Possible malware, ads running in background, high cpu usage

[cheesevault]

It found 2 things, both skipped.  One of them had the acronym DCOM in it, which is in the name of the svchost.exe that is taking up so much processing power, not sure if there is a relation.

[cheesevault]

And the service that is using svchost.exe (the one hogging my cpu and ram) is "AudioEndpointBuilder".

[MrCharlie]

Lots of hits, see if any work:

 

http://lmgtfy.com/?q=audioendpointbuilder+cpu+usage

 

MrC

[cheesevault]

I reinstalled my audio driver, that didn't help with anything.  

Do you really think these two things are unrelated?  

The way I see it is this (whatever it is) is using my audio to obviously transmit ads, so wouldn't it make sense that it would be taking up so many resources?  I feel like it can't be a coincidence.

But the fact that we have found next to nothing through so many scans troubles me.

[cheesevault]

I tried some of the other things as well, nothing seems to have worked.

[cheesevault]

Okay, I disabled "Superfetch" in my services, and the high memory usage completely went away.  Apparently this is a useful service though and should keep it on.  I'm looking into it more.  Avast still blocking ads like crazy, though.

[cheesevault]

So I guess I've figured out the memory and cpu usage issues.  Turns out they probably aren't issues at all.  The memory was caused by superfetch which I guess I just hadn't noticed in the past?  I'm not sure, I don't remember svchost.exe (LocalSystemNetworkRestricted) ever being that high in resource monitor before, but I guess since I now know what is making it happen, and that Superfetch is a good thing, I can probably stop worrying about that.

Whenever I have Chrome open, and only Chrome does this, my DcomLaunch svchost.exe starts up and runs my processor at 101% Maximum Frequency with various usage.  As soon as I close Chrome, it lowers instantly.  I am almost 100% sure this didn't happen before.

So then my main issue is just these ads playing.  Do you have any other ideas as to scans we can run or anything?

[cheesevault]

On every other post on every forum I've looked at that mentions audio ads playing in the background has basically instantly found a Rootkit or some sort of nasty virus, which I'm sure you've come across a few times.  I'm just curious as to how I can have the same issue, but then nothing comes up the in scan.

Anyway, I'm going to hit the hay for now.  Thanks for all the help so far, Charlie.  Hopefully we can fix this ad thing.

[MrCharlie]

We've checked for rootkits with a couple of programs already.

Do this......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

[cheesevault]

Came on to check this before going to sleep.

[MrCharlie]

OK, be back in the AM.....MrC

[cheesevault]

Will do, drokly.

[cheesevault]

Did you look over those logs, Charlie?

[MrCharlie]

Update and run another scan with Malwarebytes Anti-rootkit.

MrC

[cheesevault]

Would you like me to post the logs?

[cheesevault]

And should I be disabling avast shields when I do these scans?  Or would it not make a difference?

[MrCharlie]

Yes, disable it.

MrC

[cheesevault]

My computer rebooted during the scan.  It said Plug and Play stopped working and windows needed to restart.  Upon rebooting, I got a black screen so I restarted again.  I decided to run the startup repair to see if it could help with anything, and now it won't let me close it.  Should I turn my computer off or let it run?  

[cheesevault]

I'm posting from a laptop so I can't do anything with my desktop unless I turn it off and hopefully not break it completely.

[MrCharlie]

OK, let me know...MrC

[cheesevault]

It finished the repairs but now it still won't start.  It just gets stuck on black screen.  I might have to buy a new copy of windows now.  Sigh   

It just gets stuck on a black screen.

[cheesevault]

Reformatting would definitely get rid of whatever problem I'm having with the ads playing and crashes, right?

[MrCharlie]

I might have to buy a new copy of windows now.

Your computer should have come with a copy or there a repair partition on the system.

Have you tried system restore??

MrC

[cheesevault]

I can't even get into the computer to try system restore otherwise I would  .  

I don't actually have my disk for windows, either.  It got lost somehow.  So that's why I need to buy another.

 

[MrCharlie]

Please do this:

• Please download Farbar Recovery Scan Tool and save it to a flash drive.

  Please make sure you click download buttons that look like this, not "sponsored ad links":

  

  Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  Plug the flash drive into the infected PC.

• If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

  If you are using Vista or Windows 7 enter System Recovery Options.

  To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

  To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

  To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
• On the System Recovery Options menu you will get the following options:

  • • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

      Select Command Prompt

      Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC