Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: possible virus using windows 7? svcchost.exe or devmonsrv.exe?


06 Mar 2014   #1

 
 
possible virus using windows 7? svcchost.exe or devmonsrv.exe?

Hi,
I have a samsung series 7 gamer with this setup.
Intel core_i7 Processor 2.3GHz
16 GB RAM
1.5TB Hard Drive
17.3-Inch Screen, NVIDIA GeForce GTX 675M
Windows 7 Home Premium (64-bit)
1.5TB 7200 rpm Hard Drive
16 GB SO-DIMM RAM
17.3-Inch Screen; NVIDIA GeForce GTX 675M Graphics
Intel Core i7 Processor 3610QM 2.3GHz

In the last couple of days my computer has randomly been freezing when I'm playing poker and related programs When I went to task manager it shows svchost.exe using 348k memory. This causes CPU usage to fluctuate between 15-60% usage and physical memory 30-40%. These are the services it's running Wlansvc(WLAN Autoconfig), UxSms(desktop window session manager), TrkWks(distributed link tracking client), SysMain(superfetch), PcaSvc(program compatibility assistant service), Netman(network connections), IPBusEnum(Pnp_X IP Bus Enumerator), Audio EndpointBuilder(Windows Audio Endpoint Builder)

I know recently there were windows updates and the only program I could find installed in the last few days under downloads was Nvidia. Nvidia does not seem to be hogging much Ram though.

When I look under Resource Monitor, devmonsrv.exe (bluetooth device monitor) is hogging a ton of the CPU processes and services. It averages 12 while the next program averages 2-5.

I have Comodo firewall and Avira Free anti-virus. I ran scans using both of these as well as a full malwarebytes scan and detected 0 viruses.

I googled this problem and must have read through 9-10 threads but noone seems to have a permanent solution (that I can find at least). Help is very much appreciated. Thanks in advance!

edit: devmonsrv.exe looks like the culprit. I ended the process and it drastically reduced cpu usage. Still not sure if it could be a virus. Probably unlikely if none of the virus scans picked it up right?

My System SpecsSystem Spec
.

07 Mar 2014   #2

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Hello and welcome Benk mate run these too.


http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

http://www.sevenforums.com/tutorials/433-disk-check.html


http://www.superantispyware.com/


http://www.bleepingcomputer.com/download/adwcleaner/

ADW download from bleepingcomputer delete any rubbish found with themalware scans

Be aware that ADW has addons be wary

If these do not do much try the Emsisoft Emergency Kit scanner
https://www.emsisoft.com/en/software/eek/ just run the first scanner.

If worst comes to the worst then we might need to use this
http://www.thewindowsclub.com/bootable-antivirus-rescue-cd-windows-free-download > the Kaspersky one.


My System SpecsSystem Spec
07 Mar 2014   #3

 
 

Thanks! I did the disk check. How can I do the scannow if I don't have my windows 7 disc on hand?

edit: Just wanted to add it looks like the disc check helped some. The CPU usage is lower and physical memory is down from 30% to 21%.

And it looks like the anti-spyware found 2 trojans that malwareybytes missed
After I removed the trojans, stuff is starting to freeze for 10-20 seconds every once in a while whether I'm running a lot of programs or not. However running a lot of stuff seems to make it happen more often.
My System SpecsSystem Spec
.


07 Mar 2014   #4

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Mate I would run those other two options now and we shall go from there.
My System SpecsSystem Spec
07 Mar 2014   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

AdwCleaner should not have any "ad-ons" it's a clean download and scan.


Can you post the .txt log from SuperAntiSpyware? I'd like to see what 'Trojans' it found. It might still be in the 'quarantine' file?
My System SpecsSystem Spec
07 Mar 2014   #6

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
AdwCleaner should not have any "ad-ons" it's a clean download and scan.


Can you post the .txt log from SuperAntiSpyware? I'd like to see what 'Trojans' it found. It might still be in the 'quarantine' file?
Hum Jacee I have had a few downloads where there have been ads for stuff but today i di one on my tester and they were gone perhaps they have removed them??

I'll remove that comment.
My System SpecsSystem Spec
08 Mar 2014   #7

 
 

I ran everything except for the command system file checker (because I don't have a windows 7 cd) and the windowsclub.com link.

