Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: virus possibly related to svchost.exe

10 Nov 2013   #1

Windows 7 64 Bit
 
 
virus possibly related to svchost.exe

My computer has been running significantly slow of late, barely responding if I try to open an app, even if no program windows are open. There are multiple instances of svchost.exe running in the task manager, using over 50% of the memory, and again, nothing is running in the foreground. It is an HP desktop running Windows 7, 64-bit home edition. I have run numerous scans with Norton 360, Norton Power Eraser, Malwarebytes, TDSKiller, and AdAware, but no luck finding anything out of the ordinary. If I boot in safe mode it at least responds so I can download updates and run current versions of those scans, but in normal mode it is barely functioning. I have tried system restore to bring it back to a few weeks ago, but that hasn't corrected anything either. Any suggestions?

My System SpecsSystem Spec
.

10 Nov 2013   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
Include the contents of both logs in your next reply.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
10 Nov 2013   #3

Windows 7 64 Bit
 
 

The text of both logs was too long to include as text, so they are both attached. Thanks for your assistance so far.


Attached Files
File Type: txt attach.txt (43.2 KB, 4 views)
File Type: txt dds.txt (23.4 KB, 9 views)
My System SpecsSystem Spec
.


10 Nov 2013   #4

Windows 7 Home Premium
 
 

architech,

Quote:
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
There are 2 Antivirus programs installed:
Ad-Aware Antivirus
Norton 360 Premier Edition

Please uninstall the Ad-Aware Antivirus, since it is Disabled/Outdated.


Next, please use the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.



Next, download the Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Nov 2013   #5

Windows 7 64 Bit
 
 

Resulting txt files have been attached. I didn't have time to run a system restart after uninstalling Ad-Aware but it was completed. Thanks again.


Attached Files
File Type: txt FSS.txt (2.6 KB, 5 views)
File Type: txt Addition.txt (39.3 KB, 3 views)
File Type: txt FRST.txt (51.3 KB, 6 views)
My System SpecsSystem Spec
11 Nov 2013   #6

Windows 7 Home Premium
 
 

Thanks for the reports.

Please do the following:

Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code');
Save it on the flash drive that has FRST64 and name it: fixlist.txt

Code:
start
HKLM\...\Run: [] - [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] 
HKLM-x32\...\Run: [] - [x]
HKU\Mcx1-HPE-140F\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) 
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
C:\$Recycle.Bin\S-1-5-21-1898693249-1059400390-102638630-1001\$3ff35caf2c36efa87d6fe421013a1c80
C:\$Recycle.Bin\S-1-5-18\$3ff35caf2c36efa87d6fe421013a1c80
C:\Users\Steve\AppData\Local\Temp\646514c8-e307-4540-af3c-2d501168128e.exe
C:\Users\Steve\AppData\Local\Temp\a6ce7c0b-87d1-4391-ae68-ffa072b0bd36.exe
C:\Users\Steve\AppData\Local\Temp\dba18370-d393-480c-b458-9473cd9d4add.exe
C:\Users\Steve\AppData\Local\Temp\NVI2_29.DLL
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
end
NOTICE: This script is written specifically for this computer.
Running this on another computer may cause damage to the Operating System.

Run FRST, and press the Fix button, just once, and wait.
The tool creates a report on the Desktop called: Fixlog.txt

Please post the Fixlog.txt in your reply.

There is also some work to be done in the services area, however, we'll tackle those after FRST is done.

Signing out for tonight though!!
My System SpecsSystem Spec
11 Nov 2013   #7

Windows 7 64 Bit
 
 

Fixlog.txt is attached. Depending on your response, this might be my last post for a few days. I am headed out of town this afternoon on business until Friday evening. I know you usually want a 48 hour response or the thread is closed, but just giving a heads up. Thanks again.


Attached Files
File Type: txt Fixlog.txt (3.6 KB, 5 views)
My System SpecsSystem Spec
11 Nov 2013   #8

Windows 7 Home Premium
 
 

No problem on waiting until Friday. Will not close the thread.


Let's see if the following tool can take care of the issues with the Services showing in the FSS report. If not, we will need to go at it manually.

Since the following steps involve editing the Registry, please create new restore point before proceeding.
System Restore Point - Create
Select: Option Two

Now, please download the ESET ServiceRepair tool:
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
(Direct link only available)
Save to the Desktop.
Double-click to run the downloaded file.

When the program runs, a prompt appears asking if you want to proceed.
Click: Yes
When the Services routine is Completed, you are asked to Reboot.
Click Yes to allow the reboot.

The tool creates a folder named CC Support on the Desktop.
Please provide the CC Support\Logs\SvcRepair.txt in your reply.


Next, please run the Farbar Service Scanner once again, and provide the FSS.txt in your reply.
My System SpecsSystem Spec
11 Nov 2013   #9

Windows 7 Home Premium
 
 

Will be out for a while shortly, so, no need to rush. Take your time.
My System SpecsSystem Spec
15 Nov 2013   #10

Windows 7 64 Bit
 
 

All right, I am back in town and started up with what you posted. The desktop has been on about 55 minutes, but I can't create a system restore point. I have gotten the following on screen twice now after two attempts.
-----------------
The restore point could not be created for the following reason:

The creation of a shadow copy has timed out. Try this operation again. (0x81000101)

Please try again.
---------------------

As I said before, the machine is running at a crawl. I have been running the apps you have posted previously through a usb drive, but I am now waiting on a third attempt to create a restore point before I continue onward. Any suggestions if it times out again? Just take a chance without it?

Again, I apologize for the delay.
My System SpecsSystem Spec
Reply

 virus possibly related to svchost.exe




Thread Tools



Similar help and support threads for2: virus possibly related to svchost.exe
Thread Forum
BSOD - possibly related to dota 2 BSOD Help and Support
BSOD Possibly LoL Related; ntkrnlmp.exe BSOD Help and Support
Partition Issues - Possibly MBR related General Discussion
Svchost.exe (netsvcs) and download related issue Network & Sharing
BSOD in Win7, possibly USB related BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:50 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33