Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

31 dllhost.exe*32 COM SURROGATE processes running


  • Please log in to reply
29 replies to this topic

#1 mjb2066

mjb2066

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 April 2014 - 08:09 AM

Hi,
 
I have 31 dllhost.exe*32 COM SURROGATE processes running, which seem to be completely bogging my computer down.  Nothing I've done can get rid of them, kill them, or stop them.  I have run every tool I know how to use.  Is there anything I can do to remove these from my computer?  I will wait for instruction.  Thank you, in advance, for your help!

Edit: Moved topic from Windows 7 to the more appropriate forum. Deleted duplicate topic in Virus, Trojan, Spyware, and Malware Removal Logs forum due to lack of any logs included with topic.~ Animal

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 10 April 2014 - 11:25 AM

Please scan your computer with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

    • Double click on the esetsmartinstaller_enu.png icon on your desktop.


  • Check "YES, I accept the Terms of Use."

  • Click the Start button.

  • Accept any security warnings from your browser.

  • Under scan settings, check "Scan Archives" and "Remove found threats"

  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications

    • Scan for potentially unsafe applications

    • Enable Anti-Stealth technology


  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes, click List Threats

  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Click the Back button.

  • Click the Finish button.

 

 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Edited by dc3, 10 April 2014 - 11:27 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 11 April 2014 - 12:03 PM

Thank you for responding and for your help. It is greatly appreciated. I attempted to run ESET Online Scanner 3 times. Each time it completed the scan to 86% before getting stuck. Regardless, I have the threat list it generated below. Malwarebytes Anti-Malware is running now. Let me know what you make of this:

 

C:\$RECYCLE.BIN\S-1-5-21-418261387-2898494671-325862144-34710\$R2KWJJU.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 11 April 2014 - 12:13 PM

Try running the Eset scan in Safe Mode.  But finish the Malwarebytes scan first and post the log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 April 2014 - 10:12 AM

Neither ESET Online Scanner nor Malwarebytes Anti-Malware can complete a scan, even in Safe Mode.  They both seem to be getting hung-up in similar, but separate, places:.

 

ESET Online Scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\Temporary Internet Files

 

Malwarebytes Anti-Malware scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

 

 



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 12 April 2014 - 10:24 AM

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 April 2014 - 11:28 AM

http://speccy.piriform.com/results/Xbv5bvgD8BDHIedsV84ywir



#8 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 April 2014 - 11:35 AM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by matt.baun (administrator) on 12-04-2014 at 12:31:00
Running from "C:\Users\matt.baun\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/12/2014 00:16:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/12/2014 00:15:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/12/2014 00:10:32 PM) (Source: Application Hang) (User: )
Description: The program OptimizerPro.exe version 3.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 164c

Start Time: 01cf566999db88be

Termination Time: 0

Application Path: C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe

Report Id:

Error: (04/12/2014 00:02:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/12/2014 00:01:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/12/2014 00:00:22 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/12/2014 07:46:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/12/2014 07:42:16 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d64

Start Time: 01cf5605d26744c7

Termination Time: 20

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 64cbde41-c237-11e3-b954-7ce9d3c04fb0

Error: (04/12/2014 00:01:02 AM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/11/2014 10:18:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (04/12/2014 00:13:33 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (04/12/2014 00:03:45 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (04/12/2014 00:00:17 PM) (Source: Microsoft-Windows-GroupPolicy) (User: US)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (04/12/2014 11:59:47 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%842

Error: (04/12/2014 11:59:25 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (04/12/2014 11:59:23 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/12/2014 11:59:23 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/12/2014 10:53:03 AM) (Source: DCOM) (User: )
Description: 1084TdmService{2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

Error: (04/12/2014 07:46:28 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/12/2014 07:46:28 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (04/12/2014 00:16:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_enu (1).exe

Error: (04/12/2014 00:15:05 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe

Error: (04/12/2014 00:10:32 PM) (Source: Application Hang)(User: )
Description: OptimizerPro.exe3.2.0.0164c01cf566999db88be0C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe

Error: (04/12/2014 00:02:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_enu (1).exe

Error: (04/12/2014 00:01:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe

Error: (04/12/2014 00:00:22 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/12/2014 07:46:21 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe

Error: (04/12/2014 07:42:16 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.11d6401cf5605d26744c720C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe64cbde41-c237-11e3-b954-7ce9d3c04fb0

Error: (04/12/2014 00:01:02 AM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/11/2014 10:18:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe

