virus possibly related to svchost.exe

Page 1 of 5 123 ... LastLast

  1. architech
    Posts : 29
    Windows 7 64 Bit
       New #1

    virus possibly related to svchost.exe


    My computer has been running significantly slow of late, barely responding if I try to open an app, even if no program windows are open. There are multiple instances of svchost.exe running in the task manager, using over 50% of the memory, and again, nothing is running in the foreground. It is an HP desktop running Windows 7, 64-bit home edition. I have run numerous scans with Norton 360, Norton Power Eraser, Malwarebytes, TDSKiller, and AdAware, but no luck finding anything out of the ordinary. If I boot in safe mode it at least responds so I can download updates and run current versions of those scans, but in normal mode it is barely functioning. I have tried system restore to bring it back to a few weeks ago, but that hasn't corrected anything either. Any suggestions?
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    Download DDS from one of these links:
    Mirror 1 Mirror 2 Mirror 3
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.

    Include the contents of both logs in your next reply.
    The scan will instruct you to post Attach.txt as an attachment.
      My Computer
    Quote Quote

  4. architech
    Posts : 29
    Windows 7 64 Bit
    Thread Starter
       New #3

    The text of both logs was too long to include as text, so they are both attached. Thanks for your assistance so far.
    virus possibly related to svchost.exe Attached Files
      My Computer
    Quote Quote

  6. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #4

    architech,

    AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
    There are 2 Antivirus programs installed:
    Ad-Aware Antivirus
    Norton 360 Premier Edition

    Please uninstall the Ad-Aware Antivirus, since it is Disabled/Outdated.


    Next, please use the Farbar Recovery Scan Tool
    Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
    Select the version that applies to your system.
    Save it to your Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to the disclaimer.

    Press the Scan button.

    The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.



    Next, download the Farbar Service Scanner

    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.
      My Computer
    Quote Quote

  7. architech
    Posts : 29
    Windows 7 64 Bit
    Thread Starter
       New #5

    Resulting txt files have been attached. I didn't have time to run a system restart after uninstalling Ad-Aware but it was completed. Thanks again.
    virus possibly related to svchost.exe Attached Files
      My Computer
    Quote Quote

  8. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #6

    Thanks for the reports.

    Please do the following:

    Open notepad (Start > All Programs > Accessories > Notepad)
    Copy the entire contents of the code box below (Do not copy the word 'code');
    Save it on the flash drive that has FRST64 and name it: fixlist.txt

    Code:
    start
HKLM\...\Run: [] - [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] 
HKLM-x32\...\Run: [] - [x]
HKU\Mcx1-HPE-140F\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) 
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
C:\$Recycle.Bin\S-1-5-21-1898693249-1059400390-102638630-1001\$3ff35caf2c36efa87d6fe421013a1c80
C:\$Recycle.Bin\S-1-5-18\$3ff35caf2c36efa87d6fe421013a1c80
C:\Users\Steve\AppData\Local\Temp\646514c8-e307-4540-af3c-2d501168128e.exe
C:\Users\Steve\AppData\Local\Temp\a6ce7c0b-87d1-4391-ae68-ffa072b0bd36.exe
C:\Users\Steve\AppData\Local\Temp\dba18370-d393-480c-b458-9473cd9d4add.exe
C:\Users\Steve\AppData\Local\Temp\NVI2_29.DLL
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
end
    NOTICE: This script is written specifically for this computer.
    Running this on another computer may cause damage to the Operating System.

    Run FRST, and press the Fix button, just once, and wait.
    The tool creates a report on the Desktop called: Fixlog.txt

    Please post the Fixlog.txt in your reply.

    There is also some work to be done in the services area, however, we'll tackle those after FRST is done.

    Signing out for tonight though!!
      My Computer
    Quote Quote

  10. architech
    Posts : 29
    Windows 7 64 Bit
    Thread Starter
       New #7

    Fixlog.txt is attached. Depending on your response, this might be my last post for a few days. I am headed out of town this afternoon on business until Friday evening. I know you usually want a 48 hour response or the thread is closed, but just giving a heads up. Thanks again.
    virus possibly related to svchost.exe Attached Files
      My Computer
    Quote Quote

  11. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #8

    No problem on waiting until Friday. Will not close the thread.


    Let's see if the following tool can take care of the issues with the Services showing in the FSS report. If not, we will need to go at it manually.

    Since the following steps involve editing the Registry, please create new restore point before proceeding.
    System Restore Point - Create
    Select: Option Two

    Now, please download the ESET ServiceRepair tool:
    http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
    (Direct link only available)
    Save to the Desktop.
    Double-click to run the downloaded file.

    When the program runs, a prompt appears asking if you want to proceed.
    Click: Yes
    When the Services routine is Completed, you are asked to Reboot.
    Click Yes to allow the reboot.

    The tool creates a folder named CC Support on the Desktop.
    Please provide the CC Support\Logs\SvcRepair.txt in your reply.


    Next, please run the Farbar Service Scanner once again, and provide the FSS.txt in your reply.
      My Computer
    Quote Quote

  12. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #9

    Will be out for a while shortly, so, no need to rush. Take your time.
      My Computer
    Quote Quote

  13. architech
    Posts : 29
    Windows 7 64 Bit
    Thread Starter
       New #10

    All right, I am back in town and started up with what you posted. The desktop has been on about 55 minutes, but I can't create a system restore point. I have gotten the following on screen twice now after two attempts.
    -----------------
    The restore point could not be created for the following reason:

    The creation of a shadow copy has timed out. Try this operation again. (0x81000101)

    Please try again.
    ---------------------

    As I said before, the machine is running at a crawl. I have been running the apps you have posted previously through a usb drive, but I am now waiting on a third attempt to create a restore point before I continue onward. Any suggestions if it times out again? Just take a chance without it?

    Again, I apologize for the delay.
      My Computer
    Quote Quote

 
Page 1 of 5 123 ... LastLast

  Related Discussions
BSOD D1 possibly portcls.sys related
in BSOD Help and Support

Seriously need help with BSOD. Started 13 Oct 2013 and happens at least once each day. Same errors every time. portcls.sys is mentioned every time. A new version of this was installed about that time when a Windows monthly update happened. I found an older version and installed it but BSOD...
BSOD - possibly related to dota 2
in BSOD Help and Support

Sorry about the vagueness of the title, dota 2 had been open in at least 2 of the last 3 incidences (all happened within two days). Thank you for taking the time to read this.
Right. This is my second attempt at typing this as my computer had just BOSD'd on me again. I'm trying to isolate this issue but i'm not having much luck. The image i have included shows the program BlueScreenView and as you can see, there are three files that are highlighted in red....
BSOD in Win7, possibly USB related
in BSOD Help and Support

Note: I first posted this to superuser.com, but this seems like a better forum for it. Win7 Ultimate x64, full install. My new HP Pavilion Elite HPE-450t has been plagued by BSDO crashes since I got it about 6 weeks ago. The crashes are somewhat rare, sometimes not occurring for 3 or 4 days....
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 00:48.
Find Us