svchost.exe high cpu usage

Woden

Hi,

I am on my eee pc on windows xp and have noticed that svchost.ext is using up 100% of the cpu. I have downloaded process explorer from MS and drilled down into it and notice that the cpu usage is coming from one dll msvcrt.dll. I can kill this thread and the cpu usage is removed however it returns on reboot. I have run avg and am in the process of running spybot.

Other then that i'm not sure how to take it from here?

Suggestions appreciated

Regards,

Woden

thelad

100% Virus removal sucess rate with no data loss
contact me (-;

Woden

spybot found something and performed a fix. I had also disabled automatic windows update which was mentioned somewhere. Seems ok currently will update if any problems

thanks,

woden

numbnuts

thelad wrote: »

100% Virus removal sucess rate with no data loss
contact me (-;

And he would have charged you £50 just to turn on updates .. LOL ..

Go here >> http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Check for updates ..

Then do this Please ..

Next Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.
  
  Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.

Paddy ...

Woden

Hi sorry to clarify windows update was on but I turned it off last night as there was some mention of it causing the problem. The machine should be up to date from a windows update perspective.

I will install mbam-setup.exe when I get home from work.

Thanks in advance!

Woden

Woden

Right so I have run mbam.exe it found the following

http://wow.dataiswoden.eu/files/mbam-log-2009-08-03%20(20-43-44).txt

I then ran it again after the reboot and it looks like this now

http://wow.dataiswoden.eu/files/mbam-log-2009-08-03%20(21-20-46).txt

Based on the information here http://www.worldofraids.com/news/766.html I appear to have had a keylogger 6to4ex.dll. As a result i'm running mbam.exe on my main windows box now. If I still played wow I could be potentially ****ed heh.

I have update flash on both machines as suggested.

ActorSeeksJob

100% Virus removal sucess rate with no data loss
contact me (-;

No such thing. Would love to see you remove this infection but I wont hold my breath


do this Woden

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Woden

Thanks ActorSeeksJob

Below is a link for the log file. I noticed tonight that the high cpu usage was back from the same dll

http://wow.dataiswoden.eu/files/ComboFix.txt

Regards,

Woden

ActorSeeksJob

looking good

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Woden

Hi,

Thank you again. I have run TFC.

Here is the log from malware bytes
___________________________________________________________________

Malwarebytes' Anti-Malware 1.39
Database version: 2551
Windows 5.1.2600 Service Pack 3

06/08/2009 23:58:45
mbam-log-2009-08-06 (23-58-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 122172
Time elapsed: 30 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________________________________

I will run the online virus scanner now

Regards,

Woden