Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ending Program: DLL hoster


  • This topic is locked This topic is locked
9 replies to this topic

#1 Alduin's Khajiit

Alduin's Khajiit

  • Banned
  • 167 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 13 August 2014 - 06:38 PM

Within the last couple of weeks on my eMachines upon shutting down my computer a End Now message box comes up with "DLL Hoster" in the title, why is this happening & what does it relate to? What if anything can I do about it? and should I be worried?

 

Googling "ending program dll hoster" only resulted in money making scam results


Edited by hamluis, 16 August 2014 - 07:30 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 13 August 2014 - 06:50 PM

When I Googled DLL Hoster the only common thing noted was F-secure.

 

Googled "DLL Hoster f-secure"

 

http://windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=16633



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 13 August 2014 - 06:57 PM

Add a Mini toolbox log as this may belong to F-Secure as mentioned or Charter Communications.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Alduin's Khajiit

Alduin's Khajiit
  • Topic Starter

  • Banned
  • 167 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 13 August 2014 - 07:46 PM

do you want me to run that on the computer with DLL hoster or the computer I googled "ending program dll hoster"??? they are two different computers



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 13 August 2014 - 07:59 PM

The one showing the error


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Alduin's Khajiit

Alduin's Khajiit
  • Topic Starter

  • Banned
  • 167 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 14 August 2014 - 08:03 AM

Frontier Secure blocked  Mini Toolbox calling it a virus



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 14 August 2014 - 08:23 PM

Allow it it's not a virus. We made it here at BC
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Alduin's Khajiit

Alduin's Khajiit
  • Topic Starter

  • Banned
  • 167 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 16 August 2014 - 04:30 PM

Frontier had a hard time unblocking

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Naked Skyla (administrator) on 16-08-2014 at 17:28:06
Running from "C:\Documents and Settings\Naked Skyla\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1            localhost

127.0.0.1    localhost

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : nakedskyla

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : netgear.com



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : netgear.com

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-40-CA-4F-EA-38

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.254.42

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.254.254

        DHCP Server . . . . . . . . . . . : 192.168.254.254

        DNS Servers . . . . . . . . . . . : 192.168.254.254

        Lease Obtained. . . . . . . . . . : Saturday, August 16, 2014 3:38:15 PM

        Lease Expires . . . . . . . . . . : Sunday, August 17, 2014 3:38:15 PM

Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    google.com
Addresses:  74.125.228.229, 74.125.228.228, 74.125.228.231, 74.125.228.227
      74.125.228.225, 74.125.228.233, 74.125.228.226, 74.125.228.238, 74.125.228.232
      74.125.228.230, 74.125.228.224



Pinging google.com [74.125.228.224] with 32 bytes of data:



Reply from 74.125.228.224: bytes=32 time=95ms TTL=56

Reply from 74.125.228.224: bytes=32 time=52ms TTL=56



Ping statistics for 74.125.228.224:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 52ms, Maximum = 95ms, Average = 73ms

Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=107ms TTL=50

Reply from 206.190.36.45: bytes=32 time=100ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 100ms, Maximum = 107ms, Average = 103ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 4f ea 38 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254  192.168.254.42      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
    192.168.254.0    255.255.255.0   192.168.254.42  192.168.254.42      20
   192.168.254.42  255.255.255.255        127.0.0.1       127.0.0.1      20
  192.168.254.255  255.255.255.255   192.168.254.42  192.168.254.42      20
        224.0.0.0        240.0.0.0   192.168.254.42  192.168.254.42      20
  255.255.255.255  255.255.255.255   192.168.254.42  192.168.254.42      1
Default Gateway:   192.168.254.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/16/2014 05:24:36 PM) (Source: F-Secure DeepGuard) (User: )
Description: 1  2014-08-16  17:24:31-04:00  NAKEDSKYLA  NAKEDSKYLA\Naked Skyla  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\naked skyla\my documents\downloads\minitoolbox.exe
 File hash: 86e47b9890119b3e888adbca6acc86cf9678846a

