# Solved: svchost.exe using 1GB RAM.



## techkid

Hi all.

In the past few days, my computer has been experiencing a massive memory leak with svchost.exe, in particular the LocalService instance, where it has been using up to and over 1GB of memory usage. I can terminate the process, which frees up the memory for a time, but I need some help in identifying what the problem actually _is_.

First of all, my system info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) II X2 240 Processor, x64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 3071 Mb
Graphics Card: NVIDIA GeForce 7300 LE, 128 Mb
Hard Drives: C: Total - 425637 MB, Free - 335025 MB; D: Total - 152617 MB, Free - 110957 MB;
Motherboard: ASUSTeK Computer INC., M2N68-AM Plus
Antivirus: ZoneAlarm Free Firewall Antivirus, Updated and Enabled
_____________________________________________________________________________________________

I have run HijackThis and see nothing out of the ordinary. But I will also paste it in for you:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:36, on 9/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Moo0\SystemMonitor 1.64\SystemMonitor.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe
C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ubuntuone\dist\ubuntu-sso-login.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3n_6.07_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3n_um_6.07_windows_intelx86.exe
C:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={7A62A9CF-C3B1-4E3C-B9AF-716B75596E81}&mid=f85c7ec02c8b47d08889d16f5eff4bff-8e50763b43bd37dae897fa86d0ba6c353b18c0d3&lang=en&ds=oo011&pr=sa&d=2012-09-09 22:21:20&v=13.2.0.5&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Chaosnet Network
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Ubuntu One] "C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
O4 - HKCU\..\Run: [Ubuntu One Icon] "C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Drew')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Drew')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 8734 bytes

Additionally, I have made screenshots of the Task Manager "Processes" and "Services" tabs, so you can see what is running (the highlighted services are what is running on that process instance). These will be attached. Thank you in advanced.


----------



## flavallee

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the ENTIRE file here. 

---------------------------------------------------------


----------



## flavallee

Get rid of *Spybot - Search & Destroy*.

Unless you have a reason for using a third-party firewall instead of the Windows 7 built-in firewall, get rid of *ZoneAlarm*.

What are using for a full-time antivirus program?

*Microsoft Security Essentials* is light-weight and very user-friendly.

----------------------------------------------------------


----------



## Phantom010

Perhaps a *Clean Boot* troubleshooting procedure might help?


----------



## flavallee

Disregard my question about the antivirus program.

I didn't know that ZoneAlarm now has antivirus built into it.

I thought it was still a stand-alone firewall app.

http://www.zonealarm.com/security/e...:A001:Exact:P01:T007&term=zonealarm antivirus

------------------------------------------------------------


----------



## techkid

Yeah, I run the combined AV/firewall software. I have also dumped Spybot, as well.

Here is my uninstall list:

32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atomic Tanks
Auslogics Disk Defrag
AVG Security Toolbar
Belarc Advisor 8.2
Bluefish 2.2.3
BOINC
Cain & Abel v4.9.43
Cool & Quiet
Dungeon Crawl Stone Soup
DVD Shrink 3.2
DVDFab 9.0.6.0 (21/08/2013)
e-tax 2013
Facebook Video Calling 1.2.0.159
GIMP 2.8.0
Google Earth Plug-in
Google Update Helper
HiJackThis
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
HTC Driver Installer
HTC Sync Manager
ImgBurn
IPTInstaller
iTunes
Java 7 Update 25
Last.fm Scrobbler 2.1.36
LG ODD Auto Firmware Update
LibreOffice 4.1.0.4
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Moo0 SystemMonitor 1.64
Mozilla Firefox 23.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyTomTom 3.2.0.1116
Nero 7 Essentials
neroxml
Nmap 6.25
NVIDIA Drivers
NVIDIA Graphics Driver 307.74
NVIDIA Update 1.10.8
PowerDVD
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SUPERAntiSpyware
swMSM
System Checkup 3.3
Ubuntu One
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.8
WinPcap 4.1.2
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security


----------



## Phantom010

The Clean Boot was to isolate a possible application that might be affecting that svchost.exe process. Have you tried disabling ZoneAlarm (firewall and antivirus)?


----------



## flavallee

*Adobe Reader 10.1.7* needs to be updated to *Adobe Reader 11.0.04*.

*Java 7 Update 25* needs to be updated to *Java 7 update 40*.

Get rid of *AVG Security Toolbar*.

Run *AVG Remover* afterwards so it can find and remove any leftover AVG "debris".

-------------------------------------------------------


----------



## techkid

Done and done. All updates have been applied, and AVG is gone. Interestingly, I have had my computer running for 3 days straight (usually about the period of time it takes to get svchost.exe to build up its memory hogging) without a problem.

