Dllhost.exe 100% disk usage

[basketball2323]

Dllhost.exe is using 100% of my disk usage i have ran multiple antimalware rootkits virus scans and all found nothing so ive attached FRST results

 

[basketball2323]

id also like to add that even with only 3 programs using 0.6mb/s and like 3 using 0.1mbs the disk is still at 99% i dont know if that is strange i just thought id add it

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
• Click the Scan tab, choose Threat Scan is checked and click Start Scan.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[basketball2323]

when i try and upload zoek results i get this
The following error occurred
The uploaded file is empty.

zoek-results.log
even though when i open the file in notepad its not empty
should i just copy and paste the entire results?

 

[TwinHeadedEagle]

Can you open it and just copy/paste its content?

 

[basketball2323]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Cam on 01/02/2016 at 1:00:29.32.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cam\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

01/02/2016 01:08:27 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\DivX deleted successfully
C:\PROGRA~3\Avg deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Cam\AppData\Roaming\sparta111 deleted successfully
C:\Users\Cam\AppData\Roaming\uTorrent deleted successfully
C:\Users\Cam\AppData\Local\Skype deleted successfully
C:\Users\Cam\AppData\Local\Sparta deleted successfully
C:\Users\Cam\AppData\Local\WarThunder deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-626473118-3010605479-898090307-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater14.2.0 deleted successfully

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\DivX not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Flyordie Plugin deleted
C:\windows\SysNative\Tasks\Bidaily Synchronize Task[973b] deleted
C:\Windows\tasks\Bidaily Synchronize Task[973b].job deleted
C:\PROGRA~3\{7c12c1dc-c294-1c6e-7c12-2c1dcc290773} deleted
C:\PROGRA~3\5767796595995162811 deleted
C:\PROGRA~3\DivX deleted
C:\PROGRA~2\SearchProtect deleted
C:\PROGRA~2\File Scout deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\prefs.js deleted
C:\Users\Cam\AppData\Roaming\RHEng deleted
C:\Users\Cam\AppData\Roaming\Systweak deleted
C:\Users\Cam\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\IBUpdaterService deleted
C:\PROGRA~3\AVG SafeGuard toolbar deleted
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Cam\AppData\Local\SearchProtect deleted
C:\Users\Cam\AppData\Local\Unity deleted
C:\Users\Cam\AppData\Local\AVG Secure Search deleted
C:\Users\Cam\AppData\Local\Systweak deleted
C:\Users\Cam\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\Cam\AppData\Local\adawarebp deleted
C:\Users\Cam\AppData\Local\AVG Nation toolbar deleted
C:\Users\Cam\AppData\Local\CrashRpt deleted
C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Cam\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\Cam\AppData\LocalLow\Unity deleted
C:\END deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\SearchProtect deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1" []

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lfffjahnfbocnaooecgijfnbpcfekoik - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 10:47]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1\avg.crx[]

Ask Toolbar - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Comodo Drag&Drop Service - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Media Downloader - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Absolute Radio Live Scores - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgmkadilkeimcolingoooifhoknpkifi
AVG SafeGuard toolbar - Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

==== Chromium Startpages ======================

C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
"homepage": "Search",


==== Chromium Fix ======================

C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_admtpmp123.adk2x.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_admtpmp123.adk2x.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tunefind.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tunefind.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_career-services.careerone.com.au_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_career-services.careerone.com.au_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_roysautoservices.com_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_roysautoservices.com_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully
C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully
C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully
C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgmkadilkeimcolingoooifhoknpkifi deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
"Search Page"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
"Default_Page_URL"="Google"
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
"Default_Page_URL"="Google"
"Search Page"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
"Default_Page_URL"="Google"
"Search Page"="http://isearch.omiga-plus.com/web/?...0DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="Bing"
"Default_Search_URL"="Bing"
"Default_Page_URL"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="Bing"
"Search Page"="Bing"
"Default_Page_URL"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="Bing"
"Search Page"="Bing"
"Default_Page_URL"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - {searchTerms} - Google Search
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully

==== Empty IE Cache ======================

 

[TwinHeadedEagle]

Report isn't complete, but so far Zoek deleted a lot of malware. Can you run Zoek one more time?

 

[basketball2323]

for some reason zoesk wont open now

 

[basketball2323]

zoek*

 

[TwinHeadedEagle]

Please delete it and download again.