=========================== Installed Programs ============================

AccelerometerP11 (Version: 2.00.10.33)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.9.149)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
BioAPI Framework (Version: 1.0.2)
Canon Easy-PhotoPrint EX (Version: 4.1.6)
Canon MP Navigator 2.2
Canon MP530
Canon My Printer (Version: 3.1.0)
Canon Utilities Easy-PhotoPrint
Citrix Online Launcher (Version: 1.0.168)
Computrace (Version: 8.0.893)
Custom (Version: 01.00.00.000)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Client System Update (Version: 1.2.3)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159)
Dell Data Protection | Access (Version: 2.2.00003.009)
Dell Mobile Broadband Manager (Version: 6.3.3.2)
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 8.1200.101.112)
DellAccess (Version: 01.01.00.104)
EMBASSY Client Core (Version: 01.01.00.036)
ESET Online Scanner v3
Gemalto (Version: 01.64.01.0010)
GoToMeeting 6.2.0.1350 (Version: 6.2.0.1350)
IBM System i Access for Windows V6R1M0 (Version: 06.01.0001)
IDT Audio (Version: 1.0.6324.0)
InstallVC90Support (Version: 1.01.0000)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.20110)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MATLAB® Compiler Runtime 7.10 (Version: 7.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Antimalware (Version: 3.0.8410.2)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 (Version: 5.0.1104.0)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (Version: 5.0.1104.0)
Microsoft Application Virtualization Client en-US Language Pack x64 (Version: 5.0.1104.0)
Microsoft Conferencing Add-in for Microsoft Office Outlook (Version: 8.0.6362.202)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 2.2.0903.0)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.268)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.143)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.215)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Security Client (Version: 2.2.0903.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.37)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
PC-CCID (Version: 2.0.0)
Preboot Manager (Version: 03.03.00.090)
Presto! PageManager (Version: 7.15.14E)
Private Information Manager (Version: 07.01.00.030)
QuickTime (Version: 7.74.80.86)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
SPBA 5.9 (Version: 5.9.4.6901)
Speccy (Version: 1.25)
swMSM (Version: 12.0.0.1)
System Center 2012 Endpoint Protection (Version: 2.2.903.0)
TightVNC 2.0.2 (Version: 2.0.2)
toolkit32for64bit (Version: 7.67.47.0000)
Trusted Drive Manager (Version: 4.5.0.136)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Wave Crypto Runtime 2.0.7.0 x86 (Version: 02.00.07.0000)
Wave Infrastructure Installer (Version: 07.67.60.0020)
Wave Support Software Installer (Version: 05.13.00.051)
WIDCOMM Bluetooth Software (Version: 6.3.0.6900)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)

========================= Memory info: ===================================

Percentage of memory in use: 81%
Total physical RAM: 3976.9 MB
Available physical RAM: 752.9 MB
Total Pagefile: 7999.98 MB
Available Pagefile: 3149.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.6 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.32 GB) (Free:138.29 GB) NTFS
3 Drive e: (VCR2007) (Removable) (Total:0.47 GB) (Free:0.09 GB) FAT

========================= Users: ========================================

User accounts for \\H5WZCS1

Administrator            Guest                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 13 April 2014 - 10:03 AM

Let's run those scans again, but first I want you to download and run RKill.  You will reach the point in the instructions where you will read "At this time you need to run your security applications.", this is when you should rerun the Eset and Malwarebytes scans.

 

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
At this time you need to run your security applications.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run succefully you should reboot the computer to restore the processes and Windows Registry entries.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 April 2014 - 11:04 PM

Here is the Rkill log.  I'm going to rerun ESET Online Scanner and Malwarebytes Anti-Malware Scanner next.

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/13/2014 07:02:40 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\srvany.exe (PID: 2916) [WD-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 4104) [WD-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 2272) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/13/2014 07:17:05 PM
Execution time: 0 hours(s), 14 minute(s), and 24 seconds(s)



#11 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 14 April 2014 - 09:37 AM

Neither ESET Online Scanner nor Malwarebytes Anti-Malware can still complete a scan.  They both seem to be getting hung-up in similar, but separate, places:.

 

ESET Online Scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\Temporary Internet Files

 

Malwarebytes Anti-Malware scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\SchCache



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 14 April 2014 - 11:39 AM

Did you have OptimizerPro installed at one time?

 

 

Let's see if we can clean up some of these things and see if we can move forward.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

Please download Temp File Cleaner by Old Timer and save it to your desktop.
 
1. Save any unsaved work. (TFC will close ALL open programs including your browser!)
 
2. Double-click on TFC.exe to run it. (If you are using Vista or Windows 7, right-click on the file and choose "Run As Administrator".)
 
3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
 
Important! If TFC prompts you to reboot, please do so immediately. If you are not prompted, manually reboot the machine to ensure a completion.
 
 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
 

Disable Preboot Authentication
 
Use EMBASSY Security Center (ESC) to disable Pre-boot authentication
 
1)  Open the EMBASSY Security Center.
 
2)  Select Start > All Programs > Dell ControlPoint > Security Manager > Advanced > ESC
 
3)  Select the Preboot Manager tab 
 
4)  Select the System Password ‘Change’ button.
 
5)  Enter the current System password, leave the New Password fields blank and select OK.
 
6) The System Password button will change to ‘Set’.
 
7)  Repeat the previous steps for Hard Drive Password if one is set.   If you accessed the machine with the BIOS Admin password and the System password is unknown:
     a. In ESC > Preboot Manager, select Advanced Settings > BIOS Passwords.
     b.  Select ‘Change’ for the Admin Password.
     c.  Enter the current Admin password, leave the New Password fields blank and select OK.
     d.  Close Advanced Settings window.
     e.  The System Password button will change to ‘Set.
 
Pre-boot authentication is now disabled.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 14 April 2014 - 01:55 PM

Yes, I had accidentally installed OptimzerPro at one time.

 

ADWCleaner found the following file:

 

C:\Windows\System32\roboot64.exe

 

Should I remove it?



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:42 AM

Posted 14 April 2014 - 02:25 PM

Yes.

 

 

Neither ESET Online Scanner nor Malwarebytes Anti-Malware can still complete a scan.  They both seem to be getting hung-up in similar, but separate, places:.

 

ESET Online Scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\Temporary Internet Files

 

Malwarebytes Anti-Malware scanner stops in:

 

C:\Users\matt.baun\AppData\Local\Microsoft\Windows\SchCache

 

Did you run these immediately after running the RKill without rebooting first?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 14 April 2014 - 02:46 PM

I did run ESET Online Scanner and Malwarebytes Anti-Malware scanner immediately after running Rkill, with no reboot beforehand.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users