Some process in the background makes computer whirring and interrupts my typing - in MS Word or Outlook. I don’t look at the screen while typing and my pointer disappears. Sometimes a pop-up window shows ups with message that some process was not able to run. I run Process Explorer and found out the second vmhost.exe appears from time to time in webdev.exe tree and that second vmhost.exe uses a lot of CPU. Sometimes this happens every few second sometimes less often. Help, this drives me nuts.
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Hi darek2!
Cześć!
I’m on it, please perform Asyn’s instructions
Asyn,
My Norton 360 is blocking Farbar. Should I disable protection for the time to Run it?
Darek
Here is my Malwarebytes log:
@Darek: Please disable it to make sure it does not interfear with the Tools.
Steven,
Actually the malwarebytes removed the vmhost.exe process. I will see if it reappears again in few days. Should I still run other applications? Is there more to find by running them?
Darek
Still run the other Tools please, as theyre diagnostic logs and Naathim might see something else in there.
That is why Naathim need the logs to find out … so attach them all
Sorry Guys, I have been busy with other project. What should I disable in Norton 360 to allow it for me to run Farbar. I disabled Firewall and intrusion prevention and each time I download it Norton is telling me that it is not safe and removes frst64.exe.
Darek
Its download intelligence thats blocking most likely so just right click the icon in the taskbar and disable Auto-Protect, that
should turn it off also, otherwise go to the advanced settings in Norton and turn it off there.
Autoprotection is not high lighted???
Just checked it back, its blocked by Auto-Protect.
If its not highlighted you need to restart your system as it wants to remove something else.
Just disable Auto-Protect via Context Menu on the icon its disabling Download Intelligence too.
The files are detected as Bad reputation or Suspicious.Cloud.7.EP
Czesc,
Here are the logs from Fabar and aswMBR. I hope the older log from malwarebytes will be enough.
Thanks,
Darek
Cześć Darek
Wydaje mi się, że możemy pisać po Polsku tutaj, pozdrowienia z Krakowa Aczkolwiek instrukcje mam wszystkie po angielsku, chociaż widzę że to nie problem dla Ciebie. Chyba że mnie za to okrzyczą, to wrócimy na angielski.
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/remove%20outdated.jpg
Uninstall some programs
We need to uninstall some programs.
[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type appwiz.cpl and click OK.
[*]Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
[b]The list of programs to uninstall:[b]
[]Adobe Reader Free Download Packages
[]HitmanPro
After completing uninstalls, please manually reboot your machine!
If you wonder why I recommend to uninstall HitmanPro, here’s what I tell every user that is running it:
This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable. Any removals should be done manually after careful analysis of the scan results!
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\1.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\11329s.gif:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\11329s.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\2.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\OBRAZT.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\OBRAZT.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\Picture1.wmf:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Darek Czokajlo\Documents\Picture1.wmf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
CMD: dir C:\AdwCleaner
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Czesc Naat,
Pozdrowienia z Portland.
Here is fixlog.txt
Darek
What about Junkware Removal Tool report and fresh FRST ones?
Naat,
Just finished running. Here they are.
Thanks. Polska górą.
Darek
Please uninstall also PCMechanic,as it doesn’t have good reputation.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
S0 fkft; No ImagePath
C:\windows\Tasks\PCMechanic Maintenance.job
C:\windows\System32\Tasks\PCMechanic Maintenance
C:\Users\Public\Desktop\PCMechanic.lnk
C:\Users\Darek Czokajlo\AppData\Roaming\Uniblue
C:\Program Files (x86)\Uniblue
C:\Users\Darek Czokajlo\Downloads\pcmechanic.exe
cmd: type c:\AdwCleaner\AdwCleaner[S0].txt
EmptyTemp:
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow onscreen instructions inside the black box. This scan won’t take long.
[*]Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Naat,
I forgot to thank you for your help. The problem never came back to me.
Darek