Hello,
I know this is not a new post but reading the replies from a previous post indicated any solution was specific to that machine. So here goes, ran Avast full scan, CCleaner, Malwarebytes, ComboFix, and most every other scan tool with no success. Looking at the Task Manager, All Users, I see dlhost.exe*32 ever increasing in size up to 300 MB with CPU Utilization upwards of 80%.
If I investigate the path the file is located in C:/Windows/susWOW64.
Since it appears there has been an investigation and solution to this problem for another user I would like to progress correctly and fix this machine. I am a paid subscriber to Avast and have recommended this product to all I deal with.
Regards,
wings515
This may be poweliks so just the FRST scan and additions initially
I downloaded and ran Farbar as requested. Attached are the two files.
Also during the running of Farbar a new Malware listing came up in ContentExplorer.exe.
OK it is not poweliks just a heap of PUP’s
Let me know how the computer is behaving after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM-x32\...\Run: [PCFixSpeed] => C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [1299816 2014-08-11] (Crawler.com) HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-07-25] (Crawler, LLC) HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:50768;https=127.0.0.1:50768 R2 GrillaPrice; C:\Program Files (x86)\grillaprice\grillaprice.exe [415744 2014-08-29] () [File not signed] R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-07-25] (Crawler, LLC) R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [303616 2014-08-31] (Wajam Internet Technologies Inc.) [File not signed] 2014-09-07 12:14 - 2014-09-07 12:14 - 00001153 _____ () C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\Users\William\AppData\Roaming\OpenSoftwareUpdater 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\Program Files (x86)\grillaprice 2014-09-07 12:13 - 2014-09-07 12:13 - 00001081 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk 2014-09-07 12:13 - 2014-09-07 12:13 - 00000977 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Users\William\AppData\Roaming\PCFixSpeed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Users\William\AppData\Roaming\PC Tech Hotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\PCFixSpeed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Program Files (x86)\PCFixSpeed 2014-09-07 12:12 - 2014-09-07 12:14 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater 2014-09-07 12:12 - 2014-09-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Wajam 2014-09-07 12:11 - 2014-09-07 12:11 - 00000000 _____ () C:\nszE3CD.tmp 2014-09-07 12:11 - 2014-09-07 12:11 - 00000000 _____ () C:\nseE3ED.tmp 2014-09-04 09:14 - 2014-09-04 09:46 - 00000000 ____D () C:\Users\William\AppData\Roaming\defaulttab 2014-09-04 09:11 - 2014-09-05 11:21 - 00000000 ____D () C:\Users\William\AppData\Roaming\ContentExplorer 2014-08-31 15:24 - 2014-08-31 15:24 - 00000000 ____D () C:\Users\William\AppData\Roaming\MyTurboPC.com 2014-08-31 15:23 - 2014-08-31 15:33 - 00000000 ____D () C:\ProgramData\MyTurboPC.com 2014-09-07 12:14 - 2014-09-07 12:14 - 00001153 _____ () C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\Users\William\AppData\Roaming\OpenSoftwareUpdater 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater 2014-09-07 12:14 - 2014-09-07 12:14 - 00000000 ____D () C:\Program Files (x86)\grillaprice 2014-09-07 12:14 - 2014-09-07 12:12 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater 2014-09-07 12:13 - 2014-09-07 12:13 - 00001081 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk 2014-09-07 12:13 - 2014-09-07 12:13 - 00000977 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Users\William\AppData\Roaming\PCFixSpeed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Users\William\AppData\Roaming\PC Tech Hotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\PCFixSpeed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline 2014-09-07 12:13 - 2014-09-07 12:13 - 00000000 ____D () C:\Program Files (x86)\PCFixSpeed 2014-09-07 12:13 - 2014-09-07 12:12 - 00000000 ____D () C:\Program Files (x86)\Wajam 2014-09-07 12:11 - 2014-09-07 12:11 - 00000000 _____ () C:\nszE3CD.tmp 2014-09-07 12:11 - 2014-09-07 12:11 - 00000000 _____ () C:\nseE3ED.tmp TDL4: custom:26000022 <===== ATTENTION! C:\Program Files (x86)\Wajam\Wajam Internet Enhancer C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe C:\Program Files (x86)\PCTechHotline C:\Program Files (x86)\grillaprice\grillaprice.exe C:\Program Files (x86)\OpenSoftwareUpdater CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY
Could you run a fresh FRST scan
Sorry to be a pain, I reviewed the log files and found the grilla and windjam and knew they were nto to be so I have uninstalled them and reran Farbar to cleanup a lot of the ‘extra’ problems.
I have attached the newer text files.
I appreciate your help in trying to resolve these problems.
Regards,
Wings515
Run the fixlist that I posted and AdwCleaner as those programmes lied when they said they uninstalled
Thanks so much for the reply. I have completed your required steps. Attached are the files you requested. All seems GOOD. I do have one last item. As you stated the Grillaprice did not actually get fully removed. Even after running adwcleaner there is still an entry in the add/Remove Program listing. When I use the Uninstall feature it opens a web page to download an uninstaller that does not work
It’s not that much of a big deal to have a listing in the program name but I am a geek and would like to have it removed.
BTW if you do a Bing search on adwcleaner a site comes up that Avast considers malware. I downloaded the correct one from Bleeping Computer.
Best regards,
wings515
Attached is the last run of FRST. I also looked at Windows/system and windows/sysWOW64 and nither directory has any listing for dllhost.exe.
Funny now all instances are no longer there.
Regards,
wings515
dllhost is a system hidden file so you will not see it
If you try to uninstall Grillaprice does windows offer to remove the entry ?
How is the computer now ?
Thanks for the reply. When I click on grilalprice in the Add/Remove page and click to Uninstall, a web page" gorillauninstallation.com/uninstaller3.html" opens. There is a request “If you would like to uninstall, please enter the numbers below”, except no numbers are shown. There is a link “Click here to Download Uninstaller” If I do that, Avast blocks the download and interrupts further download. I canceled out to prevent further infections.
As to the dllhost problem, that appears resolved. Previously, when opening the Task Manager , all users, the dllhost.exe*32 was visible. As if it were not a hidden file. Now there are no instances of dllhost so they must all be hidden.
Thanks again for all your help.
wings515
If all is still well tomorrow let me know and I will tidy up
Good Morning,
All appears well except for the straggling grillaprice in the Uninstall listing.
I really appreciate all your help.
Regards,
wings515
Just did a regedit search and found a listing for grillaprice and the web link under the Unininstall . Deleted it and it is now removed from the listing in the Uninstall Programs and Features.
Is there anything else you would like me to do?
Regards,
wings515
Just this
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe
This is my first time here. I have the same problem. Do I reply to this message (like I just did) or is there another proper way to register my problem?
Please start your own topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0