PanteraTX

Members

View Profile See their activity

Posts
2
Joined
October 31, 2014
Last visited
October 31, 2014

Reputation

0 Neutral

Assistance in Removing dllhost.exe *32

PanteraTX replied to PanteraTX's topic in Resolved Malware Removal Logs

Spybot removed windows Firewall off MB deactivated no other virus programs installed. Ran Combofix Log Results: ComboFix 14-10-29.01 - Devildriver 10/31/2014 2:58.1.6 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8120.5287 [GMT -5:00]Running from: c:\users\Devildriver\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\users\Devildriver\AppData\Local\assembly\tmpc:\users\Devildriver\AppData\Local\Microsoft\Windows\Temporary Internet Files\AtuZi_ielsc:\users\Devildriver\AppData\Local\nsmDCAA.tmpc:\windows\msdownld.tmpc:\windows\SysWow64\local.txtc:\windows\wininit.ini..CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment..((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-31 )))))))))))))))))))))))))))))))..2014-10-31 08:28 . 2014-10-31 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp2014-10-31 07:30 . 2014-10-31 07:31 -------- d-----w- C:\FRST2014-10-31 06:44 . 2014-10-31 06:59 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys2014-10-31 06:44 . 2014-10-31 06:58 -------- d-----w- c:\programdata\HitmanPro2014-10-31 06:20 . 2014-10-31 06:36 -------- d-----w- c:\program files (x86)\stinger2014-10-31 06:19 . 2014-10-31 06:19 -------- d-sh--w- c:\users\Devildriver\AppData\Roaming\AnyProtectEx2014-10-31 06:18 . 2014-10-31 08:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-10-31 06:17 . 2014-10-31 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-10-31 06:17 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-31 06:17 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-10-31 06:17 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-10-31 06:17 . 2014-10-31 06:37 -------- d-----w- c:\program files (x86)\globalUpdate2014-10-31 06:17 . 2014-10-31 06:17 -------- d-----w- c:\users\Devildriver\AppData\Local\globalUpdate2014-10-31 06:17 . 2014-10-09 19:14 350768 ----a-w- c:\windows\system32\ProtectMe64.dll2014-10-31 06:17 . 2014-10-09 19:14 304728 ----a-w- c:\windows\SysWow64\ProtectMe.dll2014-10-31 06:16 . 2014-10-31 07:45 -------- d-----w- c:\program files (x86)\PCTRunner2014-10-31 06:09 . 2014-10-31 06:10 -------- d-----w- c:\program files\stinger2014-10-31 06:09 . 2014-10-01 17:18 189920 ----a-w- c:\windows\system32\mfevtps.exe2014-10-31 02:22 . 2014-10-31 02:22 -------- d-----w- c:\program files\McAfee.com2014-10-31 02:21 . 2014-10-31 02:21 -------- d-----w- c:\program files (x86)\McAfee2014-10-31 00:52 . 2014-10-31 00:52 -------- d-----w- c:\programdata\IObit2014-10-31 00:52 . 2014-10-31 00:52 -------- d-----w- c:\users\Devildriver\AppData\Roaming\IObit2014-10-31 00:52 . 2014-10-31 00:52 -------- d-----w- c:\program files (x86)\IObit2014-10-31 00:05 . 2014-10-31 06:38 -------- d-----w- c:\users\Devildriver\AppData\Roaming\FrameworkUpdate72014-10-28 16:51 . 2014-10-31 08:19 -------- d-----w- c:\users\Devildriver\AppData\Local\assembly2014-10-28 16:43 . 2014-10-28 16:51 -------- d-----w- C:\Stream2014-10-28 15:46 . 2014-10-28 15:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-10-28 15:46 . 2014-10-28 15:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-10-28 15:46 . 2014-10-28 15:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-10-28 15:46 . 2014-10-28 15:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-10-28 15:46 . 2014-10-28 15:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-10-28 15:46 . 2014-10-28 15:46 -------- d-----w- c:\program files (x86)\QuickTime2014-10-28 15:42 . 2014-10-28 15:42 -------- d-----w- c:\program files\iPod2014-10-28 15:42 . 2014-10-28 15:43 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-10-28 15:42 . 2014-10-28 15:43 -------- d-----w- c:\program files\iTunes2014-10-28 15:42 . 2014-10-28 15:43 -------- d-----w- c:\program files (x86)\iTunes2014-10-27 04:49 . 2014-10-27 04:57 -------- d-----w- c:\programdata\Yahoo!2014-10-27 04:49 . 2014-10-27 05:30 -------- d-----w- c:\programdata\Norton2014-10-27 04:49 . 2014-10-27 04:49 -------- d-----w- c:\program files (x86)\NortonInstaller2014-10-27 03:02 . 2014-10-31 00:23 -------- d-----w- c:\users\Devildriver\AppData\Roaming\OBS2014-10-27 03:02 . 2014-10-27 03:02 -------- d-----w- c:\program files\OBS2014-10-27 03:02 . 2014-10-27 03:02 -------- d-----w- c:\program files (x86)\OBS2014-10-24 18:18 . 2014-10-16 12:27 614544 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-10-16 00:11 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys2014-10-16 00:10 . 2014-09-19 01:45 696832 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll2014-10-16 00:09 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll2014-10-16 00:09 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll2014-10-13 22:09 . 2014-10-13 22:09 -------- d-----w- c:\program files\WinRAR2014-10-02 19:23 . 2014-10-02 19:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2014-10-02 19:23 . 2014-10-02 19:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2014-10-01 17:16 . 