Some thing is using 50 % of CPU Duty Cycle

[Mir96TA]

Hi there
I am running Win XP Pro with SP3
CPU is P4 3 Gig
Mem is 2 Gig
Chipset 865 G
I was running MS Essential as my Anti Virus and Malware proctection
Browser is IE 7
There is a some thing which running of Svhost and taking 50 % duty Cycle.
Under user name is System.
If kill that process, it will go through RPC and shuts down the PC.
Mem size usage is 5,304K
I have run SPY Bot and found nothing
MS config looks very clear I have used Hi Jack couldn't see any thing special
Mostly MS Services are running
Any idea ?

 

[jjmIII]

control/alt/delete
processes tab
sort by cpu usage

 

[Mir96TA]

control/alt/delete
processes tab
sort by cpu usage

Well as I said Svchost is taking 50 % Cpu Duty Cycle.
Which I do not know what it is and why is taking that many Cpu Duty Cycle

 

[thedosbox]

svchost is a generic process that services run under. You'll have to go through your list of services to see whether there are any unexpected ones running.

 

[VirtualLarry]

tasklist /svc

 

[Mir96TA]

Every time I load DHCP Client or Load the Static IP address
CPU Duty Cycle goes 50 %

 

[Mir96TA]

tasklist /svc

Image Name PID Services
========================= ====== =======================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 632 N/A
csrss.exe 696 N/A
winlogon.exe 720 N/A
services.exe 764 Eventlog, PlugPlay
lsass.exe 784 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 976 DcomLaunch, TermService
svchost.exe 1040 RpcSs
svchost.exe 1136 AudioSrv, BITS, Browser, CryptSvc, Dhcp
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc
HidServ, LanmanServer, lanmanworkstatio
Netman, Nla, RasMan, Schedule, seclogon
SENS, SharedAccess, ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time, winmg
wscsvc, wuauserv
svchost.exe 1176 WudfSvc
svchost.exe 1220 Dnscache
svchost.exe 1240 Alerter, LmHosts, RemoteRegistry, SSDPS
spoolsv.exe 1392 Spooler
CTAudSvc.exe 1440 CTAudSvcService
explorer.exe 1748 N/A
igfxtray.exe 1940 N/A
hkcmd.exe 1948 N/A
igfxpers.exe 1956 N/A
ico.exe 1964 N/A
schedhlp.exe 1972 N/A
CtHelper.exe 1996 N/A
FSRremoS.EXE 2040 N/A
TomTomHOMERunner.exe 260 N/A
PELMICED.EXE 312 N/A
svchost.exe 512 WebClient
schedul2.exe 540 AcrSch2Svc
svchost.exe 652 stisvc
TomTomHOMEService.exe 680 TomTomHOMEService
wuauclt.exe 1712 N/A
iexplore.exe 1892 N/A
alg.exe 2372 ALG
taskmgr.exe 2892 N/A
msconfig.exe 620 N/A
calc.exe 3372 N/A
cmd.exe 3460 N/A
tasklist.exe 3532 N/A
wmiprvse.exe 3564 N/A

 

[SearchMaster]

In Task Manager, View/Select Columns then check the PID (Process Identifier) column. Now match up the PID that's consuming the CPU with the PID from the tasklist /svc command to see which one is the culprit.

 

[Mir96TA]

Without running any thing I have notice I have following NetStat connection
I dunno Why
Active Connections

Proto Local Address Foreign Address State
TCP ibm:1026 195.2.139.31:http CLOSE_WAIT

In Task Manager, View/Select Columns then check the PID (Process Identifier) column. Now match up the PID that's consuming the CPU with the PID from the tasklist /svc command to see which one is the culprit.

Well check this out
svchost.exe 972 DcomLaunch, TermService
Who is running Dcom services or Terminal Services ? and why

 

[thedosbox]

Who is running Dcom services or Terminal Services ? and why

You can look at the properties for each service to see the dependencies. IIRC, terminal services is required if you're using Windows desktop search (on XP).

You can also click on the "User" tab to see if anyone is else is logged into your box (there probably isn't as there is no open connection on the RDP port).

 

[VinDSL]

Um...

How about good 'ol Process Explorer?!?!?

Linkage: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

[dawks]

You can look at the properties for each service to see the dependencies. IIRC, terminal services is required if you're using Windows desktop search (on XP).

You can also click on the "User" tab to see if anyone is else is logged into your box (there probably isn't as there is no open connection on the RDP port).

Terminal services is only required for Remote Desktop and Remote Desktop Assistance. If you're not using either, I'd go to services and disable that service. DCOM is legit, but has been known to be a target for worms, virus's. So I'd run a scan or two (superantispyware and/or ms security essentials).

 

[Modelworks]

Grab procmon
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Disable capture events under file
Under filters set filters to process name is and select svchost.exe .
That will let you see what that programs running through svchost are doing.
Enable capture events under file.

Disabling of events is needed first because when you first run procmon it will try to log everything the pc is doing and can really slow down a system till you set up filters.

 

[Tbirdkid]

sysprep tools tell you everything just about.

 

[stash]

sysprep tools tell you everything just about.

I think you mean sysinternal tools...

 

[Mir96TA]

For some reason it is no longer stuck at 50%
odd

 

[thedosbox]

Terminal services is only required for Remote Desktop and Remote Desktop Assistance

http://support.microsoft.com/kb/940157

Note To install Windows Search 4.0 successfully on a computer that is running Windows XP or Windows Server 2003, Terminal Services must be running on the computer. Also, Terminal Services must be running for Windows Search 4.0 to function correctly. By default, Terminal Services is configured to start automatically. However, it may have been disabled manually or by third-party software. If Terminal Services is disabled, the installation of Windows Search 4.0 will fail with error code 643.

 

[dawks]

http://support.microsoft.com/kb/940157

Wow, well that makes NO sense at all. But this is Microsoft we're talking about... The only way to justify this is that someone might use Remote Desktop to install Desktop Search, but beyond that.. wow....

That HAS to be a typo.