I see I am having the same problem that many others are having with multiple dllhost.exe occurrences in Task Manager. The solutions are accompanied with a warning that they are just for that computer and should not be tried by anyone else. What should I do?
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Sorry it took so long. Not sure if the aswMBR finished, as it was doing quite a lot, then stopped for over 30 minutes. While I was waiting to see if it would do anything, I started getting Malwarebytes messages popping up in the lower right corner every few seconds saying a Malicious Website Blocked, even thought I was not on the web and the only thing open or running was aswMBR. I was also occasionally getting Avast Web Shield notices too.
OK, now you’ve to wait a bit…
Hi
Creepy Poweliks infestation.
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
http://forum.programosy.pl/images/smilies/icon_idea.gif
Don’t forget to re-enable your previously switched-off protection software!
Hello,
Every time I try to download ComboFix, it gets to 99% completed with 1 second to go then says the download was interrupted. Resume fails. I had to make the window smaller to try to save it to my desktop because the Save As option in the lower right of the screen is constantly blocked by Malwarebytes popup windows. Avast throws one up every minute or so too. I will go to another computer, try to download it to a thumb drive, then transfer it to this computer.
Fine, awaiting for the logfile
Hello,
I guess I was too literal with your directions. I tried to download ComboFix and was THEN going to turn off MB and Avast. This time I turned them off FIRST, then successfully downloaded ComboFix.
The main bad guy looks like killed. Now let’s search for any remnants.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Things are running very good now. No warning pop-ups. Here are the two files. Was I suppose to click the FIX button?
No, you did it right. Let’s continue.
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]The program will begin to update the database (if internet connection is operational). Please wait a little bit.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
WOW, are you people THOROUGH!
You don’t want us not to be thorough! ;D
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Here ya go.
Hi
Alot better.
https://sites.google.com/site/cannedfixes/activescan/panda-av.jpg
Scan with Panda Cloud Cleaner
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Install the scanner by right-click on
https://sites.google.com/site/cannedfixes/activescan/panda-av.jpg
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator.
[*]It should start itself automaticaly after the installation.
[*]In the main console click Accept and Scan.
[*]This scan won’t take long, about several minutes (depending on your system specs). Let it run uninterrupted.
[*]At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
[*]Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
[*]A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don’t forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow onscreen instructions inside the black box. This scan won’t take long.
[*]Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Here are the latest files.
Before I will provide next set of instructions I need to know if everything is OK.
https://sites.google.com/site/cannedfixes/updating-software/updates.png
Update outdated software
Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.
https://sites.google.com/site/cannedfixes/updating-software/Adobe_Reader_v9-0_icon.png
Updating Adobe manually
[*]Visit Adobe website.
[*]You will see a download option there for the newest Adobe Acrobat version.
[*]In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
[*]Click on Install, save the file to a convenient location, double-click it and follow the prompts.
Okay, Adobe installed, although the option they gave me was for Google Toolbar, which I have tried in the past and don’t like.
Hi and sorry for the delay, had some family commitments.
Any other issues?
https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
Clean with DelFix
Please download DelFix by Xplode and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
[*]Push Run.
[*]When finished, it will display a notepad report.
Include it for my review.
Please also manually reboot your machine after posting your logfile.
No other issues. Here is the file.