Jump to content

gshinks

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by gshinks

  1. gshinks
    Thanks, again!
  2. gshinks
    Security Check log: Note I resolved the multiple av issues and only have bitdefender and zoneaware now... I don't know why adaware still shows up here Results of screen317's Security Check version 0.99.89 Windows Vista Service Pack 2 x64 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Bitdefender Antivirus Free Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Java 7 Update 67 Java 8 Update 25 Adobe Reader 10.1.12 Adobe Reader out of Date! Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Bitdefender Antivirus Free Edition gziface.exe Bitdefender Antivirus Free Edition gzserv.exe CheckPoint ZoneAlarm ZaPrivacyService.exe CheckPoint ZoneAlarm zatray.exe CheckPoint ZoneAlarm vsmon.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
  3. gshinks
    Everything seems good and malwarebytes just complete a negative scan so I guess it looks good. I can't thank you guys enough. I'll surely make a donation.
  4. gshinks
    jrt log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.6 (11.05.2014:1) OS: Windows Vista Home Premium x64 Ran by Greg on Fri 11/07/2014 at 9:29:47.87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\ad-aware browsing protection" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 11/07/2014 at 9:33:38.22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. gshinks
    adwcleaner log: # AdwCleaner v3.311 - Report created 07/11/2014 at 09:19:44# Updated 30/09/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Greg - BIGWOLFGAR# Running from : C:\Users\Greg\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com[!] Folder Deleted : C:\Program Files (x86)\eSupport.com[!] Folder Deleted : C:\Users\Greg\AppData\Local\PackageAware[!] Folder Deleted : C:\Users\Greg\AppData\Roaming\pdfforge ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\eSupport.comKey Deleted : HKCU\Software\AppDataLow\Software\adawarebpKey Deleted : HKCU\Software\AppDataLow\Software\Show-Password ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16584 -\\ Google Chrome v38.0.2125.111 [ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3434 octets] - [07/11/2014 09:17:53]AdwCleaner[s0].txt - [2468 octets] - [07/11/2014 09:19:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2528 octets] ##########
  6. gshinks
    I'm not sure what that's all about... Adaware was completely shut down, services and running processes stopped, etc and windows security center reported security essentials was shut down as well. I only run adaaware. Could this be another issue?
  7. gshinks
    That was scary, but patience paid off... For future users: my screen did turn off for a while, but hard disk access indicated the pc was still working, then returned to the desktop. Log attached... Log.txt
  8. gshinks
    TDSSKiller found nothing... running combofix...
  9. gshinks
    Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014Ran by Greg at 2014-11-06 21:42:23 Run:1Running from C:\Users\Greg\DownloadsLoaded Profile: Greg (Available profiles: Greg & Administrator)Boot Mode: Normal============================================== Content of fixlist:*****************HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKLM - DefaultScope value is missing.2014-10-28 22:12 - 2014-10-28 22:12 - 00000028 _____ () C:\Windows\SysWOW64\u2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\uzwssf.dll2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\gyikk.dll2014-10-28 21:03 - 2014-10-29 23:10 - 00000000 ___HD () C:\f85ac2d2014-10-28 21:03 - 2014-10-28 21:03 - 00000944 ____H () C:\ProgramData\@system2.att2014-10-28 17:39 - 2014-11-05 00:45 - 00000000 ____D () C:\ProgramData\UiddEsmo2014-10-28 17:38 - 2014-10-28 18:09 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\ReertoC:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.datC:\Users\Greg\AppData\Local\Temp\i4jdel0.exeCustomCLSID: HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?AlternateDataStreams: C:\ProgramData\TEMP:C581A570 ***************** "HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.Default URLSearchHook was restored successfully .HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.C:\Windows\SysWOW64\u => Moved successfully.C:\Windows\system32\uzwssf.dll => Moved successfully.C:\Windows\system32\gyikk.dll => Moved successfully.C:\f85ac2d => Moved successfully.C:\ProgramData\@system2.att => Moved successfully.C:\ProgramData\UiddEsmo => Moved successfully.C:\Users\Greg\AppData\Roaming\Reerto => Moved successfully.C:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.dat => Moved successfully.C:\Users\Greg\AppData\Local\Temp\i4jdel0.exe => Moved successfully."HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.C:\ProgramData\TEMP => ":C581A570" ADS removed successfully. ==== End of Fixlog ====
  10. gshinks
    edit to above... Powelik, not Pamelik... though now I see it in the log, so yeah....
  11. gshinks
    And for roguekiller... I should add though probably not necessary that a page popped up when done with instructions on how to remove Pamelik. I did nothing, but thought it significant. RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Greg [Administrator] Mode : Scan -- Date : 11/06/2014 21:24:56 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 20 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found [Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤ [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xacb32c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0xacb32c0 [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] e7809b82b84dad6156509aea78f9dd45 [bSP] ec73f36aa91eb4b59869abf2e237271a : HP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 117 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 240975 | Size: 15264 MB 2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31503466 | Size: 938485 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )
  12. gshinks
    And the logs for Farbar... Addition.txt FRST.txt
  13. gshinks
    Thanks... here's the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/6/2014Scan Time: 8:56:07 PMLogfile: Log.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.06.10Rootkit Database: v2014.11.01.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Greg Scan Type: Threat ScanResult: CompletedObjects Scanned: 397227Time Elapsed: 10 min, 52 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 10PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [8012c0783d3f9a9c2598f2f76e946e92], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [8d053bfd1f5db2845f5fa148cf3321df], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [e2b08dabeb9123133b17e50439c9b34d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b7db0c2c93e9082e92d17aeead56c739], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [49491d1b66162c0a712c4c460df7b54b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [197972c6b2ca082e68fb90d83fc48c74], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [2c6625133f3d4fe7a5f8068c3cc845bb], PUP.Optional.VideoSaver.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\capekcnhbegaapfdadcjikcnnebplepa, Quarantined, [d7bbb6820a7253e394594f422fd5eb15], PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Video-Saver-1, Quarantined, [c5cd41f7daa2f3434addc18a6d9628d8], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c], Registry Values: 2PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{cd40b1e8-8cd2-4915-9e00-80cb745ff41e}, C:\Program Files (x86)\Video-Saver\150.xpi, Quarantined, [fa9858e0bac2a3933bb569282ed6bf41]PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1Trojan.Agent, C:\Users\Greg\AppData\Local\svcxdcl32.dat, Quarantined, [a2f095a3027a94a2b81f20289b687888], Physical Sectors: 0(No malicious items detected) (end)
  14. gshinks
    Sorry to be a repeat of this issue, but it seems everyone is a little different. I recently was infected with a virus appearing to be called "SecurityCenter". This wasn't my first run-in with malware so I did what I know to remove it manually (av clearly failing in the first place). I was able to remove all keys and processes and nothing suspicious runs now with the exception of this dllhost issue. It only starts when Internet Explorer runs and results in many instances of the process running simultaneously, consuming resources. The processes can be stopped and everything runs normally for a while. In addition, Internet Explorer protected mode repeatedly gets turned off automatically and the home page reset to about:blank. I have completeley uninstalled IE and reinstalled with no reslution. I am running Vista x64 premium.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.