Search:

I'm not familiar with backing up files with Linux live cd.

I did try to boot from the cd. It gives me the option of launching the recovery console, but when selected it hangs up. When I enter the setup option, it starts to install Windows anew.

When I...

Shaba:

I confirmed I was still logged in as Adminstrator, but have no access to internet options. When I tried to uninstall IE8, there was no "remove" button in the add/remove program list. ...

Yes, it always used to until some time during this repair process.

When I try to switch users, it doesn't show "Administrator" as an option.

Shaba:

In working through your list of suggested steps to keep my PC clean and secure, I realized I no longer can change Internet Options.

In IE, the "internet options" item in the Tools menu...

Shaba:

As best I can tell, things seem to be back to "normal." AVG scan today was again free of "infections." Google searches no longer redirecting!

Thank you for your persistence in helping...

Today's AVG scan found no infections.

AVG scan found two infections, which it moved / healed.

vsfocebynemjuw.dll
vsfoceqtcorhd.dll

The rest were cookies, etc.

Shaba:

So I'm guessing its OK not having the /a /f /q after the delete file command?

Google searches do NOT appear to be redirecting. I have not rerun AVG yet, but will do so today.

My...

Shaba:

OK, I was able to boot from the disc, and get to dos prompts.

I was able to delete vsfocetkopabwq.dll, using "del vsfocetkopabwq.dll" BUT, when doing so it would not accept the /a /f...

Shaba:

I have a disc, but don't understand what's next. My PC boots normally, even with the disc in the drive. I'm not prompted to do anything and pressing R doesn't accomplish anything either. ...

Shaba:

I only have a Windows Upgrade disc, upgrading to XP Home Edition from an earlier Windows version. I don't seem to get the same prompts, etc., when I put that cd in.

:confused:

Shaba:

When I arrow up to select Windows Recovery Console and hit enter, it brings me right back to the same page asking me to chose between the Recovery Console and XP ???

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Here is the file c:\windows\ntbtlog.txt, after stating in "enable boot logging".

I did not see a file with the [b] or [/b in the name

==========

Service Pack 3 9 29 2009 13:08:32.500...

Here is the Avenger log. It says it could not delete the file ...?




Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

Shaba:

AVG finds the following, which it cannot heal.

"\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll";"Virus identified Packed.Hidden";"Infected"...

Here's the latest ...

ComboFix 09-09-27.04 - default 09/28/2009 22:59.8.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.112 [GMT -6:00]
Running from: c:\documents...

Here is the log fron Win32kDiag indicating the error ...



Running from: C:\Documents and Settings\default\Desktop\Win32kDiag.exe

Log file at : C:\Documents and...

Shaba:

I tried to run it, and received a Pop-Up telling me I have a Win32kDiag Error.

The window identified my system as Windows XP SP3, and then listed an exception code and address.

Shaba

I downloaded the latest Malwarebytes Anti-Malware, but get an error code when I try to run it. It asks me to report the error to Malwarebytes.org.

Here is the latest Combofix, and HJT

ComboFix 09-09-27.04 - default 09/28/2009 7:28.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.141 [GMT -6:00]
Running from:...

Shaba:

I downloaded combofix again, and ran it. I received the same series of checkdisk errors mentioned before. Combofix also rebooted my PC at the beginning, and then launched after the...

Shaba:

Do you have any more suggestions? As indicated in my post a few days ago, Dr. Web seems to have found the same activity that AVG found a while ago.

I ran an AVG scan today, and it...

Shaba:

It took a while, but Dr. Web Cureit did run.

Here is the log:

=====
vsfocetkopabwq.dll;C:\WINDOWS\SYSTEM32;Trojan.Packed.2788;Deleted.;...

...and the latest HJT log:

===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:31 PM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00...

Ran combofix, and got all the chkdsk popup windows same as in my post #21.

Combofix initially rebooted my PC, and stated the following:

Combofix has detected rootkit activity and must close. ...

and here is the second log:

====

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Here is the first log:

===

DDS (Ver_09-07-30.01) - FAT32x86
Run by default at 12:45:07.45 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition ...

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 1 Stepping 2, GenuineIntel
....

Shaba:

Gmer caused my PC to reboot each of the 3 times I tried to run it. I tried Gmer again in Safe Mode, and it did run. However, I can't get the results copied into a text file. The Gmer...

Shaba:

No I cannot find vsfoce....

I looked in the C drive folders, and ran a search and did not locate it.

AVG found 8 "infections", none of which it healed. It found a bunch of tracking cookies (e.g., ad.yieldmanagers, Doubleclick,net, etc.), and moved all of them to the virus vault.

Here are the...

AVG scan running now, but it already found threats:

Several occurrences of

\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll

and

c:\Program Files\Internet Explorer\iexplore (####)

...and the latest HiJack This.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:31 AM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00...

Shaba:

Here is the latest combofix log. It took about 25 minutes, and had the same error messages pop up as in my Post #21.

ComboFix 09-09-18.02 - default 09/20/2009 11:07.4.1 - FAT32x86...

Today's AVG scan found two "infections" AVG could not heal. They are the same two from the other days this week (except last night's clean scan). AVG says the following are "virus identified...

and just in case you need it, here is a new HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:56 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet...

Here are the ESET scan results.



===

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702...

When I click on the Kapersky Website link, I get an Internet Explorer window saying there was a problem and it has to close. Tried several times, with same result.

Tonight's AVG scan was clean (cookies only, no trojans or viruses).

Shaba:

I reviewed AVG automatic scan results for the last couple of days, and found a few things AVG found but could not heal. AVG says the following are "virus identified Packed.Hidden"
...

Shaba:

I downloaded the file mentioned to two places, and reran combofix. Bottom line, I saw the same error messages in all the same places, as mentioned the last time we ran it.

====
...

When attempting to run chkdsk again, I got the same message below:

=====
C:\Documents and Settings\default>chkdsk /f
The type of the file system is FAT32.
Cannot lock current drive.

Chkdsk...

Not as far as I could tell. I saw no windows or other indications chkdsk ran.

Shaba:

Thanks again for your continued help.

I ran chkdsk as requested, and got the following message:

"C:\Documents and Settings\default>chkdsk /f
The type of the file system is FAT32....

I wrote some of them down, just in case.

When combofix launched, I received a window saying "PEV.cfxxe encountered a problem and needs to close."

Within the Combofix screen, appeared the...

Got it.

Combofix ran, with several windows opening to identify various corrupt files, and a reboot into normal XP mode (not recovery console mode). Here is the Combofix log:

===
ComboFix...

Shaba:

Could you please send me the link that describes how to manually install the recovery console.

Thanks.