Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHOST.exe Malwarebytes Popups


  • This topic is locked This topic is locked
4 replies to this topic

#1 wolfsbanex17

wolfsbanex17

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 04 November 2014 - 11:35 AM

Hello, I've checked out some of the other topics and you guys are great! I hope you can help me out in removing this virus of my colleagues workstation. 
 
I've tried the following tools: 
Malwarebytes (w/ and without rootkit)
Hitmanpro
Addwcleaner
Vipre
 
With limited results. 
 
============================================
 
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 9/18/2013 8:48:55 AM
System Uptime: 11/4/2014 10:32:37 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 042P49
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 179.895 GiB free.
D: is CDROM ()
E: is Removable
P: is NetworkDisk (NTFS) - 466 GiB total, 349.643 GiB free.
U: is NetworkDisk (NTFS) - 6 GiB total, 1.232 GiB free.
Y: is NetworkDisk (NTFS) - 6 GiB total, 1.232 GiB free.
Z: is NetworkDisk (NTFS) - 0 GiB total, 0.486 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP75: 9/22/2014 3:56:02 PM - Scheduled Checkpoint
RP76: 9/30/2014 11:33:41 AM - Scheduled Checkpoint
RP77: 10/9/2014 11:19:50 AM - Scheduled Checkpoint
RP78: 10/17/2014 8:13:02 AM - Windows Update
RP79: 10/27/2014 8:10:49 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.09)
CCleaner
Cisco WebEx Meetings
Conexant Audio Filter Agent
Conexant HD Audio
Conexant SmartAudio
D3DX10
Dell Client System Update
Dell Edoc Viewer
FC102P BSA for Front-Line Staff
FC120P BSA for Operations Staff
GFI Business Agent
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 40
Java Auto Updater
Junk Mail filter update
LabTech Agent Service
Log Parser 2.2
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Home and Business 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PCN-TERM v2
Photo Common
Photo Gallery
Realtek Ethernet Controller All-In-One Windows Driver
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft .NET Framework 4.5 (KB2898864)
Security Update for Microsoft .NET Framework 4.5 (KB2901118)
Security Update for Microsoft .NET Framework 4.5 (KB2931368)
Security Update for Microsoft .NET Framework 4.5 (KB2972107)
Security Update for Microsoft .NET Framework 4.5 (KB2972216)
Security Update for Microsoft .NET Framework 4.5 (KB2979578v2)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
11/4/2014 11:07:16 AM, Error: Schannel [36887]  - The following fatal alert was received: 70.
11/4/2014 11:07:16 AM, Error: Schannel [36887]  - The following fatal alert was received: 40.
11/4/2014 11:01:28 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111]  - Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
11/4/2014 10:37:27 AM, Error: Service Control Manager [7022]  - The VIPRE Business service hung on starting.
11/4/2014 10:32:52 AM, Error: Microsoft-Windows-GroupPolicy [1030]  - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
11/4/2014 10:32:49 AM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain HMFCU due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
.
==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 wolfsbanex17

wolfsbanex17
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 04 November 2014 - 01:43 PM

I thought a screenshot of the pop-up might help. 

Attached Files



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 06 November 2014 - 04:09 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 09 November 2014 - 12:03 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 11 November 2014 - 11:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users