Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: virus possibly related to svchost.exe

15 Nov 2013   #11
architech

Windows 7 64 Bit
 
 

I was unable to to create a restore point after four attempts, but I was able to find out when the last restore point was automatically created through safe mode. It was this past Monday, so I just ran the ESET ServiceRepair tool, and FSS. Attached are the two reports.

Thanks for the help.




Attached Files
File Type: txt FSS.txt (2.9 KB, 6 views)
File Type: log SvcRepair.log (11.6 KB, 5 views)
My System SpecsSystem Spec
.
15 Nov 2013   #12
cottonball

Windows 7 Home Premium
 
 

Before we press on with the entries needing attention in the FSS report, let's check the computer for corruption in Windows system files.

Give this a try. The file was created by kronckew, one of our colleagues.

Boot to Safe Mode.

Go to Start > All Programs > Accessories > Command Prompt
Right-click the Command Prompt, and select: Run as Administrator

At the Command Prompt, copy/paste (with the mouse) the following text inside the code box below, and press: Enter

Code:
 
@echo off
rem delete old files
del /q %windir%\logs\cbs\cbs.log
del /q c:\sfcdetails.txt
rem run sfc
sfc /scannow
rem filter out non essential junk from the cbs.log
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >c:\sfcdetails.txt 
rem open details in notepad
notepad c:\sfcdetails.txt
rem optional command to shut down & restart pc after running. this may be needed if
rem sfc replaces some critical files. uncomment (remove the 'rem') to activate.
rem shutdown -r
exit
When sfc is done, a file named sfcdetails.txt appears.

Please save the sfcdetails.txt file to the Desktop, and post it in your reply.
My System SpecsSystem Spec
16 Nov 2013   #13
Faladu

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
 
 

Multiple instances of svchost running is normal, I've got 12 of them going myself while typing this.

50% of RAM used would be normal on a 4gig system, as well with 7. [OP did not put in system specs]

What was the last thing done to the system when this issue started?

I'd look at device manager and see if it's showing any issues.
My System SpecsSystem Spec
.

16 Nov 2013   #14
architech

Windows 7 64 Bit
 
 

File sfcdetails.txt is attached.


Attached Files
File Type: txt sfcdetails.txt (37.8 KB, 6 views)
My System SpecsSystem Spec
17 Nov 2013   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.[/*]
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".[/*]
  • The tool will open and start scanning your system.[/*]
  • Please be patient as this can take a while to complete depending on your system's specifications.[/*]
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.[/*]
  • Post the contents of JRT.txt into your next message.[/*]
My System SpecsSystem Spec
17 Nov 2013   #16
architech

Windows 7 64 Bit
 
 

Junkware Removal Tool run and file JRT.txt is attached.


Attached Files
File Type: txt JRT.txt (8.2 KB, 7 views)
My System SpecsSystem Spec
18 Nov 2013   #17
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Phew!!


Now go back to cottonball's instructions for sfcdetails.txt file and post it in your reply.
My System SpecsSystem Spec
18 Nov 2013   #18
architech

Windows 7 64 Bit
 
 

Command run again and file sfcdetails.txt is attached.


Attached Files
File Type: txt sfcdetails.txt (37.1 KB, 3 views)
My System SpecsSystem Spec
18 Nov 2013   #19
cottonball

Windows 7 Home Premium
 
 

Let's merge a missing Action Center key into the Registry:

Quote:
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Please open Notepad by pressing the Windows key and the R key at the same time.
In the Open area, type: notepad
Copy and paste all the text inside the code box below to Notepad:

Code:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""
In Notepad, go to File > Save As
Save the file to: Desktop
Save the file as: fixac.reg
Save type as needs set to: All files

On the Desktop, double-click: fixac.reg
Confirm the prompt to merge to your Registry.
Click: OK

Restart the computer.

On the Desktop, right-click fixac.reg, and select: Delete

Also empty the Recycle Bin.

Once again, press the Windows key and the R key at the same time.
In the Open area, type: services.msc
In the Services console, make sure Security Center is there, and:
Startup Type is set to: Automatic (Delayed Start)
Service Status is set to: Started

Do the same for the Windows Update service.

Run the Farbar Service Scanner once again, and post its results.
My System SpecsSystem Spec
19 Nov 2013   #20
architech

Windows 7 64 Bit
 
 

Still running slow when attempting to do any steps or scans (took over an hour to perform the above), but results of the Farbar Service Scanner are attached. Thanks again.


Attached Files
File Type: txt FSS.txt (2.1 KB, 2 views)
My System SpecsSystem Spec
Reply

 virus possibly related to svchost.exe




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD D1 possibly portcls.sys related
Seriously need help with BSOD. Started 13 Oct 2013 and happens at least once each day. Same errors every time. portcls.sys is mentioned every time. A new version of this was installed about that time when a Windows monthly update happened. I found an older version and installed it but BSOD...
BSOD Help and Support
Possibly CPU failure related BSODs
Hello everyone, A week ago I have had reinstalled the OS; since then I got random BSODs, around 4; one related to a failure with system update - I got it fixed. Then, one related with Ethernet drivers, I got it fixed too by installing original drivers from CDs instead of downloading them from the...
BSOD Help and Support
BSOD Possibly LoL Related; ntkrnlmp.exe
Hey All, My brother recently talked me into downloading League of Legends, and ever since then my computer has been giving me BSODs like crazy. The first few were only while the LoL download was running, then more came when the installer was going. I decided to give up on it, but he talked me...
BSOD Help and Support
Svchost.exe (netsvcs) and download related issue
hello everyone, i hope this is the right place to post this. it started about 2 weeks ago, i noticed that this process, Svchost.exe (netsvcs), is always downloading something, i tried alot of ideas that i read about online and non of them worked, i was using certain anti-virus when it happened....
Network & Sharing
Possibly driver-related BSoDs
Hi I'm new here and have a nasty BSoD problem going on. I've been searching for days for threads or info to help out but nothing's quite worked out. I've so far managed to narrow it down (I THINK) to a driver in my Atheros WLAN card. A recurring theme in my BSoDs seems to be athrx.sys so I've...
BSOD Help and Support
BSOD in Win7, possibly USB related
Note: I first posted this to superuser.com, but this seems like a better forum for it. Win7 Ultimate x64, full install. My new HP Pavilion Elite HPE-450t has been plagued by BSDO crashes since I got it about 6 weeks ago. The crashes are somewhat rare, sometimes not occurring for 3 or 4 days....
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App