Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dllhost.exe *32 Strangling Resources

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 19th, 2014, 4:29 pm

Over the past 3 days, my internet speed has decreased significantly. I used to have no issues with my ping and internet speed. Now, youtube and online games have been rendered on playable. When using the command prompt to ping websites, the average ping is about 400 ms, ranging anywhere from 250 ms up to 700 ms. My download speed has been reduced from it's normal ~125 kb/sec to 10kb/ sec.

This slow internet speed has not just infected this computer, but all computers in my network. I have tried reseating my modem and my router, but neither of these methods worked.

I scanned my computer using both MSE and Malewarebytes, but neither turned up anything. However, upon examining the detected items history in MSE, I discovered that a Trojan horse, JS/Krypterade.A, had been detected on my PC 24 hours ago. There was no warning of this last night; no notifications popped up. This Trojan horse is supposed to be ransomware, but my PC has never been locked up and money has never been solicited from me via fake threats. Yet, task manager is showing multiple dllhost.exe *32 processes (up to 10) that are consistent with this virus. Network iControl is showing that this dllhost.exe is taking up around 100KBps of bandwith. I am beginning to suspect that I have a virus on this PC.

Due to the fact that downloads are excruciatingly slow and I don't have any other anti-virus software on my hands, is there anything else I can do before downloading new software? If it does come down to me being forced to download something, which programs should I get? Thanks in advance.

I would like to add that Internet Explorer has stopped saving my information when I ask for websites to remember my log-in information. Furthermore, every time I restart Internet Explorer, file downloads are set to disable. Every single file I download has to be downloaded twice because after the first download, Internet Explorer states that the file was not downloaded. On top of this, many .exe files cannot be downloaded; instead, the file is downloaded in a different format, so that it is rendered unusable.

DDS File:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.67.2
Run by Renegade at 13:23:20 on 2014-10-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7639.5439 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [SansaDispatch] C:\Users\Renegade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{310F3A00-3F78-4A22-81F7-7F34C0288745} : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= gpsort.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Renegade\AppData\Roaming\Mozilla\Firefox\Profiles\oqbmw1l7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-2-3 32400]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-2-3 149120]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-6-22 66728]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-22 726160]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [2013-2-3 324608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-9-14 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-9-14 21872]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-2-22 25832]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\System32\drivers\usbVM31b.sys [2005-9-19 142336]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
.
=============== Created Last 30 ================
.
2014-10-19 18:52:42 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C94CFAE-313C-4B26-8542-E37F0989DA9A}\offreg.dll
2014-10-19 03:21:49 -------- d-----w- C:\ProgramData\AVAST Software
2014-10-19 03:19:44 -------- d-----w- C:\ProgramData\Panda Security
2014-10-19 02:09:48 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C94CFAE-313C-4B26-8542-E37F0989DA9A}\mpengine.dll
2014-10-18 19:16:23 -------- d-----w- C:\FRST
2014-10-18 07:31:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-10-18 07:31:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-18 06:32:25 -------- d-----w- C:\Program Files\HitmanPro
2014-10-16 03:57:45 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 03:57:17 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 03:57:17 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 03:57:17 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 03:57:17 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 03:57:17 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 03:57:17 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-10-16 03:56:15 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-10-16 03:55:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-16 03:55:42 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-16 03:55:41 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-16 03:49:30 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 03:49:30 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 03:49:03 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 03:49:03 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-16 03:49:03 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-16 03:49:03 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-16 03:49:03 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-16 03:49:03 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-16 03:49:03 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-16 03:49:02 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 03:49:02 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 03:46:31 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 03:46:31 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-13 04:36:27 -------- d-----w- C:\Users\Renegade\AppData\Roaming\WizardWars
2014-10-13 04:36:12 175136 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-10-13 04:36:07 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-10-13 04:35:06 -------- d-----w- C:\ProgramData\Package Cache
2014-10-08 04:38:05 -------- d-----w- C:\Users\Renegade\AppData\Local\EdgeOfReality
2014-09-30 23:50:49 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 23:50:49 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-23 23:34:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 23:34:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-21 18:50:38 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-21 18:50:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-21 18:50:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-21 18:50:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 23:09:53 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-08-23 23:09:43 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-08-23 23:09:43 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-12 01:41:04 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-21 20:36:21 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-21 20:36:21 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 13:23:48.73 ===============