The scanners identified a few programs as trojans that were not in fact trojans. I obviously did not recognize the file that Superantispyware identified as a trojan.

will post .txt log shortly
My System SpecsSystem Spec
08 Mar 2014   #8

 
 

I ran 2 scans on superantispyware
proppokertools is not a trojan

SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/07/2014 at 06:07 PM

Application Version : 5.7.1018

Core Rules Database Version : 11090
Trace Rules Database Version: 8902

Scan type : Complete Scan
Total Scan Time : 01:08:39

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 76112
Registry threats detected : 0
File items scanned : 104128
File threats detected : 130

Adware.Tracking Cookie
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\8DRXU8KA.txt [ /atdmt.com ]
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\KBL60HU3.txt [ /ads.yahoo.com ]
.imrworldwide.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.cardschat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediacru.sh [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.skrill.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trackalyzer.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atlanticmedia.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.blogger.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.survey.g.doubleclick.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bwin.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmstat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cnzz.mmstat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rtst.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
PokerTracker [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.carrierzone.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
BurstMedia [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
BurstMedia [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.co.th [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\BIGBEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Qhost
C:\PROGRAM FILES (X86)\PPTODDSORACLE\UNINSTALL.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PROPOKERTOOLS ODDS ORACLE\PROPOKERTOOLS ODDS ORACLE UNINSTALLER.LNK
My System SpecsSystem Spec
08 Mar 2014   #9

 
 

I have no clue what this other trojan is.

SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/07/2014 at 03:10 PM

Application Version : 5.7.1018

Core Rules Database Version : 11090
Trace Rules Database Version: 8902

Scan type : Quick Scan
Total Scan Time : 00:06:11

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 64102
Registry threats detected : 1
File items scanned : 23245
File threats detected : 102

Adware.PTech
(x86) HKU\S-1-5-21-4017607708-2851936205-3148765964-1000\Software\PTech

Adware.Tracking Cookie
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\369F75KR.txt [ /doubleclick.net ]
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\0WRHMQY1.txt [ /interclick.com ]
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\8DRXU8KA.txt [ /atdmt.com ]
statse.webtrendslive.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Cookies\KBL60HU3.txt [ /ads.yahoo.com ]
account.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.wptaccount.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.account.boylesports.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
PokerTracker [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.pokertracker.com [ C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZL37VSN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.cardschat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediacru.sh [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.skrill.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trackalyzer.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atlanticmedia.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.blogger.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.survey.g.doubleclick.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nj.partypoker.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bwin.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmstat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cnzz.mmstat.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videos.mediaite.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videos.mediaite.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
videos.mediaite.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsquestdigitalmedia.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rtst.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitetrader.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.wileypublishing.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warnerbros.112.2o7.net [ C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Graftor
C:\USERS\BEN\APPDATA\LOCAL\TEMP\SET134B.TMP
C:\USERS\BEN\APPDATA\LOCAL\TEMP\SET90B3.TMP
My System SpecsSystem Spec
08 Mar 2014   #10

 
 

Thanks a lot guys. I work on this computer so it hurts me a lot to have it not functioning properly. If you help me solve this I'll gladly donate a little $ via BOA, Skrill, or paypal. Whichever you prefer.

My vpn doesn't work now. A little worried that I accidentally deleted something vital to that when I deleted this. Trojan.Agent/Gen-Graftor
C:\USERS\BEN\APPDATA\LOCAL\TEMP\SET134B.TMP
C:\USERS\BEN\APPDATA\LOCAL\TEMP\SET90B3.TMP
My System SpecsSystem Spec
Reply

 possible virus using windows 7? svcchost.exe or devmonsrv.exe?




Thread Tools



Similar help and support threads for2: possible virus using windows 7? svcchost.exe or devmonsrv.exe?
Thread Forum
Solved how to fix / clean windows from ramnit virus and virut virus? System Security
I have a virus and unable to run/download anti-virus software System Security
Want ideas for Virus removal if virus shows up in safemode CMD System Security
Solved RPC Virus message in Action Center, though the virus seems to be gone? System Security
Partition Virus/Non-system Drive Virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:17 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33