The OS is Vista. My mum uses the system. She uses Internet Explorer and isn't good with computers.
It keeps making a temporary file in C:\ProgramData which Avira is blocking, it seems to only try once every startup though. Through Process Explorer, I see it creates an instance of dllhost.exe which keeps about 15 instances of dllhost.exe running, eating up CPU. I can suspend the spawner. No other processes are really suspicious. I noticed some fishy processes and dialer.exe came up the first time I restarted in the task explorer, later looked in the Event Viewer and found something added security certificates, something to do with "result of Windows Right", something with telnet (all next to each other). Also, it changes my IE settings so I cannot download anything without resetting the security options.
I checked the Avira detection history and found a lot of malware and trojan detections with different names
Edit: Think I got rid of it...My paranoia is depleting.
Edited by thenile, 28 April 2014 - 06:50 AM.