Attach File:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2013 3:05:05 AM
System Uptime: 10/19/2014 11:48:57 AM (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | F1A55-M LX PLUS R2.0
Processor: AMD A8-3870 APU with Radeon(tm) HD Graphics | FM1 | 3000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 743.951 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP237: 10/12/2014 9:34:44 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP238: 10/12/2014 9:35:26 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP239: 10/15/2014 4:54:28 PM - Windows Update
RP240: 10/16/2014 12:33:54 AM - Windows Update
RP241: 10/17/2014 11:39:56 PM - Checkpoint by HitmanPro
RP242: 10/18/2014 12:00:42 AM - Checkpoint by HitmanPro
RP243: 10/18/2014 12:00:55 AM - Checkpoint by HitmanPro
RP244: 10/18/2014 12:01:28 AM - Checkpoint by HitmanPro
RP245: 10/18/2014 12:01:59 AM - Checkpoint by HitmanPro
RP246: 10/18/2014 1:40:23 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP247: 10/18/2014 8:22:39 PM - avast! antivirus system restore point
RP248: 10/19/2014 11:40:11 AM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.11) MUI
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
AMD Wireless Display v3.0
Audacity 2.0.5
Blacklight: Retribution
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer The First Decade
Construct 2 r173
Crysis WARHEAD(R)
Crysis Wars(R)
Crysis(R)
Doxillion Document Converter
Dragon Age: Origins
ESET Online Scanner v3
Fallout 3
Half-Life 2
HitmanPro 3.7
Java 7 Update 67
Java Auto Updater
Loadout
Magicka: Wizard Wars
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MixPad Multitrack Recording Software
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NBA 2K13
Need For Speed™ World
NVIDIA PhysX
PlanetSide 2
PunkBuster Services
Quake Live
Quake Live Internet Explorer Plugin
Raptr
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2
Sansa Updater
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Sid Meier's Civilization III Complete
Steam
Team Fortress 2
The Sims Complete Collection
Tribes: Ascend
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Audio Cable 4.10
VirtualCloneDrive
WavePad Sound Editor
WinCDEmu
WinRAR 5.00 (32-bit)
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
10/19/2014 12:04:52 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
10/19/2014 12:04:47 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2014 12:04:38 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2014 12:04:35 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/19/2014 11:53:03 AM, Error: Service Control Manager [7034] - The AsusFanControlService service terminated unexpectedly. It has done this 2 time(s).
10/19/2014 11:49:28 AM, Error: Service Control Manager [7034] - The AsusFanControlService service terminated unexpectedly. It has done this 1 time(s).
10/19/2014 11:49:26 AM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
10/19/2014 11:49:26 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
10/18/2014 7:35:40 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
10/18/2014 11:11:22 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2014 11:11:19 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2014 11:06:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/17/2014 11:43:00 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
10/16/2014 6:51:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
10/14/2014 8:17:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm
Advertisement
Register to Remove

Re: Dllhost.exe *32 Strangling Resources

Unread postby pgmigg » October 21st, 2014, 8:33 pm

Hello GhostfaceKilah,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Dllhost.exe *32 Strangling Resources

Unread postby pgmigg » October 22nd, 2014, 12:35 am

Hello GhostfaceKilah,

Step 1.
TSG - SysInfo utility
  1. Please download SysInfo.exe and save it to your Desktop.
  2. Right click SysInfo.exe and select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. The small square window will be opened with already highlighted text - please right click on it, select Copy and then paste it in your next post.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 4.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Then:
Please tell me is this computer used for any kind of business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TSG - SysInfo utility
  3. Contents of CKFiles.txt log file
  4. Contents of a log created by MGADiag.exe
  5. Contents of a log created by WVCheck.exe
  6. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 22nd, 2014, 2:45 am

SysInfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD A8-3870 APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 4
RAM: 7638 Mb
Graphics Card: AMD Radeon HD 6550D, 512 Mb
Hard Drives: C: Total - 953766 MB, Free - 761850 MB;
Motherboard: ASUSTeK COMPUTER INC., F1A55-M LX PLUS R2.0
Antivirus: None

