EricJH, after a system shut down and startup, cmdagent.exe is again an up and running process. The system (so far) is running as well as one can expect… considering… (the ol work horse).
I have monitored all processes and activities closely since, and have noticed cmdagent.exe not to be a total consistent resource hog as before (99% cpu usage). I have noticed, however, on a few occasions today, cmdagent.exe would use between 40 - 65 % CPU, during these times the system would sound as if it were downloading and installing updates. Once the guts of the system quieted down to an idle sound, the cmdagent.exe CPU usage would fall back to 00 range.
I also noticed, when the cmdagent.exe was using the 40 - 65% CPU and the system was sounding as if downloading and installing updates, that the IP 91.199.212.149 port 80 was present in the active connections firewall interface {TCP /out _ source ip /me _ destination ip / 91.199.212.149:80}… and, at this same time, looking over at the task manager, I noticed cfp.exe to be disappearing and reappearing quickly, each time it would reappear, it would reposition itself to another tier of the process tree (example, appear halfway down the process tree, disappear, then reappear at the bottom of the process tree… etc…)
As for tonight, I have manually checked to update the virus database via the antivirus interface, and it appeared to have checked successfully (I say that meaning it hung for a brief moment before completing the check, as opposed to the behavior it presented the other day, performing this check too quickly and stating it was up to date, enough to alert me that something didn’t seem right). During the virus database update check, the IP 91.199.212.171:80 (different from the above) is present in the active connections of the firewall interface.
I would be happy to assist in any way I can for the betterment of the community.
I removed empty space at the end of the post. Eric