Error: (08/16/2014 00:28:59 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (08/16/2014 00:28:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (08/16/2014 00:28:59 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (08/16/2014 00:28:53 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 138 of d:\comxp_sp3\com\com1x\src\events\tier2\service.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (08/14/2014 09:02:22 AM) (Source: F-Secure DeepGuard) (User: )
Description: 1  2014-08-14  09:02:22-04:00  NAKEDSKYLA  NAKEDSKYLA\Naked Skyla  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\naked skyla\my documents\downloads\minitoolbox.exe
 File hash: 86e47b9890119b3e888adbca6acc86cf9678846a


System errors:
=============
Error: (08/16/2014 03:39:45 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (08/16/2014 02:59:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (08/16/2014 02:59:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde


Microsoft Office Sessions:
=========================
Error: (08/16/2014 05:24:36 PM) (Source: F-Secure DeepGuard)(User: )
Description: 1  2014-08-16  17:24:31-04:00  NAKEDSKYLA  NAKEDSKYLA\Naked Skyla  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\naked skyla\my documents\downloads\minitoolbox.exe
 File hash: 86e47b9890119b3e888adbca6acc86cf9678846a

Error: (08/16/2014 00:28:59 PM) (Source: SecurityCenter)(User: )
Description:

Error: (08/16/2014 00:28:59 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (08/16/2014 00:28:59 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

Error: (08/16/2014 00:28:53 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier2\service.cpp138800706BA

Error: (08/14/2014 09:02:22 AM) (Source: F-Secure DeepGuard)(User: )
Description: 1  2014-08-14  09:02:22-04:00  NAKEDSKYLA  NAKEDSKYLA\Naked Skyla  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\naked skyla\my documents\downloads\minitoolbox.exe
 File hash: 86e47b9890119b3e888adbca6acc86cf9678846a