Here is the new application list:

32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atomic Tanks
Auslogics Disk Defrag
Belarc Advisor 8.2
Bluefish 2.2.3
BOINC
Cain & Abel v4.9.43
Cool & Quiet
Dungeon Crawl Stone Soup
DVD Shrink 3.2
DVDFab 9.0.6.0 (21/08/2013)
e-tax 2013
Facebook Video Calling 1.2.0.159
GIMP 2.8.0
Google Earth Plug-in
Google Update Helper
HiJackThis
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
HTC Driver Installer
HTC Sync Manager
ImgBurn
IPTInstaller
iTunes
Java 7 Update 40
Last.fm Scrobbler 2.1.36
LG ODD Auto Firmware Update
LibreOffice 4.1.0.4
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Moo0 SystemMonitor 1.64
Mozilla Firefox 23.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyTomTom 3.2.0.1116
Nero 7 Essentials
neroxml
Nmap 6.25
NVIDIA Drivers
NVIDIA Graphics Driver 307.74
NVIDIA Update 1.10.8
PowerDVD
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SUPERAntiSpyware
swMSM
System Checkup 3.3
Ubuntu One
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.8
WinPcap 4.1.2
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security

And here is my new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:44, on 16/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Moo0\SystemMonitor 1.64\SystemMonitor.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe
C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ubuntuone\dist\ubuntu-sso-login.exe
C:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre7\bin\jp2launcher.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Chaosnet Network
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Ubuntu One] "C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
O4 - HKCU\..\Run: [Ubuntu One Icon] "C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Drew')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Drew')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3643599255-278544219-109542450-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 6601 bytes


----------



## flavallee

> Interestingly, I have had my computer running for 3 days straight (usually about the period of time it takes to get svchost.exe to build up its memory hogging) without a problem.


 :up:

------------------------------------------------------------

Click Start, then type *MSCONFIG* in the search box, then press the Enter key.

When the small "System Configuration" window appears, click the "Startup" tab.

Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

------------------------------------------------------------


----------



## techkid

Should I also include whether the services are running or stopped?


----------



## techkid

Well, I have the list of installed services here:

SAS Core Service
Adobe Acrobat Update Service
Application Experience
Application Layer Gateway Service
Application Identity
Apple Mobile Device
Windows Audio Endpoint Builder
Windows Audio
ActiveX Installer (AxInstSV)
BitLocker Drive Encryption Service
Base Filtering Engine
Background Intelligent Transfer Service
Computer Browser
Bluetooth Support Service
Certificate Propagation
Microsoft .NET Framework NGEN v4.0.30319_X86
COM+ System Application
Cryptographic Services
Disk Defragmenter
DHCP Client
DNS Client
Wired AutoConfig
Diagnostic Policy Service
Extensible Authentication Protocol
Encrypting File System (EFS)
Windows Media Center Receiver Service
Windows Media Center Scheduler Service
Windows Event Log
COM+ Event System
Fax
Function Discovery Provider Host
Function Discovery Resource Publication
Windows Presentation Foundation Font Cache 3.0.0.0
Group Policy Client
Google Update Service (gupdate)
Google Update Service (gupdatem)
Human Interface Device Access
Health Key and Certificate Management
HomeGroup Listener
HomeGroup Provider
HTCMonitorService
Windows CardSpace
IKE and AuthIP IPSec Keying Modules
PnP-X IP Bus Enumerator
IP Helper
iPod Service
CNG Key Isolation
KtmRm for Distributed Transaction Coordinator
Server
Workstation
Link-Layer Topology Discovery Mapper
TCP/IP NetBIOS Helper
Multimedia Class Scheduler
Mozilla Maintenance Service
Windows Firewall
Distributed Transaction Coordinator
Microsoft iSCSI Initiator Service
Windows Installer
Network Access Protection Agent
NBService
Net Driver HPZ12
Netlogon
Network Connections
Network List Service
Network Location Awareness
NMIndexingService
Network Store Interface Service
NVIDIA Display Driver Service
NVIDIA Update Service Daemon
Peer Networking Identity Manager
Peer Networking Grouping
Internet Pass-Through Service
Program Compatibility Assistant Service
Performance Logs & Alerts
Pml Driver HPZ12
PNRP Machine Name Publication Service
Peer Name Resolution Protocol
IPSec Policy Agent
Power
Protected Storage
Quality Windows Audio Video Experience
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Registry
Cyberlink RichVideo Service(CRVS)
Remote Packet Capture Protocol v.0 (experimental)
RPC Endpoint Mapper
Remote Procedure Call (RPC) Locator
Security Accounts Manager
Smart Card
Task Scheduler
Smart Card Removal Policy
Windows Backup
Secondary Logon
Secunia PSI Agent
System Event Notification Service
Adaptive Brightness
Remote Desktop Configuration
Shell Hardware Detection
SNMP Trap
Print Spooler
SPP Notification Service
SSDP Discovery
Secure Socket Tunneling Protocol Service
Windows Image Acquisition
Microsoft Software Shadow Copy Provider
Superfetch
Tablet PC input Service
Telephony
TPM Base Services
Remote Desktop Services
Themes
Thread Ordering Server
Distributed Link Tracking Client
Windows Module Installer
Interactive Services Detection
UPnP Device Host
Desktop Window Manager Session Manager
Credential Manager
Virtual Disk
TrueVector Internet Monitor
Volume Shadow Copy
Windows Time
Windows Activation Technologies Service
Block Level Backup Engine Service
Windows Biometric Service
Windows Connect Now - Config Registrar
Windows Color System
Diagnostic Service Host
Diagnostic System Host
WebClient
Windows Event Client
Problem Reports and Solutions Control Panel Support
Windows Error Reporting Service
Windows Defender
WinHTTP Web Proxy Auto-Discovery Service
Windows Management Instrumentation
Windows Remote Management (WS-Management)
WLAN AutoConfig
WMI Performance Adapter
Windows Media Player Network Sharing Service
Parental Controls
Portable Device Enumerator Service
Security Center
Windows Search
Windows Update
Windows Driver Foundation - User-mode Driver Framework
WWAN AutoConfig
ZoneAlarm Privacy Service


