- Aug 12, 2015
- 10
Multiple dllhost.exe, msiexec.exe and cmd.exe
- Thread starter Eric Jones
- Start date
- Aug 12, 2015
- 10
Also, this PC is a company machine and thus has some software that may be unrecognized compared to a typical "home" computer. I'm pretty knowledgeable about what that Company software is, so I'll let you know if something I'm asked to remove is necessary to the operations of this computer.
- Aug 12, 2015
- 10
@TwinHeadedEagle: no matter how I word a message in PM it give me:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
- Mar 8, 2013
- 22,627
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Accept the disclaimer and agree if prompted to install Recovery Console.
- Do not take any actions while ComboFix goes through your System - it may cause it to stall!
- This scan may take some time!
- When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
- Aug 12, 2015
- 10
Is it better to run Combofix in Safe Mode, or should I just run it from a normal windows session?
- Mar 8, 2013
- 22,627
- Aug 12, 2015
- 10
- Aug 12, 2015
- 10
- Mar 8, 2013
- 22,627
Let's use FRST again:
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Aug 12, 2015
- 10
- Mar 8, 2013
- 22,627
- Aug 12, 2015
- 10
- Mar 8, 2013
- 22,627
- Press the
+ R on your keyboard at the same time. Type cmd and click OK.
- Copy/Enter the command below and press Enter:
-
Code:
chkdsk C: /r - You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
- All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
- Press the
+ R on your keyboard at the same time. Type eventvwr and click OK.
- In the left panel, expand Windows Logs and then click on Application.
- Now, on the right side, click on Filter Current Log.
- Under Event Sources, check only Wininit and click OK.
- Now you'll be presented with one or multiple Wininit logs.
- Click on an entry corresponding to the date and time of the disk check.
- On the top main menu, click Action > Copy > Copy Details as Text.
- Paste the contents into your next reply.
- Aug 12, 2015
- 10
- Mar 8, 2013
- 22,627
- Aug 12, 2015
- 10
I am unable to do the last part about copying data from the Event Viewer. There doesn't appear to be any events tied to a chkdsk either upon scanning through the list. Maybe XP doesn't do that part? Regardless, when it did the check disk, it said disk was clean on the window that ran. Also, after the reboot, the system is running much better and i'm not seeing the rogue processes!
- Mar 8, 2013
- 22,627
Similar threads