CKScanner
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\microsoft games\age of empires ii\crack.exe
c:\program files (x86)\steam\steamapps\common\team fortress 2\config\html\local storage\http_www.crackle.com_0.localstorage
c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\download\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\download\materials\sprites\trails\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_blue.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_blue.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_red.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_red.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\blend_quarkscracks.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\blend_quarkscracks_tooltexture.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor_normal.vtf
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\age2upa.exe
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\age2xpatch.exe
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\age2_x1crack.rar
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\ageofempire2 patchs.rar
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\aoe2 color fix for win7.txt
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\aoe2 crack.rar
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\aoe2 the conquerors expansion random maps.zip
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\language files.zip
c:\users\renegade\downloads\gearz- age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\aoe2 patchs and cracks\patch install.txt
scanner sequence 3.ZZ.11.UWNAH0
----- EOF -----

I know that the above files are cracked programs. I've tried to delete them but Windows says either that they are being used by another program or that I don't have administrator rights. This may be a part of my problem, but I do have to note that these files were on my computer long before any of my current problems popped up.
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm

Re: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 22nd, 2014, 2:47 am

MGADiag

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-CWRF2-TRJKB-PV9HW
Windows Product Key Hash: Fs455Nky3AorD9YNxMNmvlm1bGw=
Windows Product ID: 00371-OEM-8992671-00407
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {486E6243-7B77-4389-BD6E-2960651E3F31}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Disabled
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{486E6243-7B77-4389-BD6E-2960651E3F31}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PV9HW</PKey><PID>00371-OEM-8992671-00407</PID><PIDType>2</PIDType><SID>S-1-5-21-4237216898-264680874-324243060</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5008</Version><SMBIOSVersion major="2" minor="7"/><Date>20120809000000.000000+000</Date></BIOS><HWID>922F3307018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>55A39B2AC03BD86</Val><Hash>u+u4uLijTg18svHcztt0SJv6tjM=</Hash><Pid>89388-707-0157384-65095</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700407-02-1033-7601.0000-3002013
Installation ID: 020785441962146286672606855622301004059603013086279694
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PV9HW
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 10/21/2014 11:46:16 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:19:2014 23:09
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAgACAAAAAQABAAEAln0a/5S1TjRu1houOoPu+5ixOGmKqd6IsoIG6WZfAGo=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG A M I GMCH945.
FPDT ALASKA A M I
BGRT ALASKA A M I
SSDT AMD POWERNOW
SSDT AMD POWERNOW
SLIC _ASUS_ Notebook
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm

Re: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 22nd, 2014, 2:52 am

WVCheck

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2348_21-10-2014
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2014-10-21 23:31:18
Last Success Time for Update Download: 2014-10-21 23:32:52
Last Success Time for Update Installation: 2014-10-21 23:33:54


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 24/2/2013 5:52:37
Modification; 20/11/2010 5:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 24/2/2013 5:52:37
Modification; 20/11/2010 5:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 16:52:11
Modification; 13/7/2009 18:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 23/2/2013 10:53:5
Modification; 20/12/2010 23:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 23/2/2013 10:53:5
Modification; 20/12/2010 23:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 24/2/2013 5:52:38
Modification; 20/11/2010 6:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 16:36:22
Modification; 13/7/2009 18:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 23/2/2013 10:53:5
Modification; 20/12/2010 22:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 23/2/2013 10:53:5
Modification; 20/12/2010 22:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 24/2/2013 5:52:37
Modification; 20/11/2010 5:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 2351_21-10-2014 --------
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm

Re: Dllhost.exe *32 Strangling Resources

Unread postby pgmigg » October 22nd, 2014, 10:28 am

Cracked/Keygen related software detected!!!

I know that the above files are cracked programs. I've tried to delete them but Windows says either that they are being used by another program or that I don't have administrator rights. This may be a part of my problem, but I do have to note that these files were on my computer long before any of my current problems popped up.
As you should have read in my Welcome Post here, "You must have Administrator rights, permissions for this computer." You have to remove not only specifically selected files but the entire applications!

Your machine shows evidence of cracked or otherwise illegal software which you use during a long period of time.
We are unable to help you at this time due to the presence of such software on this system, which is not in compliance with this site's guidelines as posted Here; therefore, I can offer no further assistance and must request that this topic will be closed.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • Illegal software key generators

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Dllhost.exe *32 Strangling Resources

Unread postby Cypher » October 22nd, 2014, 10:38 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware