Author Topic: C:\windows\syswow64\dllhost.exe blocked (Read 2679 times)

REDACTED · « **on:** February 24, 2015, 07:09:59 PM »

Receive this Avast popup on a regular basis, log files attached.
Thanks in advance for the help . . .

essexboy · « **Reply #1 on:** February 24, 2015, 07:16:26 PM »

This should stop the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
HKU\S-1-5-21-3363881461-870442667-2210038420-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [fcdctr] => C:\Windows\system32\MigAnet1.exe
HKU\S-1-5-18\...\Run: [fcutil] => C:\Windows\system32\MigAnet.exe
HKU\S-1-5-18\...\Run: [fcperf] => C:\Windows\system32\MigAdmin.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3363881461-870442667-2210038420-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-02-05 16:01 - 2013-02-25 23:32 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\SETFFD6.tmp
2015-02-05 16:01 - 2013-02-25 23:32 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\SETCF45.tmp
2015-02-05 16:01 - 2013-02-25 23:32 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\SET8FE5.tmp
2015-02-05 16:01 - 2013-02-25 23:32 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\SET6260.tmp
2015-02-05 16:01 - 2013-02-25 23:32 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\SET5517.tmp
CustomCLSID: HKU\S-1-5-21-3363881461-870442667-2210038420-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
C:\Windows\system32\MigAnet1.exe
C:\Windows\system32\MigAnet.exe
C:\Windows\system32\MigAdmin.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #2 on:** February 24, 2015, 08:40:14 PM »

Attached.

essexboy · « **Reply #3 on:** February 24, 2015, 09:24:22 PM »

Hmm according to FRST those keys were not found, did you run it twice ?

Could you run another FRST scan please

REDACTED · « **Reply #4 on:** February 24, 2015, 09:33:26 PM »

Yes, it appeared to stall so I closed and restarted FRST on that last post.
I rebooted and performed a fresh fix . . . log attached.

If it's cleaner, I'm happy to run all the tools again and post fresh log files.

essexboy · « **Reply #5 on:** February 24, 2015, 11:08:14 PM »

Ah that explains what happened prior to the stall it removed Poweliks (the stall was probably whilst it was emptying the temp files, that may take a while). The second run completed the empty temp..

How is the computer behaving now ?

REDACTED · « **Reply #6 on:** February 25, 2015, 02:59:27 AM »

No Avast "blocked" pop ups so far, will continue to monitor and report back tomorrow . . .

Thank you.

Author Topic: C:\windows\syswow64\dllhost.exe blocked (Read 2679 times)

REDACTED

C:\windows\syswow64\dllhost.exe blocked

essexboy

Re: C:\windows\syswow64\dllhost.exe blocked

REDACTED

Re: C:\windows\syswow64\dllhost.exe blocked

essexboy

Re: C:\windows\syswow64\dllhost.exe blocked

REDACTED

Re: C:\windows\syswow64\dllhost.exe blocked

essexboy

Re: C:\windows\syswow64\dllhost.exe blocked

REDACTED

Re: C:\windows\syswow64\dllhost.exe blocked