jjw
New Helpee
Posts: 23
|
Post by jjw on Nov 6, 2014 10:18:26 GMT -8
It should also be noted that the Com surrogate dllhost.exe*32 attacks are back now too after completing the ESET scan. Yikes!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 10, 2014 22:31:45 GMT -8
OK
It may be Tracur loading up
Delete your copy of Addition.txt that is on your Desktop, Start FRST and run and scan to create 2 new logs and post them back here.
Quads
|
|
jjw
New Helpee
Posts: 23
|
Post by jjw on Nov 11, 2014 4:11:55 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 16, 2014 20:55:24 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
jjw
New Helpee
Posts: 23
|
Post by jjw on Nov 17, 2014 12:49:31 GMT -8
Thanks so much. I very much appreciate your help. Attached is the fix.log along with a jpeg showing a webpage debug pop-up I routinely see ever since the Com Surrogate returned.
Attachment DeletedAttachment Deleted
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 25, 2014 14:04:33 GMT -8
Does it still appear??
Quads
|
|
jjw
New Helpee
Posts: 23
|
Post by jjw on Nov 25, 2014 19:47:49 GMT -8
No, it seems to have stopped after selecting "do not show this message again". Anxiously awiating next steps!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 14, 2014 19:13:42 GMT -8
|
|
jjw
New Helpee
Posts: 23
|
Post by jjw on Dec 15, 2014 14:37:46 GMT -8
Thank you so much! I have downloaded and ran Bleeping Computer. Output below:
Getting user folders. Stopping running processes. Emptying Temp folders. User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33184 bytes ->Flash cache emptied: 57616 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: dub_cm_auto User: Jimmy ->Temp folder emptied: 967726 bytes ->Temporary Internet Files folder emptied: 179935336 bytes ->Java cache emptied: 341765 bytes ->Google Chrome cache emptied: 102418752 bytes ->Flash cache emptied: 404547 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8108740 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72759 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42295049 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 508865165 bytes Process complete! Total Files Cleaned = 804.00 mb
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 18, 2014 18:40:10 GMT -8
You can uninstall ESET Online Scanner Then Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|