gshinks
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gshinks
-
-
Security Check log: Note I resolved the multiple av issues and only have bitdefender and zoneaware now... I don't know why adaware still shows up here
Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus Free Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java 7 Update 67
Java 8 Update 25
Adobe Reader 10.1.12 Adobe Reader out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Bitdefender Antivirus Free Edition gziface.exe
Bitdefender Antivirus Free Edition gzserv.exe
CheckPoint ZoneAlarm ZaPrivacyService.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm vsmon.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
-
Everything seems good and malwarebytes just complete a negative scan so I guess it looks good. I can't thank you guys enough. I'll surely make a donation.
-
jrt log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.6 (11.05.2014:1)OS: Windows Vista Home Premium x64Ran by Greg on Fri 11/07/2014 at 9:29:47.87~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protectionSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL~~~ Registry Keys~~~ Files~~~ FoldersFailed to delete: [Folder] "C:\ProgramData\ad-aware browsing protection"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 11/07/2014 at 9:33:38.22End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
adwcleaner log:
# AdwCleaner v3.311 - Report created 07/11/2014 at 09:19:44# Updated 30/09/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Greg - BIGWOLFGAR# Running from : C:\Users\Greg\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com[!] Folder Deleted : C:\Program Files (x86)\eSupport.com[!] Folder Deleted : C:\Users\Greg\AppData\Local\PackageAware[!] Folder Deleted : C:\Users\Greg\AppData\Roaming\pdfforge***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\eSupport.comKey Deleted : HKCU\Software\AppDataLow\Software\adawarebpKey Deleted : HKCU\Software\AppDataLow\Software\Show-Password***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16584-\\ Google Chrome v38.0.2125.111[ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [3434 octets] - [07/11/2014 09:17:53]AdwCleaner[s0].txt - [2468 octets] - [07/11/2014 09:19:44]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2528 octets] ########## -
I'm not sure what that's all about... Adaware was completely shut down, services and running processes stopped, etc and windows security center reported security essentials was shut down as well. I only run adaaware. Could this be another issue?
-
That was scary, but patience paid off... For future users: my screen did turn off for a while, but hard disk access indicated the pc was still working, then returned to the desktop. Log attached...
-
TDSSKiller found nothing... running combofix...
-
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014Ran by Greg at 2014-11-06 21:42:23 Run:1Running from C:\Users\Greg\DownloadsLoaded Profile: Greg (Available profiles: Greg & Administrator)Boot Mode: Normal==============================================Content of fixlist:*****************HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <====URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKLM - DefaultScope value is missing.2014-10-28 22:12 - 2014-10-28 22:12 - 00000028 _____ () C:\Windows\SysWOW64\u2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\uzwssf.dll2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\gyikk.dll2014-10-28 21:03 - 2014-10-29 23:10 - 00000000 ___HD () C:\f85ac2d2014-10-28 21:03 - 2014-10-28 21:03 - 00000944 ____H () C:\ProgramData\@system2.att2014-10-28 17:39 - 2014-11-05 00:45 - 00000000 ____D () C:\ProgramData\UiddEsmo2014-10-28 17:38 - 2014-10-28 18:09 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\ReertoC:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.datC:\Users\Greg\AppData\Local\Temp\i4jdel0.exeCustomCLSID: HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?AlternateDataStreams: C:\ProgramData\TEMP:C581A570*****************"HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.Default URLSearchHook was restored successfully .HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.C:\Windows\SysWOW64\u => Moved successfully.C:\Windows\system32\uzwssf.dll => Moved successfully.C:\Windows\system32\gyikk.dll => Moved successfully.C:\f85ac2d => Moved successfully.C:\ProgramData\@system2.att => Moved successfully.C:\ProgramData\UiddEsmo => Moved successfully.C:\Users\Greg\AppData\Roaming\Reerto => Moved successfully.C:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.dat => Moved successfully.C:\Users\Greg\AppData\Local\Temp\i4jdel0.exe => Moved successfully."HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.C:\ProgramData\TEMP => ":C581A570" ADS removed successfully.==== End of Fixlog ==== -
edit to above... Powelik, not Pamelik... though now I see it in the log, so yeah....
-
And for roguekiller... I should add though probably not necessary that a page popped up when done with instructions on how to remove Pamelik. I did nothing, but thought it significant.RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice SoftwareFeedback : http://forum.adlice.comBlog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Greg [Administrator]Mode : Scan -- Date : 11/06/2014 21:24:56¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 20 ¤¤¤[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 2 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost[C:\Windows\System32\drivers\etc\hosts] ::1 localhost¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xacb32c0[iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0xacb32c0[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS)¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] e7809b82b84dad6156509aea78f9dd45[bSP] ec73f36aa91eb4b59869abf2e237271a : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 117 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 240975 | Size: 15264 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31503466 | Size: 938485 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive2: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive3: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive4: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )
-
-
Thanks... here's the log:
Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/6/2014Scan Time: 8:56:07 PMLogfile: Log.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.11.06.10Rootkit Database: v2014.11.01.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: GregScan Type: Threat ScanResult: CompletedObjects Scanned: 397227Time Elapsed: 10 min, 52 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 10PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [8012c0783d3f9a9c2598f2f76e946e92],PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [8d053bfd1f5db2845f5fa148cf3321df],PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [e2b08dabeb9123133b17e50439c9b34d],PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b7db0c2c93e9082e92d17aeead56c739],PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [49491d1b66162c0a712c4c460df7b54b],PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [197972c6b2ca082e68fb90d83fc48c74],PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [2c6625133f3d4fe7a5f8068c3cc845bb],PUP.Optional.VideoSaver.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\capekcnhbegaapfdadcjikcnnebplepa, Quarantined, [d7bbb6820a7253e394594f422fd5eb15],PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Video-Saver-1, Quarantined, [c5cd41f7daa2f3434addc18a6d9628d8],PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c],Registry Values: 2PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{cd40b1e8-8cd2-4915-9e00-80cb745ff41e}, C:\Program Files (x86)\Video-Saver\150.xpi, Quarantined, [fa9858e0bac2a3933bb569282ed6bf41]PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c]Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1Trojan.Agent, C:\Users\Greg\AppData\Local\svcxdcl32.dat, Quarantined, [a2f095a3027a94a2b81f20289b687888],Physical Sectors: 0(No malicious items detected)(end) -
Sorry to be a repeat of this issue, but it seems everyone is a little different. I recently was infected with a virus appearing to be called "SecurityCenter". This wasn't my first run-in with malware so I did what I know to remove it manually (av clearly failing in the first place). I was able to remove all keys and processes and nothing suspicious runs now with the exception of this dllhost issue. It only starts when Internet Explorer runs and results in many instances of the process running simultaneously, consuming resources. The processes can be stopped and everything runs normally for a while. In addition, Internet Explorer protected mode repeatedly gets turned off automatically and the home page reset to about:blank. I have completeley uninstalled IE and reinstalled with no reslution. I am running Vista x64 premium.
DLLHost*32 Com Surrogate
in Resolved Malware Removal Logs
Posted
Thanks, again!