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Alice Application (HKLM\...\nbi-alice-3.0.0.1.1) (Version:  - )
Ant War (HKLM\...\Ant War_is1) (Version:  - )
Attribute Changer 6.20 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 6.20 - Romain Petges)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avance AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Beach Life (HKLM\...\{F9657EF6-C156-4CE9-A0A2-562CD3E94842}) (Version:  - )
Bounce Symphony (HKLM\...\WT005524) (Version: WT005524 - WildTangent)
Bowling 1.1 (Greatest Hits Version) (HKLM\...\Lets Go Bowling_is1) (Version:  - NO.2 Games, Inc.)
Bus Driver 1.0 (HKLM\...\Bus Driver) (Version: 1.0 - SCS Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Computer Security 12.83.104.0 (release) (Version: 12.83.104.0 - F-Secure Corporation) Hidden
CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deal or No Deal (HKLM\...\{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}) (Version: 1.0.1 - Global Star)
Diner Dash (HKLM\...\Diner Dash1.0 (Cracked By CoffeeMan)) (Version: 1.0 (Cracked By CoffeeMan) - Sir Galahad)
Dragon UnPACKer 5 (HKLM\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
Final Fantasy VII - Ultima Edition (HKLM\...\Final Fantasy VII_is1) (Version:  - )
Flower Paradise 1.00 (HKLM\...\Flower Paradise 1.00) (Version:  - )
Frontier Secure (HKLM\...\F-Secure ServiceEnabler 53784) (Version: 1.83.311.0 - F-Secure Corporation)
Frontier Secure (Version: 1.83.311.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.23.124.8831 (release) (Version: 1.23.124.8831 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (Version: 1.02.128.1 - F-Secure Corporation) Hidden
Game Console - WildGames (HKLM\...\Game Console - WildGames) (Version:  - WildTangent)
Heavy Weapon Deluxe 1.0 (HKLM\...\Heavy Weapon Deluxe 1.0) (Version:  - )
Inherit the Earth (HKLM\...\WyrmkeepInheritTheEarth) (Version:  - )
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDiskReport 1.4.0 (HKLM\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
Kitten Sanctuary (HKLM\...\Kitten Sanctuary1.2) (Version: 1.2 - Adnan_Boy 2008)
K-Lite Mega Codec Pack 10.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Kudos 2 (HKLM\...\Kudos 21.01) (Version: 1.01 - Adnan_Boy 2008)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Lose Your Marbles (HKLM\...\Lose Your Marbles) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False (Version: 11.0.51106.1 - ?????????? ??????????) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False (Version: 11.0.60610.1 - ?????????? ??????????) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - ?????????? ??????????)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - ?????????? ??????????)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Miniverse Minigolf 1.2g (Greatest Hits Version) (HKLM\...\Miniverse Minigolf_is1) (Version:  - NO.2 Games, Inc.)
Monopoly City (HKLM\...\Monopoly City1.0) (Version: 1.0 - Foxy Games)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MultiExtractor Pro version 2.84a (HKLM\...\{67EB3B13-168F-47A4-893A-4C2CB9143000}_is1) (Version: 2.84a - )
Online Safety 2.83.1346.10 (Version: 2.83.1346.10 - F-Secure Corporation) Hidden
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Paradise Pet Salon (HKLM\...\{341710E4-7414-4BC7-8AB4-CD38848FCA23}) (Version: 1.00.0000 - Ronakt Productions)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plants vs. ZombiesJust For Fun Games (HKLM\...\Plants vs. ZombiesJust For Fun Games) (Version:  - )
PowerMenu 1.51 (HKLM\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
Privates (HKLM\...\Privates_is1) (Version:  - Zombie Cow Studios)
Purrfect Pet Shop (HKLM\...\Purrfect Pet Shop) (Version:  - )
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
RGSS-RTP Standard (HKLM\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Rock Legend (HKLM\...\Rock Legend_is1) (Version:  - )
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Super Collapse! (HKLM\...\{A301896D-9F55-4492-B518-30EAC4C723E1}) (Version:  - )
Super Glinx! (HKLM\...\{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}) (Version:  - )
Super Nisqually! (HKLM\...\{40B739E1-40CC-4F0D-9BA1-B75492FFA732}) (Version:  - )
Super Street Fighter 4 Arcade Edition (HKLM\...\Super Street Fighter 4_is1) (Version: 1.08 - Capcom)
Super Street Fighter 4 version SKIDROW (HKLM\...\{249B8B8F-C49D-4E92-8795-35FDFDE748D9}}_is1) (Version: SKIDROW - © Square Enix)
Sylveon (HKLM\...\Sylveon_is1) (Version:  - )
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Game Of Life by Hasbro (HKLM\...\The Game Of Life by Hasbro1.0) (Version: 1.0 - Adnan_Boy 2008)
Tornado Jockey (HKLM\...\WT025771) (Version: WT025771 - WildTangent)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2981580) (HKLM\...\KB2981580) (Version: 1 - Microsoft Corporation)
Vegas Games 2000 (HKLM\...\Vegas Games 2000) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Entertainment Pack (All-In-One) (HKLM\...\{0C2785F3-42E1-44A6-8FF8-05E1042D05E0}) (Version: 1...5 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Zan Image Printer (HKLM\...\zvprt50) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1527.48 MB
Available physical RAM: 836 MB
Total Pagefile: 3427.02 MB
Available Pagefile: 2585.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:23.82 GB) NTFS
3 Drive e: (WXPVOL_EN) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\NAKEDSKYLA

Administrator            ASPNET                   Guest                    
HelpAssistant            Naked Skyla              SUPPORT_388945a0         


**** End of log ****
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 18 August 2014 - 01:47 PM

I see nothing here to prove it's malware. But we can get a deeper look to e sure.
 
Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 55,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:30 AM

Posted 23 August 2014 - 01:17 PM

Reference:  http://www.bleepingcomputer.com/forums/t/545426/i-was-told-to-post-here-from-another-topic/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users