2014-10-01 17:16 786304 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-10-01 17:14 . 2014-10-01 17:14 181584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-31 08:31 . 2014-05-07 00:59 1048576 ----a-w- c:\windows\PE_Rom.dll2014-10-16 16:54 . 2014-04-08 16:20 2849224 ----a-w- c:\windows\SysWow64\nvapi.dll2014-10-16 16:54 . 2013-01-23 23:52 987008 ----a-w- c:\windows\system32\nvumdshimx.dll2014-10-16 16:54 . 2013-01-23 23:52 3237528 ----a-w- c:\windows\system32\nvapi64.dll2014-10-16 16:54 . 2013-01-23 23:52 20968040 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-10-16 16:54 . 2013-01-23 23:52 16886168 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-10-16 14:11 . 2013-01-23 23:52 6883136 ----a-w- c:\windows\system32\nvcpl.dll2014-10-16 14:11 . 2013-01-23 23:52 3533632 ----a-w- c:\windows\system32\nvsvc64.dll2014-10-16 14:11 . 2013-04-13 08:02 2559808 ----a-w- c:\windows\system32\nvsvcr.dll2014-10-16 14:11 . 2013-01-23 23:52 933064 ----a-w- c:\windows\system32\nvvsvc.exe2014-10-16 14:11 . 2013-01-23 23:52 61640 ----a-w- c:\windows\system32\nvshext.dll2014-10-16 14:11 . 2013-01-23 23:52 384200 ----a-w- c:\windows\system32\nvmctray.dll2014-10-15 00:48 . 2013-01-23 23:52 4047877 ----a-w- c:\windows\system32\nvcoproc.bin2014-10-03 15:02 . 2013-01-29 17:59 103265616 ------w- c:\windows\system32\MRT.exe2014-09-25 02:08 . 2014-09-30 19:40 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-09-30 19:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-23 23:30 . 2013-01-24 00:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-09-23 23:30 . 2013-01-24 00:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-09-17 04:51 . 2014-09-23 21:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll2014-09-17 04:51 . 2014-09-23 21:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2014-09-17 04:51 . 2013-01-23 23:52 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll2014-09-13 23:48 . 2014-09-23 21:02 1876296 ----a-w- c:\windows\system32\nvdispco6434411.dll2014-09-13 23:48 . 2014-09-23 21:02 1539272 ----a-w- c:\windows\system32\nvdispgenco6434411.dll2014-09-09 22:11 . 2014-09-23 20:03 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-23 20:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-08-23 02:07 . 2014-08-28 05:11 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-28 05:11 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-10-21 1938624].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ \0.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]R3 ProtectMe;ProtectMe;c:\program files (x86)\PCTRunner\ProtectMe.exe;c:\program files (x86)\PCTRunner\ProtectMe.exe [x]R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe;c:\windows\SYSNATIVE\lxdpcoms.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-10-28 15:09 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 23:30].2014-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 15:20].2014-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4dc3de4c6e02.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 15:20].2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfef9e1061d5e2.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 15:20]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;<local>uSearchAssistant = hxxp://www.google.comTrusted Zone: aeriagames.comTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{4CAE6CC1-C3A2-43A1-AC88-9D8F8A2B7232}: NameServer = 8.8.8.8,8.8.4.4.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startWebBrowser-{4F524A2D-5637-006A-76A7-7A786E7484D7} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exec:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exec:\program files (x86)\ASUS\AI Suite II\AI Suite II.exec:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe.**************************************************************************.Completion time: 2014-10-31 03:45:03 - machine was rebootedComboFix-quarantined-files.txt 2014-10-31 08:44.Pre-Run: 625,165,484,032 bytes freePost-Run: 630,330,138,624 bytes free.- - End Of File - - 7F430EA378B068A30E2DA0AB8D2E91B1A36C5E4F47E84449FF07ED3517B43A31
- October 31, 2014
- 4 replies
Assistance in Removing dllhost.exe *32

PanteraTX posted a topic in Resolved Malware Removal Logs

Like most people here I'm Seeking assistance with my Viris infection. I'm receiving multiple processes ending in *32 Including but not limited to: -dllhost.exe *32 -chrome.exe *32 -iexplorer.exe *32 (seems to depends on which browser I'm using) I've run MB and multiple other virus products. and seemed to have reduced the # of processes but still having issues. MB live protection is consistently blocking websites that are initiated by file c:/windows/SysWOW63/dllhost.exe I have run the Farbar recovery scan Tool. and have attached the FRST and Addition text files. Thank you in advance Addition.txt FRST.txt
- October 31, 2014
- 4 replies

Sign In

PanteraTX

Posts

Joined

Last visited

Reputation

Assistance in Removing dllhost.exe *32

Assistance in Removing dllhost.exe *32

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information