svchost.exe taking up 99% resources and random popups

I can't figure out what the hell this is. I had spysheriff but successfully removed that, I've scanned with House call about 10 times, Ad-aware and a few others I probably can't think of. Is anyone else having this problem? It's like my computer has dropped a GHZ in proccessing power.

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Ok. Ad-aware found a ton of junk. Deleted it all. CCcleaner found 12mb of stuff and that got deleted. I got microsoft windows antispyware and that's found nothing. Spybot search and destroy found nothing. Used a few trojan searchers to no avail.

 

Your Operating System is extremely out-of-date and in serious need of updating. You appear to be running an unpatched copy of XP. You need to be a Service Pack 2 with all updates. You should do this after we are finished.

You have HijackThis installed incorrectly; install HijackThis to C:\HJT.

You have Windows Messenger running in the background and 3 copies of Internet Explorer running. THere should be no browser windows open when running HijackThis.

After reinstall HijackThis; CLOSE ALL BROWSER SESSIONS.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Following the instructions in this thread Running Spy Sweeper

After completing all of teh above come back here and post a fresh HijackThis log along with teh Spy Sweeper log.

 

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\update\update.exe won't let me close that. And the dll you want me to fix is there everytime I rescan, given I haven't restarted yet.

 

Follow the rest of the directions.

 

Spysweeper has found a ton of things and removed most but it said something about some are currently running, when it ran at startup it found nothing. Update.exe doesnt run anymore, the dll isn't in the HJT log anymore, BUT svchost.exe is still being a huge resource hog. I cannot update to service pack 2 since I'm not using a genuine version of windows

 

Ok now update.exe has shown up in my process list again. I'm about to throw my computer down the stairs.

 

We are just getting started, be patient.

 

Post the Spy Sweeper log.

 

Download
- Shoot the Messenger

Exit Windows Messenger then Run Shoot the Messeneger.

Please follow the instructions in Running Ewido Security Suite.

Post the Ewido log when finished.

 

The popups, which were internet explorer windows. Are gone since I ran spy sweeper in safe mode. I'm running it again in normal mode since I can't seem to find the log file. It seems like the svchost.exe being the resource hog is the last thing left. Going to run edwindo afterwards.

 

OK, for some reason when I saved the report for ewido, it didn't save. So it found about 30 problems. most were exe files but a few were dll's. After removing them all and restarting still got the svchost being a resource whore. Here's the spysweeper log. Also I might be able to obtain a valid License Key for windows, would having all the updates make a significant difference in keeping clean?

 

You don't have a validly licensed copy of Windows XP? Software piracy is not supported or codoned by this site. Having a fully updated and licensed copy of Windows XP makes a huge difference in security. Many of the infections you are seeing exploit holes in unpatched versions of XP.

As your system stands now it is a serious security risk, and I will continue to assist you in removing the infections on the system, so that it is no longer a threat. After the system is clean, I highly encourage you to obtain a vaild license key for your version of XP.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments