Jump to content

gshinks

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Posts posted by gshinks

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    Security Check log:  Note I resolved the multiple av issues and only have bitdefender and zoneaware now... I don't know why adaware still shows up here

     

     Results of screen317's Security Check version 0.99.89 
     Windows Vista Service Pack 2 x64 (UAC is disabled!) 
     Internet Explorer 9 
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Disabled! 
    Bitdefender Antivirus Free Edition  
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     Ad-Aware
     Java 7 Update 67 
     Java 8 Update 25 
     Adobe Reader 10.1.12 Adobe Reader out of Date! 
     Google Chrome 38.0.2125.104 
     Google Chrome 38.0.2125.111 
    ````````Process Check: objlist.exe by Laurent```````` 
     Ad-Aware AAWService.exe is disabled!
     Ad-Aware AAWTray.exe is disabled!
     Bitdefender Antivirus Free Edition gziface.exe 
     Bitdefender Antivirus Free Edition gzserv.exe 
     CheckPoint ZoneAlarm ZaPrivacyService.exe 
     CheckPoint ZoneAlarm zatray.exe 
     CheckPoint ZoneAlarm vsmon.exe 
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    jrt log:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.3.6 (11.05.2014:1)

    OS: Windows Vista Home Premium x64

    Ran by Greg on Fri 11/07/2014 at  9:29:47.87

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Registry Values

     

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

     

     

     

    ~~~ Registry Keys

     

     

     

    ~~~ Files

     

     

     

    ~~~ Folders

     

    Failed to delete: [Folder] "C:\ProgramData\ad-aware browsing protection"

     

     

     

    ~~~ Event Viewer Logs were cleared

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Fri 11/07/2014 at  9:33:38.22

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    adwcleaner log:

     

    # AdwCleaner v3.311 - Report created 07/11/2014 at 09:19:44
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
    # Username : Greg - BIGWOLFGAR
    # Running from : C:\Users\Greg\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
    [!] Folder Deleted : C:\Program Files (x86)\eSupport.com
    [!] Folder Deleted : C:\Users\Greg\AppData\Local\PackageAware
    [!] Folder Deleted : C:\Users\Greg\AppData\Roaming\pdfforge
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16584
     
     
    -\\ Google Chrome v38.0.2125.111
     
    [ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [3434 octets] - [07/11/2014 09:17:53]
    AdwCleaner[s0].txt - [2468 octets] - [07/11/2014 09:19:44]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2528 octets] ##########

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    Fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
    Ran by Greg at 2014-11-06 21:42:23 Run:1
    Running from C:\Users\Greg\Downloads
    Loaded Profile: Greg (Available profiles: Greg & Administrator)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== 
    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM - DefaultScope value is missing.
    2014-10-28 22:12 - 2014-10-28 22:12 - 00000028 _____ () C:\Windows\SysWOW64\u
    2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\uzwssf.dll
    2014-10-28 22:08 - 2014-10-28 22:08 - 00000000 _____ () C:\Windows\system32\gyikk.dll
    2014-10-28 21:03 - 2014-10-29 23:10 - 00000000 ___HD () C:\f85ac2d
    2014-10-28 21:03 - 2014-10-28 21:03 - 00000944 ____H () C:\ProgramData\@system2.att
    2014-10-28 17:39 - 2014-11-05 00:45 - 00000000 ____D () C:\ProgramData\UiddEsmo
    2014-10-28 17:38 - 2014-10-28 18:09 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Reerto
    C:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.dat
    C:\Users\Greg\AppData\Local\Temp\i4jdel0.exe
    CustomCLSID: HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    AlternateDataStreams: C:\ProgramData\TEMP:C581A570
     
    *****************
     
    "HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
    "HKU\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
    Default URLSearchHook was restored successfully .
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    C:\Windows\SysWOW64\u => Moved successfully.
    C:\Windows\system32\uzwssf.dll => Moved successfully.
    C:\Windows\system32\gyikk.dll => Moved successfully.
    C:\f85ac2d => Moved successfully.
    C:\ProgramData\@system2.att => Moved successfully.
    C:\ProgramData\UiddEsmo => Moved successfully.
    C:\Users\Greg\AppData\Roaming\Reerto => Moved successfully.
    C:\Users\Greg\SyncToy_0323bdc4-7478-4dbe-bdf1-873c6c8a41c8.dat => Moved successfully.
    C:\Users\Greg\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
    "HKU\S-1-5-21-1990502549-3032250215-4208731202-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
    C:\ProgramData\TEMP => ":C581A570" ADS removed successfully.
     
