Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe COM Surrogate taking up all CPU Usage


  • This topic is locked This topic is locked
10 replies to this topic

#1 paintbalplaya02

paintbalplaya02

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 04 November 2014 - 08:24 AM

Just as the title state, over the last few days ive noticed my pc becoming slower.  Getting high usage messages from Norton.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Todd at 8:20:30 on 2014-11-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8111.2643 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\nacl64.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coNatHst.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GoogleChromeAutoLaunch_074FE521E48D2FD943354AD99FDC5BFB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{945CEBBD-29ED-4E06-B0F4-DD9449B38330} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-12 20464]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-16 1148120]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2014-4-12 17192]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-16 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141103.001\IDSviA64.sys [2014-11-4 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-16 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-16 593112]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-10-17 2436280]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-23 1149760]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-8 195336]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-3-14 182248]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-4-12 169432]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-10-16 265040]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-12 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-12 19440960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-4 411968]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-4-12 495376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-3-14 21048]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-3-14 21048]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-3-14 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-12 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-12 786416]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2014-4-12 1254464]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-5 20288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-23 38048]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2014-4-12 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-14 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-11-04 12:34:06 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-11-04 12:32:50 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
2014-11-04 12:32:50 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
2014-11-04 12:29:17 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-11-04 12:29:17 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-11-04 12:29:17 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-11-04 12:29:17 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-11-04 12:29:16 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-11-04 12:29:16 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-11-03 12:00:57 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-10-25 18:16:50 -------- d-----w- C:\Users\Todd\AppData\Local\CrashDumps
2014-10-17 20:17:19 590536 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-17 20:17:02 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-10-17 20:14:15 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-10-16 23:20:29 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 20:58:35 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-10-16 20:58:35 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-10-16 20:58:35 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-10-16 20:58:35 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-10-16 20:58:35 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-10-16 20:58:35 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-10-16 20:58:35 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-10-16 20:58:35 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-10-16 20:58:32 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-10-16 20:41:59 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M  ====================
.
2014-11-04 12:28:23 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-10-16 16:54:03 3237528 ----a-w- C:\Windows\System32\SET145F.tmp
2014-10-16 14:11:36 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-04 06:42:47 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-04 06:42:47 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-04 06:41:43 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-04 06:41:43 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-23 23:29:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 23:29:05 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-13 21:53:36 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-11 15:37:55 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH:  8:20:42.73 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 06 November 2014 - 06:58 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 paintbalplaya02

paintbalplaya02
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 November 2014 - 09:04 AM

Here are the logs.  The PC seems to be running much better.

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 06 November 2014 - 04:02 PM

Let's do a final check up:

Step 1


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 paintbalplaya02

paintbalplaya02
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 07 November 2014 - 11:28 AM

The computer is running great.  I do not see any more instances dllhost.  Here is the hitman log.  Im still running ESET.

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : TODD-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Todd-PC\Todd
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-07 11:19:51
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 34s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 31
 
   Objects scanned . . . : 3,313,163
   Files scanned . . . . : 170,371
   Remnants scanned  . . : 1,898,324 files / 1,244,468 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Todd\Desktop\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 1.1 days (2014-11-06 09:00:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9A92493668D313771DB011C6FD2BF7B894B97281BC5E3C3DEE5C104372A33DCA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\ProgramData\APN\ (AskBar)
   ask.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
 
 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 07 November 2014 - 11:31 AM

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 paintbalplaya02

paintbalplaya02
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 07 November 2014 - 12:06 PM

Here is the ESET Log

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1a986d9a59cc69488af66dbee3d7dd4b
# engine=20981
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-07 05:03:26
# local_time=2014-11-07 12:03:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 655203 165955902 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 16998039 166923256 0 0
# scanned=286381
# found=1
# cleaned=0
# scan_time=2302
sh=800AA78A2A4A79D59268479A44E512AD645FCA16 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHV trojan" ac=I fn="C:\Users\Todd\AppData\Local\Temp\426c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35765FLF\peh53we587[1].htm"


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 07 November 2014 - 03:10 PM

This is looking very good. No more active malware or adware has been found. :)
 
Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Attached File  fixlist.txt   61bytes   2 downloads


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 paintbalplaya02

paintbalplaya02
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 07 November 2014 - 07:28 PM

Thanks for all your help!! Everything is running smoothly now.  Here is the log from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Todd at 2014-11-07 19:24:40 Run:1
Running from C:\Users\Todd\Desktop
Loaded Profile: Todd (Available profiles: Todd)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Windows:1EAD3BEADDF6B004
EmptyTemp:
*****************

C:\Windows => ":1EAD3BEADDF6B004" ADS removed successfully.
EmptyTemp: => Removed 100.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 08 November 2014 - 06:09 AM

You are welcome!

Take care.

:)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 08 November 2014 - 06:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users