strange lag after connection + svchost hog(Resolved)

[pheonix73]

After making sure to get rid of everything from the previous installation.I was able to reinstall and have confirmed that adaware works perfectly once again.I am still unaware why the program crapped out in the first place,but that's why call them gliches.They show up and disappear with nary a reason why.Hope all works out on your end of things.

[jholland1964]

pheonix73
I am still unaware why the program crapped out in the first place,but that's why call them gliches.They show up and disappear with nary a reason why.

You probably never will know either unless it should happen again and the occurance triggers a memory about this time. Sometimes as you say, gliches...could be anything. Glad you got it working again. This version has served me very well and I, for one, will continue to use it as long as updates are available.
Judy

[jholland1964]

helpt3hn00b
Would you recommend that I add any other anti-spyware or other programs from PhilliePhan's list?

Don't forget to use a firewall of course. If you don't want to try the Zone Alarm Free again you might look at the other two noted in PhilliePhan's list.

Remember too that XP DOES have it's own built-in firewall if you choose to use it. To be honest, this is what I use.....
Windows Firewall blocks only incoming stuff whereas third-party firewalls (such as Zonealarm, Kerio, Outpost, etal. ) block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should usually be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find significantly more threads relating to problems caused by the use of a third-party firewall (botched updates, etc).

There is, however, no "one size fits all" answer here. Should you use your computer for online banking/shopping and should it be shared with file-sharing children, then it might not be a bad idea to install a third-party firewall. OTOH, if you trust the other users to surf sensibly, then WF may very well be sufficient for your needs. The choice is yours just be sure to make one.
Judy

[helpt3hn00b]

Don't forget to use a firewall of course. If you don't want to try the Zone Alarm Free again you might look at the other two noted in PhilliePhan's list.

Remember too that XP DOES have it's own built-in firewall if you choose to use it. To be honest, this is what I use.....
Windows Firewall blocks only incoming stuff whereas third-party firewalls (such as Zonealarm, Kerio, Outpost, etal. ) block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should usually be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find significantly more threads relating to problems caused by the use of a third-party firewall (botched updates, etc).

There is, however, no "one size fits all" answer here. Should you use your computer for online banking/shopping and should it be shared with file-sharing children, then it might not be a bad idea to install a third-party firewall. OTOH, if you trust the other users to surf sensibly, then WF may very well be sufficient for your needs. The choice is yours just be sure to make one.
Judy

Ah, I've never even thought about the potential dangers of using a third-party firewall. I'll keep your advice in mind, but for now I think I'll stick with ZoneAlarm, just to be "safe" (in regards to a trojan sending sensitive information). Thanks again!

[helpt3hn00b]

So pleased all worked out so well.
I myself still use AdAwareSE Free version and am able to receive updates without trouble. By stopping support I believe they mean they will not offer support...i.e. if you are having problems with it but for now at least I am certainly able to update the program with new definitions. They also still have support questions and answers for AdAwareSE Free on their website here
I would imagine that sooner or later the newer version will be required but as of yet it is not. I will personally stay with AdAwareSE until they no longer offer definition updates for it, for now they do.
As far as additional anti-spyware programs from PP's list I also use AVG Anti-Spyware version 7.5 for scanning, not background protection and I also use the ATF-Cleaner. Other than that I myself don't use anything else other than those all ready noted. I also keep my browser cache set at no higher than 10 to 50mb. I also use Firefox as my default browser, it is more secure, I only use Internet Explorer for Windows updates, which I do manually not automatically.
Be sure to take a look at ~TL's link on configuring services in Windows XP. There are lots of great tips there for speeding up XP.
Just watch where you surf, use pop up blockers, don't open mail from somebody you don't know and you should continue to have good luck.
Judy

One question -- would having two anti-virus programs cause the same (or similar) problems as having two firewalls? Good advice though (again). :P Thanks!

[helpt3hn00b]

Hey Judy; I'm terribly sorry to be a nuisance, but would you mind taking a look at my HJT log for another computer (not the first one)? If you'd rather not, I can definitely post it up as a separate thread, but I just thought that since I already have a recent one and all, it might be better to just post it here.

[jholland1964]

Ah, I've never even thought about the potential dangers of using a third-party firewall. I'll keep your advice in mind, but for now I think I'll stick with ZoneAlarm, just to be "safe" (in regards to a trojan sending sensitive information). Thanks again!

Oh Lordy! I wasn't slamming third party firewalls, just trying to also give the option of the Windows Firewall. I have no problem with anyone using a third party firewall.
Yes running having two anti-virus programs would cause the same (or similar) problems as having two firewalls.
Post the log from the other computer in a new thread. That way others viewing and learning won't get confused. Be sure to state any problems experienced.
Judy

[helpt3hn00b]

Haha, sorry that came out wrong. I understand what you mean

[helpt3hn00b]

bump-a-bump!

Happy New Year!!

I'm sorry to dig up an old thread, but thought it might be better than just starting a new one..or should I? Been having the same problem with a svchost process hogging the memory. There's no lag this time around, but now wmiadap.exe pops up on my task manager processlist shortly after i connect and boot up FF. Not sure what's going on...

SAV, Spybot, Ad-Aware SE all coming up clean; here's my HJT! [2.0.2] log. Doesn't sound like a virus hijacking a process, does it? It's odd, not sure what's been causing this lately. It's also possible that wmiadap has been popping up before but I just never noticed it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:26 AM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Anthony\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackboard/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178502588500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184742241031
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7985 bytes

[jholland1964]

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started.

Looking at your log I see at least a couple things which "could" be causing this "svchost process hogging the memory" one of them being Auto Updates.

Now a good tool to use to narrow this down is Process Explorer v11.04
You can at least determine which processes are being controlled by looking at the PID number of the svchost in question. For instance, on mine the svchost.exe PID with the highest memory usage is 1072. By using the Process Explorer I know that 18 different services are controlled by the svchost.exe 1072, they are listed by name if you highlight that one and then click Properties.

You have numerous, unnecessary auto starting programs and services showing in the log. All of these then will run in the background all the time, some would be contained within the hogging svchost process, some would not but all will be using some available memory. Most likely culprit would be the auto updates...Windows, SunJava, Google to name a few, but the Windows auto updater for sure. Myself, the only program I have set to auto update is my anti virus program, all others I have auto update turned off and I do them manually.
Here is a list of those auto starts from your log which are unnecessary and can all be run manually;
SigmatelSysTrayApp
Dell QuickSet
CTSVolFE.exe
ISUSPM Startup
ISUSScheduler
SunJavaUpdateSched
QuickTime Task
TkBellExe
Adobe Reader Speed Launcher
MSMSGS
Digital Line Detect

DSBrokerService
Google Updater Service
iPod Service