Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: virus possibly related to svchost.exe

10 Nov 2013   #1
architech

Windows 7 64 Bit
 
 
virus possibly related to svchost.exe

My computer has been running significantly slow of late, barely responding if I try to open an app, even if no program windows are open. There are multiple instances of svchost.exe running in the task manager, using over 50% of the memory, and again, nothing is running in the foreground. It is an HP desktop running Windows 7, 64-bit home edition. I have run numerous scans with Norton 360, Norton Power Eraser, Malwarebytes, TDSKiller, and AdAware, but no luck finding anything out of the ordinary. If I boot in safe mode it at least responds so I can download updates and run current versions of those scans, but in normal mode it is barely functioning. I have tried system restore to bring it back to a few weeks ago, but that hasn't corrected anything either. Any suggestions?


My System SpecsSystem Spec
.

10 Nov 2013   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
Include the contents of both logs in your next reply.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
10 Nov 2013   #3
architech

Windows 7 64 Bit
 
 

The text of both logs was too long to include as text, so they are both attached. Thanks for your assistance so far.


Attached Files
File Type: txt attach.txt (43.2 KB, 5 views)
File Type: txt dds.txt (23.4 KB, 10 views)
My System SpecsSystem Spec
.


10 Nov 2013   #4
cottonball

Windows 7 Home Premium
 
 

architech,

Quote:
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
There are 2 Antivirus programs installed:
Ad-Aware Antivirus
Norton 360 Premier Edition

Please uninstall the Ad-Aware Antivirus, since it is Disabled/Outdated.


Next, please use the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.



Next, download the Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Nov 2013   #5
architech

Windows 7 64 Bit
 
 

Resulting txt files have been attached. I didn't have time to run a system restart after uninstalling Ad-Aware but it was completed. Thanks again.


Attached Files
File Type: txt FSS.txt (2.6 KB, 6 views)
File Type: txt Addition.txt (39.3 KB, 4 views)
File Type: txt FRST.txt (51.3 KB, 7 views)
My System SpecsSystem Spec
11 Nov 2013   #6
cottonball

Windows 7 Home Premium
 
 

Thanks for the reports.

Please do the following:

Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code');
Save it on the flash drive that has FRST64 and name it: fixlist.txt

Code:
start
HKLM\...\Run: [] - [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] 
HKLM-x32\...\Run: [] - [x]
HKU\Mcx1-HPE-140F\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) 
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
C:\$Recycle.Bin\S-1-5-21-1898693249-1059400390-102638630-1001\$3ff35caf2c36efa87d6fe421013a1c80
C:\$Recycle.Bin\S-1-5-18\$3ff35caf2c36efa87d6fe421013a1c80
C:\Users\Steve\AppData\Local\Temp\646514c8-e307-4540-af3c-2d501168128e.exe
C:\Users\Steve\AppData\Local\Temp\a6ce7c0b-87d1-4391-ae68-ffa072b0bd36.exe
C:\Users\Steve\AppData\Local\Temp\dba18370-d393-480c-b458-9473cd9d4add.exe
C:\Users\Steve\AppData\Local\Temp\NVI2_29.DLL
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
end
NOTICE: This script is written specifically for this computer.
Running this on another computer may cause damage to the Operating System.

Run FRST, and press the Fix button, just once, and wait.
The tool creates a report on the Desktop called: Fixlog.txt

Please post the Fixlog.txt in your reply.

There is also some work to be done in the services area, however, we'll tackle those after FRST is done.

Signing out for tonight though!!
My System SpecsSystem Spec
11 Nov 2013   #7
architech

Windows 7 64 Bit
 
 

Fixlog.txt is attached. Depending on your response, this might be my last post for a few days. I am headed out of town this afternoon on business until Friday evening. I know you usually want a 48 hour response or the thread is closed, but just giving a heads up. Thanks again.


Attached Files
File Type: txt Fixlog.txt (3.6 KB, 6 views)
My System SpecsSystem Spec
11 Nov 2013   #8
cottonball

Windows 7 Home Premium
 
 

No problem on waiting until Friday. Will not close the thread.


Let's see if the following tool can take care of the issues with the Services showing in the FSS report. If not, we will need to go at it manually.

Since the following steps involve editing the Registry, please create new restore point before proceeding.
System Restore Point - Create
Select: Option Two

Now, please download the ESET ServiceRepair tool:
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
(Direct link only available)
Save to the Desktop.
Double-click to run the downloaded file.

When the program runs, a prompt appears asking if you want to proceed.
Click: Yes
When the Services routine is Completed, you are asked to Reboot.
Click Yes to allow the reboot.

The tool creates a folder named CC Support on the Desktop.
Please provide the CC Support\Logs\SvcRepair.txt in your reply.


Next, please run the Farbar Service Scanner once again, and provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Nov 2013   #9
cottonball

Windows 7 Home Premium
 
 

Will be out for a while shortly, so, no need to rush. Take your time.
My System SpecsSystem Spec
15 Nov 2013   #10
architech

Windows 7 64 Bit
 
 

All right, I am back in town and started up with what you posted. The desktop has been on about 55 minutes, but I can't create a system restore point. I have gotten the following on screen twice now after two attempts.
-----------------
The restore point could not be created for the following reason:

The creation of a shadow copy has timed out. Try this operation again. (0x81000101)

Please try again.
---------------------

As I said before, the machine is running at a crawl. I have been running the apps you have posted previously through a usb drive, but I am now waiting on a third attempt to create a restore point before I continue onward. Any suggestions if it times out again? Just take a chance without it?

Again, I apologize for the delay.
My System SpecsSystem Spec
Reply

 virus possibly related to svchost.exe




Thread Tools





Similar help and support threads
Thread Forum
BSOD D1 possibly portcls.sys related
Seriously need help with BSOD. Started 13 Oct 2013 and happens at least once each day. Same errors every time. portcls.sys is mentioned every time. A new version of this was installed about that time when a Windows monthly update happened. I found an older version and installed it but BSOD...
BSOD Help and Support
Possibly CPU failure related BSODs
Hello everyone, A week ago I have had reinstalled the OS; since then I got random BSODs, around 4; one related to a failure with system update - I got it fixed. Then, one related with Ethernet drivers, I got it fixed too by installing original drivers from CDs instead of downloading them from the...
BSOD Help and Support
BSOD Possibly LoL Related; ntkrnlmp.exe
Hey All, My brother recently talked me into downloading League of Legends, and ever since then my computer has been giving me BSODs like crazy. The first few were only while the LoL download was running, then more came when the installer was going. I decided to give up on it, but he talked me...
BSOD Help and Support
Svchost.exe (netsvcs) and download related issue
hello everyone, i hope this is the right place to post this. it started about 2 weeks ago, i noticed that this process, Svchost.exe (netsvcs), is always downloading something, i tried alot of ideas that i read about online and non of them worked, i was using certain anti-virus when it happened....
Network & Sharing
Possibly driver-related BSoDs
Hi I'm new here and have a nasty BSoD problem going on. I've been searching for days for threads or info to help out but nothing's quite worked out. I've so far managed to narrow it down (I THINK) to a driver in my Atheros WLAN card. A recurring theme in my BSoDs seems to be athrx.sys so I've...
BSOD Help and Support
BSOD in Win7, possibly USB related
Note: I first posted this to superuser.com, but this seems like a better forum for it. Win7 Ultimate x64, full install. My new HP Pavilion Elite HPE-450t has been plagued by BSDO crashes since I got it about 6 weeks ago. The crashes are somewhat rare, sometimes not occurring for 3 or 4 days....
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App