[ti]SOLVED[/ti]c71585.com trojan.zbot with multiple ie and dlhost open

Download   Malwarebytes Anti-Rootkit to your Desktop.

Double-click "mbar.exe" to start the tool.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
Open the MBAR folder and paste or attach the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"

The below screenshot includes step 4 (cleanup) don't do that one yet 




Quads

You can have MBAR delete all (cleanup Button)

Quads

dllhost.exe is legit and x64 has 2 working copies

iexplore.exe is legit and is IE, also users can have Windows set to show every instance of a process open, Browsers do so and can have a few running, like Chrome can have 5 chrome.exe 's or more running


Press the + R Keys on your keyboard at the same time. Type notepad and click OK.
Copy the entire content of the codebox below and paste into the notepad (Including start and end)


start
2015-01-27 22:59 - 2015-01-29 10:59 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-27 22:59 - 2015-01-27 22:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
CustomCLSID: HKU\S-1-5-21-4146165697-1227186275-439605532-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\thawbrkr.dll No File
Reboot:
end

Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


Right-click on icon and select Run as Administrator to start FRST.

(XP users click run after receipt of Windows Security Warning - Open File).
Press the button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here

Quads

[/b][/a] (by tigzy) on to your desktop
[*] Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until the Prescan has finished ...
[*] Click on Scan. Once finished, click on Report[/ul]

Please post the contents of the RKreport.txt in your next Reply.



Quads