    ==== End of Fixlog ====

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    And for roguekiller... I should add though probably not necessary that a page popped up when done with instructions on how to remove Pamelik.  I did nothing, but thought it significant.

     

    RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software





     

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

    Started in : Normal mode

    User : Greg [Administrator]

    Mode : Scan -- Date : 11/06/2014  21:24:56

     

    ¤¤¤ Processes : 0 ¤¤¤

     

    ¤¤¤ Registry : 20 ¤¤¤

    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found

    [Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found

    [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E180\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

    [Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1990502549-3032250215-4208731202-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

     

    ¤¤¤ Tasks : 0 ¤¤¤

     

    ¤¤¤ Files : 0 ¤¤¤

     

    ¤¤¤ Hosts File : 2 ¤¤¤

    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

    [C:\Windows\System32\drivers\etc\hosts] ::1             localhost

     

    ¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xacb32c0

    [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0xacb32c0

    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS)

     

    ¤¤¤ Web browsers : 0 ¤¤¤

     

    ¤¤¤ MBR Check : ¤¤¤

    +++++ PhysicalDrive0:  +++++

    --- User ---

    [MBR] e7809b82b84dad6156509aea78f9dd45

    [bSP] ec73f36aa91eb4b59869abf2e237271a : HP MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 117 MB

    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 240975 | Size: 15264 MB

    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31503466 | Size: 938485 MB

    User = LL1 ... OK

    User = LL2 ... OK

     

    +++++ PhysicalDrive1:  +++++

    Error reading User MBR! ([15] The device is not ready. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] The request is not supported. )

     

    +++++ PhysicalDrive2:  +++++

    Error reading User MBR! ([15] The device is not ready. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] The request is not supported. )

     

    +++++ PhysicalDrive3:  +++++

    Error reading User MBR! ([15] The device is not ready. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] The request is not supported. )

     

    +++++ PhysicalDrive4:  +++++

    Error reading User MBR! ([15] The device is not ready. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] The request is not supported. )

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    Thanks... here's the log:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 11/6/2014
    Scan Time: 8:56:07 PM
    Logfile: Log.txt
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.11.06.10
    Rootkit Database: v2014.11.01.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Greg
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 397227
    Time Elapsed: 10 min, 52 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 10
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [8012c0783d3f9a9c2598f2f76e946e92], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [8d053bfd1f5db2845f5fa148cf3321df], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [e2b08dabeb9123133b17e50439c9b34d], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b7db0c2c93e9082e92d17aeead56c739], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [49491d1b66162c0a712c4c460df7b54b], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [197972c6b2ca082e68fb90d83fc48c74], 
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [2c6625133f3d4fe7a5f8068c3cc845bb], 
    PUP.Optional.VideoSaver.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\capekcnhbegaapfdadcjikcnnebplepa, Quarantined, [d7bbb6820a7253e394594f422fd5eb15], 
    PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Video-Saver-1, Quarantined, [c5cd41f7daa2f3434addc18a6d9628d8], 
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c], 
     
    Registry Values: 2
    PUP.Optional.VideoSaver.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{cd40b1e8-8cd2-4915-9e00-80cb745ff41e}, C:\Program Files (x86)\Video-Saver\150.xpi, Quarantined, [fa9858e0bac2a3933bb569282ed6bf41]
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1990502549-3032250215-4208731202-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [8b078cac6f0d71c59d1ced79e81be41c]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 1
    Trojan.Agent, C:\Users\Greg\AppData\Local\svcxdcl32.dat, Quarantined, [a2f095a3027a94a2b81f20289b687888], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    DLLHost*32 Com Surrogate

    in Resolved Malware Removal Logs

    Posted

    Sorry to be a repeat of this issue, but it seems everyone is a little different.  I recently was infected with a virus appearing to be called "SecurityCenter".  This wasn't my first run-in with malware so I did what I know to remove it manually (av clearly failing in the first place).  I was able to remove all keys and processes and nothing suspicious runs now with the exception of this dllhost issue.  It only starts when Internet Explorer runs and results in many instances of the process running simultaneously, consuming resources.  The processes can be stopped and everything runs normally for a while.  In addition, Internet Explorer protected mode repeatedly gets turned off automatically and the home page reset to about:blank.  I have completeley uninstalled IE and reinstalled with no reslution.  I am running Vista x64 premium.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.