malicious website blocked outbound process windows\syswow64\dllhost

L

Lulu

New Member
Thread author
Verified
Oct 30, 2014
20
0
6
64
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
 
Last edited:
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code: 
Start
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {c09c1372-6165-11e0-b39f-d48564bb91b1} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {d709d7ba-fa53-11df-adbf-d48564bb91b1} - K:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {d709d7c1-fa53-11df-adbf-d48564bb91b1} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
HKLM-x32\...\Run: [] => [X]
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
 
do you mean that they should be in the same notepad file or just both on the desk top
 
Running from C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPV6C60O
Click to expand...

FRST must be on desktop Fixlist.txt also.
 
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Download Fixlist.txt and cklick Fix
 

Attachments

my computer keeps blocking downloads but I fixed that however the fixlist txt is just a text file - nothing to click for "run" sorry I am being a pian. you put a link above from my computer do I need to follow that to find a run?
 
Run FRST/FRST64 and press the Fix button just once and wait. this is where I am confused - there is nothing to run was I suppose to have this on my computer already?
 
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.



See my first post.
 
OK, Run FRST and cklick Fix

FRST tool on the desktop and fixlist on destop?
 
ohhh I closed that window can I re download - hitting my head against desk - so sorry
 
after I ran it and got the info you asked about I closed it - now I don't remember how I got it
 
so what do I need to do? and when you say it blocked malware - what does that mean - Oh I can't even imaging doing what you do
 
ok I did that it is just words again - changed it to fixlist.txt and it is next to the FST on my desktop but I did not get the picture you posted for me
 

You may also like...