Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple SCVhost

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Multiple SCVhost

Unread postby mantgar » December 8th, 2014, 4:00 pm

I did step 1, I have been trying to delete white smoke but I keep getting a prompt that I need to restart the PC I tried restarting many times and I always get the same prompt as soon as the pc comes back on. It says I need to restart to uninstall white smoke. I tried that many times but it would not uninstall it. :(
mantgar
Regular Member
 
Posts: 58
Joined: November 12th, 2014, 12:13 pm
Advertisement
Register to Remove

Re: Multiple SCVhost

Unread postby mantgar » December 8th, 2014, 4:10 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Mark at 2014-12-08 12:06:04 Run:1
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1592174307-3943232130-657400462-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha944\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta946\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1671\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5453\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2473\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1000\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8086\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release426\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1267\ff [Not Found]
Task: {301E4433-C40F-49F0-A992-8E9306515A66} - System32\Tasks\Test TimeTrigger => C:\Users\Mark\AppData\Local\Temp\Runner.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\ProgramData\Temp:A5C00DEE
C:\Users\Mark\jagex_cl_oldschool_LIVE.dat
C:\Users\Mark\random.dat
EmptyTemp:

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1592174307-3943232130-657400462-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff not found.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha944\ff not found.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta946\ff not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff not found.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1671\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5453\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2473\ff not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1000\ff not found.
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8086\ff not found.
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release426\ff not found.
C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1267\ff not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{301E4433-C40F-49F0-A992-8E9306515A66}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301E4433-C40F-49F0-A992-8E9306515A66}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
C:\ProgramData\Temp => ":58A5270D" ADS removed successfully.
C:\ProgramData\Temp => ":A5C00DEE" ADS removed successfully.
C:\Users\Mark\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Mark\random.dat => Moved successfully.
EmptyTemp: => Removed 513.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
mantgar
Regular Member
 
Posts: 58
Joined: November 12th, 2014, 12:13 pm

Re: Multiple SCVhost

Unread postby wannabeageek » December 8th, 2014, 4:37 pm

Don't worry about removing white smoke. We can do it manually. Go ahead with the scan for systemlook.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Multiple SCVhost

Unread postby mantgar » December 8th, 2014, 6:26 pm

Okie dokie than about the whitesmoke i have now been running systemlook for quite a awhile now i would say about two hours now and it is still scanning and im curious about this. Is there something wrong should i be worried D: Yup it is still saying scanning...
mantgar
Regular Member
 
Posts: 58
Joined: November 12th, 2014, 12:13 pm

Re: Multiple SCVhost

Unread postby wannabeageek » December 9th, 2014, 10:55 am

Hi mantgar,

Download both programs first.
Run Rkill, DO NOT REBOOT. and then immediately run TDSSKiller.


Step 1.
Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two, or Three

  • Right-click on Rkill And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.



Step 2.
TDSSKiller

Please goto Bleepingcomputer TDSSKiller Download.
Click on the .exe version download button.
  • Move this file to your desktop from the folder that your browser saved it in. Most likely here: C:\Users\???????\Downloads
  • Once on your desktop, double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Multiple SCVhost

Unread postby wannabeageek » December 11th, 2014, 9:23 am

Hi mantgar.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Multiple SCVhost

Unread postby NonSuch » December 12th, 2014, 6:03 pm

Due to a failure to respond for 72 hours or more, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware