you post there, please, provide the link here.
-
here you go!
http://www.computerhope.com/forum/index.php/topic,78020.0.html (http://www.computerhope.com/forum/index.php/topic,78020.0.html)
-
I saw all your logs, and they're all clean.
I asked evil to lock that thread.
Very, very puzzling, sir.
I'd like to see one more log....
Download avz4.zip from here (http://z-oleg.com/avz4.zip)
- Unzip it to your desktop to a folder named avz4
- Double click on AVZ.exe to run it.
- Run an update by clicking the Auto Update button on the Right of the Log window: (http://rathat.geekstogo.com/images/AVZupdate.jpg)
- Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again- After the update, from the "File" menu, choose "Standard Scripts"
- Put a check next to item 2: Advanced System Investigation
- Click Execute selected scripts
- At the next prompt, click the OK button
- Let the scan run and click "OK" when the completion prompt pops up
- Now Close out of the Standard Scripts window, and exit AVZ
- Navigate to the avz4 folder and locate the folder LOG
- Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
- Attach the compressed file, virusinfo_syscheck.zip, to your next reply.
-
im sorry, could you repost that link? It is a little...well....messed up
-
Sorry for that....edited.
-
uhm why isnt anyhtingin english? it is in numbers and question marks
[attachment deleted by admin]
-
I have no idea. Bad download?
This is mine:
(http://209.85.48.8/228/109/upload/p4320361.gif)
-
It's like something is lurking on your computer.
Process Monitor didn't want to work, now this....
-
...or your fresh Vista installation didn't go smooth....
-
do you think i should reinstall again?
-
and ive tried to download all programs that didn't work for a second time and got the same results.
-
oh hey! I tried again and it worked correctly!
-
Cool.
-
now where do i navigate to find the log?
-
# Navigate to the avz4 folder and locate the folder LOG
# Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
# Attach the compressed file, virusinfo_syscheck.zip, to your next reply.
-
okay, uhm i think i got this right...
[attachment deleted by admin]
-
Well, if you can do anything with that, go ahead, but I think i need to pack it in for the night. I will be back in about 30 min if I posted the wrong file.
-
The file is good. I just checked. It takes a while, though, to go through it, so you have a good night. I'll check it out...
-
Unfortunately, I see completely nothing extraordinary.
-
Well then..any other ideas? I don't know what to do anymore!
-
Honestly, I'd try to reinstall Vista.
However, before you do that, I'd also...
Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287
Run memtest: http://www.techspot.com/vb/topic62524.html
-
alrighty, well then, I'll try a reinstalll. But there is a problem with that. When I try to run Dban, it loads the screen and I tell it what to do, but it freezes while "searching for the floppy". I don;t even have a floppy! And also, I cannot boot the Vista dvd without going into windows. I mean I tell my computer to boot form cd in the bios, but it never does. What do I do? What is happening?
-
As I said, something is not right.
Create those two bootable CDs, and see, if they'll boot.
I suspect some hardware problem.
-
well, the gpu fan sticks often. So I have to give it a small push. Alright, I'll be right back.
-
well, the gpu fan sticks often. So I have to give it a small push. Alright, I'll be right back.
This would have been usefull info...bout 4 pages ago.
-
HAha sorry. I neevr knew it would be a problem :'( :'(
-
Well, I have just come to an epiphaney or something. The one and olny time I have ever been able to boot from the cd is when I first installed xp. That was only in december. Could it be some incorrect settings?
-
I neevr knew it would be a problem
You owe me 5 bucks per page ;D
-
Wait...isn't this free computer help? ;D
-
In some extreme cases....no ::)
-
BTW, questions like that - $1.25 per question ;D
-
well, I'll make you a deal....I will force computeruler to cough up some giftcards if you will help me with this...
-
Compruler is pretty tough on those. I don't know.....
I'd start with replacing that sticking fan, or a whole card.
-
well, why do you think it won't boot cd's?
-
I have no idea, but may try another bootable CD, like memtest.
-
tried to do those tests...didn't work. Went through 6 cds. I did get vista to boot though. CLean install, of course. To no avail though. Still using a lot of cpu for nothing. What the heck! cCould it be something obvious, like a program that is running, but doesn't have to be?
-
I'm 100% sure, it's not software. We checked those back, and forth.
How come Vista DVD worked, and the other bootable CDs didn't.
Those test in this situation would be important.
Maybe, there is something wrong with your optical drive...
-
Well, sometimes it works. Could it be how I made the cds? Perhaps I didn't make them bootable. What program do you recommend and how can I be sure they will boot?
-
Let's say, memtest.
Downloaded file is zipped .iso file.
You unzip it, and you have an .iso file.
I use ImgBurn: http://www.imgburn.com/index.php?act=download to burn .iso file, and make the CD bootable.
-
Okay, well, I'll try that tomorrow. Also, it never acted up like this with xp. Should I just wait it out till windows 7 or what? We will pick this up tomorrow(sorry :-\)
-
No problem :)
-
your optical drive must be broken if that doesnt work. If you get another drive and that doesnt work then I blame your motherboard
-
It certainly is possible that your upgrade to Vista Ultimate could be causing a hardware conflict. Did you check to see if your hardware was compatible before upgrading? You stated you were running XP prior.
-
amd phenom 9600 quad core 2.3ghz
4.00gb ram
431 of 465gb hdd space is free
-
My bad...
-
It's OK. It's a loooooooooooooooong thread.
-
Well, in the vista upgrade advisor it said everything was compatible. Heres another small thought....Could it be an outdated driver?
-
Disconnect CD drive, and try again.
-
I'm sorry, what? I have found out that it is me causing the problem. I have been creating the cd's wrong. Because the xp and vista cds, which I didn't make work just fine. But most of the cds I have created recently don't work. This is my fault.
-
So, ow, you created right CDs?
-
well, I'm not sure. How can i be sure before I waste another cd?
-
let me crossloop with you and ill make the cd for you
-
okay :D
-
You said:
I have been creating the cd's wrong.
That's why, I asked.
-
I made the cd right for him and hes running it now
-
You live nearby?? ???
-
This should be good...
-
explain why it should be good. And I did it through the internet using crossloop and made it on his computer.
-
Ha no, we used crossloop, and yes he does live nearby....about 5 miles and a river away...depending on what route you decide to take...
-
Now, we know....
-
yes you do.
-
he knows to much!!!!! :o
-
I told you not to try Chrome ;D
-
chrome is sooo 5 minutes ago!
-
But Compruler is a very curious person, so now he's paying the price ;D
-
is he paying it in GIFTCARDS?!
-
I don't know about gift cards, but he definitely screwed up my gift certificates ;D
-
oh my bad. Well, maybe he should be giving you some gift certificates for all the work you have done for him... ;D ;D ;D
-
I've been trying for several months, but it's like talking to a wall ;D
-
Well, like he always says to me: "Don't follow in my footsteps; I walk into walls"
-
Maybe so, but when it comes to spending MY gift certificates, somehow he's finding his ways to Best Buy ;D
-
Hey! I never said that! >:(
@broni thats what my dad always tells me ::) about the talking to walls
-
See? With my life experience, I already knew that ;D
-
your good!
-
I know :)