Please note the message text in blue
at the top of this forum. No one should be using ComboFix
unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator
to be "used under the guidance and supervision of an expert
. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the pinned topic ComboFix usage, Questions, Help? - Look here
If you ran ComboFix on your own due to malware infection, please be aware that using ComboFix is only one part of the disinfection process. With that said, all files listed in an RKill log are not necessarily malware related. In addition to terminating the most common bad processes that prevent other tools from being executed, Rkill also terminates executable files running from a user profile by design. Programs should not be running from a userprofile as they are meant to hold data, preferences, settings, and configuration files. Determining whether a file is malware or a legitimate process usually depends on the location
(path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.DllHost.exe
(aka COM Surrogate
or DCOM DLL host process) is a process that supports DLL-based COM objects and is used by many Windows programs. This process is a legitimate Windows component that resides in the system 32 folder. It is not uncommon to find multiple instances of DllHost.exe running in Task Manager or its presence indicated as terminated in RKill's output log.RtkBtMnt.exe
is a legitimate process related to Realtek HD Audio Data Rerouter by Realtek Semiconductor Corp. that is usually located in a profile subfolder of C:\Documents and Settings.
RKill - What it does and What it Doesn't - A brief introduction to the program
RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable some of the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill (itself)...
If you are able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill
. Using Rkill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situations.
FYI: Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example
If you cannot find any informatio, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:
In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Edited by quietman7, 08 November 2010 - 12:53 PM.