Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe constantly running processor at 55%


  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Those logs are clean.

You can right click all the tools we used and delete them, same goes for all the log files, including the log files we saved when clearing event logs.
  • 1

Advertisements


#32
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
I'll research the windows up date issue.

Here's Hijackthis

Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

  • 1

#33
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

All done:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:58:30 PM, on 9/24/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)

FIREFOX: 48.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Scott\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingb...SlingPlayer.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8343 bytes
 


  • 0

#34
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,
  • Open Hijackthis again. Right click on it "Run as admin"
  • This time do a System scan only.
  • Place a check mark in the following 04 entries: If you're using Delldock or sidebar don't check those entries, side bar runs gadgets on the side of the desktop.

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
    O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
  • Click Fix checked.
  • Close Hijackthis.
  • Reboot / restart computer.

    You can run all those programs as needed, they don't need to boot with windows. Nothing is being deleted, only the run key is being removed for those perticular programs.
    In the event that we lost some function Hijackthis creates backups of the entries and can be easily restored.

    Next

    The Windows Update configuration on Control Panel must be changed to not Update Windows this will stop the service to start on boot, but every time an Update is installed manually the Windows Update service will start and must be Stop before installing another update or the installation of the update will get stuck searching for updates forever.
  • Click start>Settings>Control Panel>System.
  • Select the Automatic Updates tab.
  • Click Turn off Automatic Updates.
  • Click Apply.
  • Click OK.

    The exact instructions above could vary on Vista

  • 1

#35
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Got the rescan completed and deleted the listed items. All good. Looks like the process count is now down to the mid 50s following the reboot.

 

Having issues with the Windows Updater. I'll try and explain. Each startup requires the procedure you had me run through before (command prompt entering "net stop wuauserv"). That shuts down the Windows Updater as verified on Task Manager Services Tab, as well as the svchost.exe cpu (usage down to zero).

 

When I go to the Control Panel_Windows Update screen to shut down automatic updates as you indicated (procedure is different than what you had written, but I get to the same place I think), it causes wuauserv to run again. That's the first thing I found out, after trying it several times.

 

So now I want to stop the Automatic Updates and my choice would be "Never Check for Updates" on the drop down menu as well as unchecking all four of the other boxes.

 

That should take care of the problem, but apparently wuauserv still runs as seen on the TM Services tab, so my next logical step would be to go back to the command prompt and enter "net stop wuauserv". However it comes back with a reply after trying for couple minutes that it is unable to stop Windows Updater. Hmmmmm.


  • 0

#36
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello
Is there anything here we might be missing,
http://www.vistax64....c-updating.html
Scroll down to # 6


If not go back into services, you remember use the run box and type Services.msc

Start>Run>Services.msc> windows Updates>>> Double-Click windows Updates and click dropdown box, select "Disabled" then click "Stop" Then click Ok.
I don't think we clicked stop before.

Not sue how long you're going to keep using Vista, in any event we need to change the Anti Virus program. Currently Microsoft Security Essentials depends on windows up date.

I would suggest uninstalling it and installing Avast Anti Virus
https://www.avast.co...ivirus-download

This will be better protection even when Vista goes un-supported soon.
  • 1

#37
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

I see that you're on line. I need to work today so I wanted to leave this for you. If we continue to have issue disabling the service windows up date, lets see if we can fix it.

Start here..

Download then run the Windows All in One Repair (free) from here, disregard the malware guidance but follow the other steps to the letter and in particular ensuring that you first create a new restore point and perform a proper Windows clean boot before running the repair, details for the clean boot here.

I will not return till late .

Thanks
Joe :)
  • 1

#38
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Thnx.

 

I looked at your previous post regarding the two ways to disable Windows Updater.

 

The first method (where you provided a link) was what I had performed yesterday which may or may not have given me some issues. I say may not because I may not have given it enough time and/or not have performed a restart to verify it would not start back up.

 

Regardless, this morning I followed the procedures for the second method which is "Start>Run>Services.msc> windows Updates>>> Double-Click windows Updates and click dropdown box, select "Disabled" then click "Stop" Then click Ok". It did not immediately stop wuauserv from running, but upon restart, I have found the service stopped. I'll check it a few more times today (full shut downs and boot-ups),

 

I think this may have resolved the issue for me.

 

I don't expect to upgrade the OS on this old Dell laptop. Probably not worth the $. When it's clean it runs satisfactorily for me as a second PC. As such I'll also take your advice regarding avast. I had used them a few years back before deciding to switch to MSE.

 

Excellent!


  • 0

#39
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Sounds good.

How is everything now ?
  • 0

#40
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Working well!

 

Process count is lower than it has ever been, and the CPU is running in the low single digits at idle. Have gone through multiple clean boots and wuauserv does not run.

 

And my alma mater won their football game saturday evening!

 

All good.


  • 0

Advertisements


#41
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Excellent as you say,

If there are no further issues we will close this topic. It's been rewarding working with you and I learned a few things along the way.

Steelers lost yesterday, Hockey pre season starts tomorrow.

Thanks
Joe :)
  • 1

#42
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

No further issues.

 

Always a pleasure working with the fine folks a G2G. I always learn something as well, and did so especially on this one!

 

You guys are the best, and a real asset to those of us that work with computers.

 

Much appreciated.


  • 0

#43
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
You're welcome,

Closing ticket now.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP