C/Windows?system32/svchost.exe keeps popping up in avast alerts.

[REDACTED]

C/Windows?system32/svchost.exe keeps popping up in avast alerts, and I do not know what to do, ive run avast scans and it says there are no threats.
"avast webshield has blocked a harmful webpage or file
objectanythicago---
and various others. 20 alerts at once each time
process C:/Windows/System32/svchost.exe
I have no Idea what to do about this.

[REDACTED]

Hello


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[REDACTED]

OK,  believe they should be attached

[REDACTED]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jenova on Sun 06/07/2015 at  2:56:29.23.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jenova\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/7/2015 2:57:01 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\LinkProc deleted successfully
C:\Users\Jenova\AppData\Local\Adobe deleted successfully
C:\Users\Jenova\AppData\Local\CrashDumps deleted successfully
C:\Users\Jenova\AppData\Local\PackageStaging deleted successfully
C:\Users\Jenova\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3341362822-3246827577-644040578-1002\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\5jqs6nn1.default-1428099403480

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.startup.homepage", "http://websearch.freesearches.info/?pid=24379&r=2015/05/20&hid=6697980273905810787&lg=EN&cc=US");
---- FireFox user.js and prefs.js backups ----

prefs_20150607_0305_.backup

ProfilePath: C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\fz5ntekz.default

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.freesearches.info/?pid=24379&r=2015/05/20&hid=6697980273905810787&lg=EN&cc=US&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false},\"websearch.freesearches.inf
user_pref("keyword.URL", "http://websearch.freesearches.info/?pid=24379&r=2015/05/20&hid=6697980273905810787&lg=EN&cc=US&l=1&q=");
---- Lines extensions.GnAMb8LApFviRGuN removed from prefs.js ----
user_pref("extensions.GnAMb8LApFviRGuN.epoch", "1432196815");
user_pref("extensions.GnAMb8LApFviRGuN.url", "http://canadafirstforeverygroup.net/sync2/?q=hfZ9ofV9CShEAen0rTnHqHUMg708BNmGWj8lkGhGheDUojw8rdkGrda5rTg
---- Lines extensions.XYSqmlDyXIdKPTAs removed from prefs.js ----
user_pref("extensions.XYSqmlDyXIdKPTAs.epoch", "1432196815");
user_pref("extensions.XYSqmlDyXIdKPTAs.url", "http://group2getmy.info/sync2/?q=hfZ9ofbJBNrMCyVUojs9rHC4tMqLDe49CNU0llrMCMlNhd9Fqja8rTaEpds8qdwMBzqUojw
---- Lines extensions.sBSZTh3s1DW4k9fK removed from prefs.js ----
user_pref("extensions.sBSZTh3s1DW4k9fK.epoch", "1432196964");
user_pref("extensions.sBSZTh3s1DW4k9fK.url", "http://goldzillionset.info/sync2/?q=hfZ9ofbJBNrMCyVUojs9rHC4tMqLDe49CNU0llrMCMlNhd9Fqja8rTaEpds5qdkMBzqU
---- FireFox user.js and prefs.js backups ----

prefs_20150607_0305_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\LinkProc not found
C:\PROGRA~2\bestadblocker deleted
C:\PROGRA~2\PriceMinus deleted
C:\PROGRA~2\PriceMinUUs deleted
C:\PROGRA~2\Palette for Chrome deleted
C:\PROGRA~2\PrIceMinnuSa deleted
C:\PROGRA~3\ijbnobebdgdkionbcigmgejlmdeemoll deleted
C:\PROGRA~3\jfghkjlchdkphoheflcamamaofnjbhme deleted
C:\PROGRA~3\{31ddb88d-fe13-d810-31dd-db88dfe1e237} deleted
C:\PROGRA~3\2178603958927616232 deleted
C:\install.exe deleted
C:\Users\Jenova\AppData\Roaming\BitLord deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jenova\AppData\Local\BitLord deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Jenova\Downloads\avast_free_antivirus_setup_online_cnet.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Jenova\Documents\BitLord deleted
C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\5jqs6nn1.default-1428099403480\extensions\staged deleted
C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\fz5ntekz.default\searchplugins\WebSearch.xml deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\fz5ntekz.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/20/2015 03:35 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\fz5ntekz.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jenova\AppData\Roaming\Mozilla\Firefox\Profiles\fz5ntekz.default
2E661988463BCFA1B95D4DAAB9B0B6FA   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll -   Shockwave Flash
725C6AB29E52A2724042D43BFB42D638   - C:\Users\Jenova\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -   Unity Player


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[05/20/2015 03:35 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/20/2015 03:35 AM]

AdBlock - Jenova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Jenova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Jenova\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\Jenova\AppData\Local\Google\Chrome\User Data\Default\Preferences
rtup_urls":"A172AA15702846BD679E05F4C1A8372C6A5963578CFB688EDD290C2A0A521764"},"software_reporter":{"prompt_reason":"42A20F38467F66D19EFB6E8326D0945D5418B6EB53F446EB4D124824EFD97A68","prompt_seed":"9BBD97F427F5060BA1D9A636B7190AF866B38233EFD018F6EA232117DB18B1EE","prompt_version":"BC9DCF64D0B01A7C2994D61C696D3DBACD4A2F23969E512643D179CE0D965024"},"sync":{"remaining_rollback_tries":"67EC5C83BDD97207711A369266B03C38E09CC861960B5860842C66F00796D67D"}},"super_mac":"C1410D4B003DC4FB49649E299384063ED51F20DF056EB8F01C91540D9B6CA0F2"},"session":{"restore_on_startup":5,"startup_urls":["http://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MF65E10EA-83CB-46F5-B6E9-4B5999CBBACC&SearchSource=55&CUI=&UM=6&UP=SPE8F5DEAB-C494-4CD3-AF10-70573CF1B8CA&SSPV="]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google  Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jenova\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jenova\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jenova\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Jenova\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jenova\AppData\Local\Mozilla\Firefox\Profiles\fz5ntekz.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jenova\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=112 folders=77 42156455 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jenova\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jenova\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 06/07/2015 at  3:14:53.08 ======================

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

here we go

[REDACTED]

Is everything ok now?

[REDACTED]

so far nothing bad has happened, I believe it is solved, thank you for your assistance, I was uncertain that anyone would help. i appreciate it greatly.

[REDACTED]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
  
• Make sure that these ones are checked:
• Remove disinfection tools
• Purge system restore
• Reset system settings
• Push Run and wait until the tool completes his work.
  
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
  

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

[REDACTED]

thankyou once again!!

[REDACTED]

I am also having the same problem. I've attached the FRST files.

[Rednose]

Hi Lester Gillett, welcome to the forum

Can you please start your own topic ? Thank you !

Greetz, Red.

[TwinHeadedEagle]

Topic for Lester

https://forum.avast.com/index.php?topic=172144.0