![]() PRC - (Symantec Corporation) - C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe PRC - (Symantec Corporation) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - (Symantec Corporation) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - (Symantec Corporation) - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - (Symantec Corporation) - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - (Adobe Systems Inc.) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ![]() PRC - (Intuit Inc.) - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - (Safer-Networking Ltd.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - (Safer-Networking Ltd.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - (Safer-Networking Ltd.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - (Safer-Networking Ltd.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - (Tanium Inc.) - C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe ![]() PRC - (OldTimer Tools) - C:\Users\t5403cg\Downloads\OTL.exe %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)ĭrive C: | 149.05 Gb Total Space | 91.03 Gb Free Space | 61.07% Space Free | Partition Type: NTFSĬomputer Name: CID-TDENZL403CG | User Name: T5403CG | NOT logged in as Administrator.īoot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansĬompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days Paging file location(s): ?:\pagefile.sys Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyyģ.89 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.45% Memory freeħ.77 Gb Paging File | 5.30 Gb Available in Paging File | 68.23% Paging File free OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t5403cg\DownloadsĦ4bit- Professional Service Pack 1 (Version = ) - Type = NTWorkstation OTL logfile created on: 7:23:20 AM - Run 1 In that foldeer is a wow.dll installed on 2/18.could this be the problem? Process monitor software tells me that dllhost is attempting to connect to a TCP address.here's what Process Monitor records (xxxx hide sensitive info):Ĭ:\Users\xxxxx\AppData\Local\Temp\syncsvb\sxynbvq\wow.ini I also notice in that folder a subfolder called Panther was created on the same day.not sure there is a correlation. Lastly, Symantec does indicate that I have the !inf infection attached to the cryptbase.dll ( creation date) found in windows\system32\sysprep folder.but it can't be removed. I've run spybot, malwarebytes, adwCleaner, TDSS, CCleaner, MSErt.nothing gets rid of the problem permanately.although it does appear to be removed temporarily. > IE browser seettings are changed periodically, particularly the history (changed to 0 days) and file download (changed to disabled) > Large number of dllhost files are launched.causing memory issues when using IE Periodic redirects to other searches when clicking a result link
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |