Jump to content
adh

Malicious Website Blocked - dllhost.exe

Recommended Posts

I also noticed multiple iexplorer.exe and iexplorer.exe *32 processes running in task manager. One of which is showing high cpu usage.  Don't know if that is related to problems I'm having. 

Share this post


Link to post
Share on other sites

Hi :)

Let's take a closer look.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startFolder: C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.

Share this post


Link to post
Share on other sites

Ran this fix.  Please see log file.  Thanks.

 

Also, if it is plugins or extensions from websites I've visited causing additional websites to show up in history is there any settings to prevent that? 

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi :)

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startC:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.

I wonder if switching off the plugins/extensions in IE will cease visiting those websites.

Share this post


Link to post
Share on other sites

Sorry it took so long to respond.  Attached is the new fix log.  I also attached a screenshot showing the multiple iexplorer.exe *32 processes running. Is that related to multiple tabs being open?  Where/how do I turn off plugins/extensions?  Is it under the advanced tab or is it an add-on located somewhere else? Would it help if I enable protected mode in my settings?

 

Thanks. 

post-176566-0-38133100-1416453209_thumb.

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi and sorry for the delay, my network connection went south :blink:

 

 

Yep, the multiple processes belong to multiple tabs. Same result you will get when running Chrome. This is to improve the comfort when one tab (process) get unresponsive - the others should work normally.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

Share this post


Link to post
Share on other sites

Delete your version of ComboFix. Obtain a fresh one.

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Share this post


Link to post
Share on other sites

I'm also now getting blocks for VIP_117[1].swi.  Norton keeps removing it every few minutes.

Share this post


Link to post
Share on other sites

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.