----------



## flavallee

I'm waiting for a reply to post #10.

----------------------------------------------------------

I need to know which services in your list in post #12 have their "Startup Type" set on Automatic and Automatic(Delayed Start). 

----------------------------------------------------------


----------



## techkid

Revised list of services (Automatic startup)

Adobe Acrobat Update Service
Application Information
Background Intelligent Transfer Service
Base Filtering Engine
CNG Key Isolation
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
DNS Client
Encrypting File System (EFS)
Extensible Authentication Protocol
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Provider
HTCMonitorService
IKE and AuthIP IPSec Keying Modules
IP Helper
IPSec Policy Agent
Microsoft .NET Framework NGEN v4.0.30319_X86
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
NVIDIA Display Driver Service
NVIDIA Update Service Daemon
Performance Logs & Alerts
Plug and Play
PnP-X IP Bus Enumerator
Power
Print Spooler
Program Compatibility Assistant Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secunia PSI Agent
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Protection
SSDP Discovery
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Themes
TrueVector Internet Monitor
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Defender
Windows Event Log
Windows Firewall
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Search
Windows Update
WLAN AutoConfig
WMI Performance Adapter
Workstation
ZoneAlarm Privacy Service


----------



## flavallee

Where is the startup list from post #10?

---------------------------------------------------------


----------



## flavallee

The "Startup Type" in these service entries can be set on Manual:

*Adobe Acrobat Update Service

Application Information

CNG Key Isolation

Computer Browser

Distributed Link Tracking Client

HomeGroup Provider

IKE and AuthIP IPSec Keying Modules

IP Helper

IPSec Policy Agent

Microsoft .NET Framework NGEN v4.0.30319_X86

NVIDIA Display Driver Service

NVIDIA Update Service Daemon

Performance Logs & Alerts

Program Compatibility Assistant Service

Windows Backup

Windows Defender

Windows Media Player Network Sharing Service

Windows Search*

Double-click each one to open its properties window, then change the setting, then click Apply - OK.

---------------------------------------------------------------


----------



## techkid

Sorry flavallee, my head has been all over the place this week. Not in a good frame of mind at the moment...

Startup list entries:

BOINC Client
BOINC Manager
ZoneAlarm
Java(TM) Platform SE Auto Updater
Adobe Reader and Acrobat Manager
Microsoft (R) Windows (R) Operating System
ubuntuone
ubuntuone
Secunia PSI Tray

BOINC = Berkeley Open Infrastructure for Network Computing. I have a few science programs run on my computer in its down time.
The MS Windows entry refers to the sidebar in the command line.
The two instances of Ubuntu One refer to the Sync Daemon and the Control Panel for the Ubuntu One cloud storage service.


----------



## flavallee

These startup entries can be unchecked:

*Java(TM) Platform SE Auto Updater

Adobe Reader and Acrobat Manager*

------------------------------------------------------------


----------



## techkid

Done and done. I am noticing a decent performance increase with the changes to services and startup. Thanks for all your help, I appreciate it


----------



## flavallee

techkid said:


> Done and done. I am noticing a decent performance increase with the changes to services and startup. Thanks for all your help, I appreciate it


 :up:

----------------------------------------------------------


----------

