Processing taken by svchost slowing down computer access to internet

[Czain]

This is certainly an interesting one, and may end up not being related to a virus but here it goes.

I have noticed quite a bit of processing power is taken up by Svchost, i researched the numbers and its none more then usual I think (sitting at about 225,000 + 85,000 right now) however i find that I have intermittent access to the internet sometimes.

I notice this mostly while playing games online. I'll hit quite a few spots of lag constantly.
Now this MAY be my roommates accessing the internet while im online, however I think it happens to consistently to be that. As well this has not always been an issue for me (although it has periodically come up sometimes)

So I start disabling programs/services to see what is causing the slow. I find that disabling Windows Update and Superfetch drastically decrease the amount of power being used by svchost. I have read that superfetch should probably not be disabled as it helps the computer run faster and what not. So I look into windows update.

Low and behold I am unable to actually update windows. When I tell windows to update it just sits at 0% saying its downloading but actually does nothing.

This might be the root of the problem, or it might lie elsewhere.

Thanks for looking into this.


# AdwCleaner v6.030 - Logfile created 28/11/2016 at 19:36:32
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : FRED2 - FRED2-PC
# Running from : C:\Users\FRED2\Desktop\Protection\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4148 Bytes] - [14/05/2016 17:31:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [2177 Bytes] - [26/06/2016 20:15:51]
C:\AdwCleaner\AdwCleaner[C3].txt - [1535 Bytes] - [26/06/2016 20:43:21]
C:\AdwCleaner\AdwCleaner[C4].txt - [1814 Bytes] - [11/11/2016 21:12:10]
C:\AdwCleaner\AdwCleaner[C5].txt - [1100 Bytes] - [28/11/2016 19:36:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [4204 Bytes] - [14/05/2016 17:30:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [1882 Bytes] - [26/06/2016 20:13:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [1955 Bytes] - [26/06/2016 20:14:06]
C:\AdwCleaner\AdwCleaner[S4].txt - [1361 Bytes] - [26/06/2016 20:40:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [1896 Bytes] - [11/11/2016 21:08:08]
C:\AdwCleaner\AdwCleaner[S6].txt - [1825 Bytes] - [28/11/2016 19:35:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1611 Bytes] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/11/2016
Scan Time: 7:51 PM
Logfile: Anti-Malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.28.17
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FRED2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311303
Time Elapsed: 26 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 23.0.0.207 
 Google Chrome (54.0.2840.71)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**********************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

[Czain]

Hello Dave, Thank you for the assistance.

Java successfully updated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by FRED2 (Administrator) on 30/11/2016 at 13:16:31.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S0HE8NG (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O0FYPY4 (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3OOFT9S (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA6TYJ7I (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR83X2HV (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PME9C4C7 (Temporary Internet Files Folder)
Failed to delete: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2CL48KK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File)
Successfully deleted: C:\Users\FRED2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T82BK4I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S0HE8NG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T82BK4I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O0FYPY4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3OOFT9S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA6TYJ7I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR83X2HV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PME9C4C7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2CL48KK (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2016 at 13:20:29.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Czain]

Unfortunally the first time i ran it my computer crashed at about half way through, after saying it had found 5 other threats

After running it again it did not find those threats, So i will assume it cleaned them once found.


Here are the other four threats it found and cleaned.

C:\Windows\Installer\20df7a7.msi   Win32/Adware.Hicosmea.I application   deleted
C:\Windows\System32\BIT83C2.tmp   a variant of Win32/SpeedBit.AG potentially unwanted application   cleaned by deleting
C:\Windows\System32\BITD140.tmp   a variant of Win32/SpeedBit.AM potentially unwanted application   cleaned by deleting
C:\Windows\System32\bitst.exe   a variant of Win32/SpeedBit.AO potentially unwanted application   cleaned by deleting

[SuperDave]

225,000 is not necessarily too high. Did you try disabling that process in Task Manager? How much RAM do you have?

[Czain]

225,000 is not necessarily too high. Did you try disabling that process in Task Manager? How much RAM do you have?


I have tried disabling the services, but it doesn't seem to do much. I have 8GB of ram.

I think it will all come down to my room mates using more internet. I have tried to go into the router and edit it to give a certain amount per person, but the router isn't good enough to do that sort of thing.

Thanks for the help and any other suggestions you may have.