Windows 10 svchost virus

victor122,

The hosts file is OK.

Let's do the following:

Download Zemana AntiMalware:
Zemana AntiMalware Download
Save to the Desktop.

Double-click on the file Zemana.AntiMalware.Setup.exe to install.

When the program starts you are presented with a Setup screen, click: Next
Follow the prompts to install.

Once Zemana AntiMalware starts, click: Scan

When finished, it displays a list of all the malware found. Click on Next to remove any malicious files from your computer.

A reboot may be required to remove malware.

When done, click the Graph icon (far upper right), highlight the applicable log file, and click: Open Report

Please post the notepad text report for review.

victor122,

Please use the Farbar Recovery Scan Tool Download
Save FRST to your Desktop.

[Note: You need to run the version compatible with your system: 32 bit or 64 bit]


Double-click FRST to run it.
When the tool opens click Yes to the disclaimer.

Next, press the Scan button.


When done, the tool makes a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes another log: (Addition.txt).

Please provide the results of both reports in your reply. (Attach if you can, if not, then post.)

victor122,

Thanks for the reports.


Please try the following:

Press the Windows and R keys at the same time. This opens the Run box.
Type Notepad and click OK.
Next, please copy the entire contents inside the code box below to Notepad.

Code:

Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Windows Defender <======= ATTENTION
C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}
C:\Users\Admin\AppData\Roaming\tor.exe
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) 
Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) 
Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe

Reboot:
End

Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



Next, run FRST and click Fix only once, and wait.


The tool creates a log: (Fixlog.txt)

Please attach it to your reply.

FYI: QQ is a Chinese chat program - I've used it myself quite extensively.

@dalchina,


When there is an [X] at the end of a listed service, that indicates that FRST could not find the files associated with the particular Service or Driver and has listed the ImagePath as it is in the Registry.

@victor122,

Please note, post number 15 was modified.

victor122,

Please update, any progress?