Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple dllhost.exe*32


  • Please log in to reply
11 replies to this topic

#1 bbaroco

bbaroco

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 10 November 2014 - 10:52 AM

I have the same problem with multiple dllhost.exe*32 and very slow pc.High CPU usage by COM Surrogate message keeps popping up.  Security setting won't allow me to download mini toolbox. What should I do next? Let me just say that I am NOT very computer savvy. Thanks in advance.

 



BC AdBot (Login to Remove)

 


#2 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 10 November 2014 - 02:37 PM

Update...Just got a call from a company verifying the purchase of a Hp tablet being sent to an address different from billing address. Ugh. Over $2000 in fraudulent charges on my credit card. Is this related?

 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 PM

Posted 11 November 2014 - 09:52 PM

You may have several infections..
But if that happened I would call all my bankcards and tell them .
Consider all your passwords are also compromised.

It appears you have a backdoor infection ..
In these cases I recommend a reformat as then you can trust the machine again.

We can scan to see if we find them first if you like.

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
>>>
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 November 2014 - 08:26 AM

I know I am going to hear it from you for this...but I followed instructions for bubba888 and think the problem is solved. I saved the logs if you want me to post them. I just ran Malware Bytes and it found nothing. Is there something else I should run to be more safe?



#5 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 November 2014 - 08:32 AM

I am running eset next



#6 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 November 2014 - 04:48 PM

C:\AdwCleaner\Quarantine\C\Users\hp\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx.vir a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\Users\hp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\704c6717-5ca2cc26 a variant of Java/Exploit.CVE-2010-0840.NAL trojan cleaned by deleting - quarantined
C:\Users\hp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2aff675-3c30faf4 a variant of Java/Exploit.CVE-2010-0840.NAK trojan cleaned by deleting - quarantined
C:\Windows\Installer\83ed681.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 PM

Posted 12 November 2014 - 07:43 PM

did you run
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
if no do it ..

and finish with

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 November 2014 - 10:30 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by hp on Wed 11/12/2014 at 22:21:50.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/12/2014 at 22:28:13.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 November 2014 - 11:09 PM

Just finished with TFC. Thanks so much for all of your help!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2292712 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14219393 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42343422 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 7201039095 bytes
Process complete!
 
Total Files Cleaned = 11,958.00 mb



#10 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 13 November 2014 - 08:09 AM

This morning I am getting a High disk usage from Svchost.exe. I think I still have issues.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 PM

Posted 13 November 2014 - 11:01 AM

Ok ...
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bbaroco

bbaroco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 13 November 2014 - 11:59 AM

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-13 11:38:51
-----------------------------
11:38:51.956    OS Version: Windows x64 6.1.7601 Service Pack 1
11:38:51.957    Number of processors: 4 586 0x2502
11:38:51.958    ComputerName: HP-PC  UserName: hp
11:38:53.941    Initialize success
11:38:54.217    VM: initialized successfully
11:38:54.218    VM: Intel CPU BiosDisabled
11:40:24.242    AVAST engine defs: 14111300
11:40:44.955    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:40:44.959    Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
11:40:45.072    Disk 0 MBR read successfully
11:40:45.076    Disk 0 MBR scan
11:40:45.085    Disk 0 unknown MBR code
11:40:45.099    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
11:40:45.105    Disk 0 default boot code
11:40:45.115    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       285726 MB offset 409600
11:40:45.143    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        19215 MB offset 585576448
11:40:45.165    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
11:40:45.212    Disk 0 scanning C:\Windows\system32\drivers
11:41:00.340    Service scanning
11:41:04.308    Service BHDrvx64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys **LOCKED** 5
11:41:11.015    Service IDSVia64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141112.001\IDSvia64.sys **LOCKED** 5
11:41:15.981    Service NAVENG C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.037\ENG64.SYS **LOCKED** 5
11:41:16.185    Service NAVEX15 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.037\EX64.SYS **LOCKED** 5
11:41:31.707    Modules scanning
11:41:31.719    Disk 0 trace - called modules:
11:41:31.746    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
11:41:31.755    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005825060]
11:41:31.763    3 CLASSPNP.SYS[fffff8800109d43f] -> nt!IofCallDriver -> [0xfffffa80056bbb10]
11:41:31.771    5 hpdskflt.sys[fffff880024da289] -> nt!IofCallDriver -> [0xfffffa80049baae0]
11:41:31.780    7 ACPI.sys[fffff88000d7b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049bf050]
11:41:33.874    AVAST engine scan C:\Windows
11:41:36.287    AVAST engine scan C:\Windows\system32
11:45:39.458    AVAST engine scan C:\Windows\system32\drivers
11:45:55.559    AVAST engine scan C:\Users\hp
11:58:27.894    Disk 0 MBR has been saved successfully to "C:\Users\hp\Desktop\MBR.dat"
11:58:27.907    The log file has been saved successfully to "C:\Users\hp\Desktop\aswMBR.txt"

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users