100% CPU usage, scvhost.exe. log posted

[LaaLaa]

Hi all, I've come across some major problems since last night. My CPU usage has been pretty much up to 100% most of the time and could not even use my pc at all last night due to it freezing almost as soon as I log into pc. At first I thought it was my newly installed Microsoft Office 2007 trial version causing this so I tried to uninstall it in Safe Mode but it wouldn't let me. But, when I went into Safe Mode and did a system restore to a few days back, it seemed to uninstall the trial version of it.
I was still having problems with my pc freezing up so I looked around online to find that the process Svchost.exe could be causing this and installed the necessary fixes. It seems like the high CPU usage keeps switching between the svchost.exe and msn.exe.

Also, I just noticed this today but in my task manager, I see so many of these svchost.exe's in different places like SYSTEM but also Network Services and Local Services. Is it somekind of a virus??

I don't know but it still seems like my pc is still going crazy with my laptop being overly hot. I've posted a hijackthis log below so if anyone can help me with this problem, I'd greatly greatly appreciate it.

Here is what I've done so far:

-Uninstalled Microsoft Office 2007 trial
-McAfee virus scan
-Ad Aware SE
-Windows Defender
-AVG Spyware scan
-CCleaner
-CW Shredder
-Installed latest updates from Microsoft

Windows XP SP2, 1GB memory, 20/100 GB hard drive

 

[kitty500cat]

Hello LaaLaa and welcome to TechSpot.

Please go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

Regards

This thread is for the use of LaaLaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[LaaLaa]

Sorry kitty500, I just found the thread you mentioned a few minutes ago.

Hi, I'm back.

step 10) I did go through the first tool and fixed/delted as instructed but after rebooting, my desktop display was changed so I'm apprehensive about the other 3 tools. So, I've only used the first tool.

step 11) It found something called

c:\sccfg.sys in hidden files

I've attached the necessary files.

the rapport.txt files are from step 10, first tool.

My pc's fan is just running non-stop and it's overly hot. Thanks

 

[MMDominator88]

try disabling automatic updates, restart the computer and see if that helps...it's what solved my 100 % cpu (svchost.exe) usage

 

[momok]

Hi,

Please have HijackThis fix the following:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E453D8A-5FCB-43D5-87DE-C1FC3EB8937F}: NameServer = 205.171.3.65,205.171.2.65

You have not attached your AVG Antispyware log. Please do so in your next reply.


Regards,
Your friendly momok =)

This thread is for the use of LaaLaa only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[LaaLaa]

MMDominator ~ after disabling the automatic updates and restarted your pc, you re-enable it?? Or do you have it disabled completely??

momok ~ I've fixed the above and I will be back with the AVG spyware log in a while.

 

[MMDominator88]

go to the windows update site and on the left of the page (before you click anything else) there is an options link, click on that and disable the "microsoft" updates and say "save changes." Now go re-enable that automatic updates.....and that way you can keep the automatic updates still enabled, but the specific "microsoft" updates will be disabled

I don't know why this works, but it does

 

[LaaLaa]

I've ran the AVG Spyware scan in safe mode and brought back the log.
I did find a Trojan there and quarentined it as instructed but when I restarted my pc, the 100% CPU usage from svchost.exe was still there. I had to terminate it again because it was causing my pc to give these strange hissing noises...like it was at max capasity or something. :dead: Please reply. Thanks in advance. In the meantime I'll go ahead and take MM's advice.

 

[momok]

Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder.(located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Follow MM's advice. It works for a certain buggy patch of windows updates that many people were hit with. Let us know how it goes.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of LaaLaa only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ellyquim]

100% CPU Usage issue

just open your task manager and kill some imagename in the processes and monitor your CPU if the 100% drops down. If you find one whats the application that causing it, search it and delete it.

Hope it helps

 

[LaaLaa]

momok ~ thanks for all the help. I can't thank you enough. After I've disabled Microsoft update as recommended by MM, my high CPU usage has literally gone down 90% of the time; it just goes up on certain occasions, probably updates and opening up certain programs. But, I'm a little apprehensive about turning off system restore, since it would delete ALL restore points. What if I need to restore it back to a month or two ago?? I'm just a little scared about this. Any advice is appreciated.

Also, the warmness/hotness of my laptop is pretty much gone!! Now, I'm starting to think the stupid Microsoft updates have slowly and silently but surely affected my pc from several months ago, since I can't recall a time when my pc was this cool after 6+ hours usage.

elly ~ the problem process is called svchost.exe, which is a legitimate process from Windows. I've tried killing the process when my pc was basically about to freeze but it would come back after 10 min. or so. The thing is, since it is a legit process, if I delete it, my pc won't work properly. Microsoft has released hotfixes and other updates but they only seem to work on certain people. Thanks for your input anyway and hope it doesn't affect anyone else.

 

[ellyquim]

okay..! hehhe. i know svchost is very important in the windows environment. mine here in the task manager is 7 svchost.exe running. i just recently had that 100% cpu usage problem and find out that wmplayer.exe is causing the problem also on another computer is the spoolsv.exe causing it and i have to remove the printer and install it again..And 90% of CPU usage is still too much high

 

[LaaLaa]

NEW PROBLEM.

I just noticed this last night but I can't left-click, drag, and select any text on any programs. I don't know what happend or how this happened but can't help but think that it was due to something I did here. Please help.

 

[momok]

Hi,

As I've mentioned earlier, it was important to turn off system restore and then turn it on again. There are usually nasties residing there after you have completed a cleanup.

However, don't do that now, as your system may have been reinfected.

Post a fresh HijackThis, ComboFix and AVG Antispyware log from normal mode.


Regards,
Your friendly momok =)

This thread is for the use of LaaLaa only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[LaaLaa]

I'm back with all my logs. I just have a feeling it has something to do with the registry changes and the SmitfraudFix I used in step 10 of the preliminary virus removal steps. I guess, if all else fails, I'll do a system restore.

 

[momok]

Hi,

Your logs are clean. With regards to your problem, I suspect it is not malware related. Please do not use restore to attempt to fix the problems as there are probably nasties lurking in the restore points and will undo the cleaning process I went through with you.

That said, I would still recommend you disable system restore, then enable it again to delete all previous points. I recommend this to everyone whose system has been infected at the end of the cleaning process.

It could probably be your mouse drivers, have you tried updating/reinstalling them?


Regards,
Your friendly momok =)

This thread is for the use of LaaLaa only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[LaaLaa]

Okay, I won't use the system restore.

I haven't reinstalled my mouse driver. I did find the original mouse driver utility from my laptop's website but I'm not sure how to go about the process. Do you need to uninstall what I have now in order to install the original?? Since this is the mouse driver, wouldn't it prevent me from accessing the web and pc since, the mouse driver is gone??

 

[momok]

Hi,

You can find "Mouse and other pointing devices" or something similar in Control Panel (or in XP view, under Printers and other Hardware). Open it and click the "Hardware" tab.
There will be a Properties button, click on it.
Go to the drivers tab and click uninstall.
After that, the install drivers option will be made available.

Alternatively you can try to "roll back" drivers and see if it works.

Regards,
Your friendly momok =)