Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Can't get rid of svchost.exe virus

18 Dec 2013   #11
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Jacee View Post
"Total Files Cleaned = 6,782.00 mb" <--- wow that's a lot of 'garbage' cleaned out of your temporary files!

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.




Log File :

Quote:
# AdwCleaner v3.015 - Report created 18/12/2013 at 15:54:46
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Victor - VICTOR-PC
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Folder Found C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (he)

[ File : C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\72dm27ti.default\prefs.js ]

Line Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [64625 octets] - [16/12/2013 19:48:29]
AdwCleaner[R1].txt - [1261 octets] - [18/12/2013 15:54:46]
AdwCleaner[S0].txt - [64505 octets] - [16/12/2013 19:49:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1382 octets] ##########
I didn't click the clean button yet, I don't understand why it found my preferences as something bad, and I don't know what is that weird extension it found


My System SpecsSystem Spec
.
18 Dec 2013   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Do you have a program called "Cloudfogger"?

Please run AdwCleaner and click "Clean". Copy and paste the .txt log.

Next,




Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
18 Dec 2013   #13
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Jacee View Post
Do you have a program called "Cloudfogger"?

Please run AdwCleaner and click "Clean". Copy and paste the .txt log.

Next,




Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.



No, I don't have a program called Cloudfogger


Log file from AdwCleaner :

Quote:
# AdwCleaner v3.015 - Report created 18/12/2013 at 22:28:34
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Victor - VICTOR-PC
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (he)

[ File : C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\72dm27ti.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [64625 octets] - [16/12/2013 19:48:29]
AdwCleaner[R1].txt - [1462 octets] - [18/12/2013 15:54:46]
AdwCleaner[S0].txt - [64505 octets] - [16/12/2013 19:49:29]
AdwCleaner[S1].txt - [1393 octets] - [18/12/2013 22:28:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1453 octets] ##########

DDS Log file :

Quote:
# AdwCleaner v3.015 - Report created 18/12/2013 at 22:28:34
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Victor - VICTOR-PC
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (he)

[ File : C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\72dm27ti.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [64625 octets] - [16/12/2013 19:48:29]
AdwCleaner[R1].txt - [1462 octets] - [18/12/2013 15:54:46]
AdwCleaner[S0].txt - [64505 octets] - [16/12/2013 19:49:29]
AdwCleaner[S1].txt - [1393 octets] - [18/12/2013 22:28:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1453 octets] ##########
DDS Attachment :


Attached Files
File Type: zip attach.zip (4.6 KB, 1 views)
My System SpecsSystem Spec
.

18 Dec 2013   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The DDS Log file you posted, is the AdwCleaner log.
copy and paste the DDS.txt log that you saved on your desktop.

Also,
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
My System SpecsSystem Spec
20 Dec 2013   #15
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Jacee View Post
The DDS Log file you posted, is the AdwCleaner log.
copy and paste the DDS.txt log that you saved on your desktop.

Also,
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.




Ok, I attached the DDS Log File because both logs are too long for one message



CKScanner Log File :


Quote:
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\autopico.exe
c:\program files\kmspico\autopico.log
c:\program files\kmspico\check_activation_all.cmd
c:\program files\kmspico\install_service.cmd
c:\program files\kmspico\install_task.cmd
c:\program files\kmspico\kmseldi.exe
c:\program files\kmspico\kmspico.log
c:\program files\kmspico\kmswrapper32.dll
c:\program files\kmspico\kmswrapper64.dll
c:\program files\kmspico\log.cmd
c:\program files\kmspico\service_kms.exe
c:\program files\kmspico\service_kms.log
c:\program files\kmspico\silent.cmd
c:\program files\kmspico\triggerkms.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninstall_service.cmd
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.x rm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.x rm-ms
c:\program files\kmspico\cert\kmscert2013\project\project.reg
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.x rm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.x rm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\visio.reg
c:\program files\kmspico\cert\office2010vl\office14reginfo.reg
c:\program files\kmspico\cert\office2010vl\tokens.dat
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\tokens.dat
c:\program files\kmspico\tokensbackup\cache\cache.dat
c:\program files\plex\plex media server\resources\plug-ins\siteconfigurations.bundle\contents\resources\crackle.xml
c:\users\victor\desktop\programs\kms\kmspico.exe
c:\users\victor\desktop\programs\kms\microsoft toolkit.exe
c:\users\victor\downloads\kmspico 6.1.rar
c:\windows\autokms\autokms.exe
c:\windows\prefetch\autokms.exe-7cc2d49e.pf
scanner sequence 3.ZZ.11.GOAPNZ
----- EOF -----


Attached Files
File Type: txt dds.txt (27.1 KB, 2 views)
My System SpecsSystem Spec
20 Dec 2013   #16
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Another useful one to use.
My System SpecsSystem Spec
20 Dec 2013   #17
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please remove all the programs (that are cracks/keygens) that you downloaded.

You are infected with Trojan Artemis.

Let me know when you've done this, so that we can continue to clean up this infection.
My System SpecsSystem Spec
Reply

 Can't get rid of svchost.exe virus




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
File Name.exe and svchost.exe virus?
Hello. My friend borrowed my laptop earlier this morning and he returned it to me after 3 hours. Upon checking my laptop status, I saw to new processes: File name.exe and svchost.exe. I end it's processes and check the msconfig. I saw two new checked start-up entry: svchost.exe and Windows...
System Security
svchost.exe virus respawning
The file C:\windows\svchost.exe keeps respawing.. Malwarebytes says it is a virus, and removes it, but if I reboot (or just sit there for a few minutes) it respawns and is back..! How can I delete it for good? or find the process that creates it so I can stop it?
BSOD Help and Support
svchost.exe virus
I have looked for numerous solutions to my problem but to no avail. My antivirus software had given me many warning of malicious URLs relating to the svchost.exe. I did not have any issues outside of those warning until the other day when I came back to my computer and got a blue screen. I have...
System Security
Virus in Svchost
For a while now I have been having an issue with svchost.exe. I am running Malwarebytes Anti-Malware with the local protection. When I have the protection enabled it tells me that svchost.exe is trying to connect to an unsafe IP and it blocks it, however when MBAM blocks it, it blocks my internet...
System Security
svchost.exe virus?
Hello all! It seems that from a day to another, my computer ( including internet ) started to have massive lags.Everytime I turn my router off so I can play S4League ( there's a topic I made to try to fix it but I couldnt do it so everytime I wanna play I gotta unplug my router) A friend of mine...
Performance & Maintenance
svchost virus
From what I can understand the only svchost.exe should be found in the system32 folder. However, I completed a search and I've discovered it's in a lot more folders than system32. I need to get rid of these files as I believe they are the cause of my recent problems and annoyances. How do I go...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:17.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App