Page 4 of 11 FirstFirst 12345678 ... LastLast
Results 31 to 40 of 109

Thread: Browser Hijack and Virus

  1. #31
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Does it find it upon rescan?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #32
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default

    Tonight's AVG scan was clean (cookies only, no trojans or viruses).

  3. #33
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Good

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #34
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default IE Error Blocking Kapersky

    When I click on the Kapersky Website link, I get an Internet Explorer window saying there was a problem and it has to close. Tried several times, with same result.

  5. #35
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Then please try this instead:

    Please go to ESET Online Scanner - ESET All Rights Reserved... to run an online scan.
    Note: You - will - need to use Internet Explorer for this scan!
    1. Check the box next to "YES, I accept the Terms of Use."
    2. Click "Start"
    3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
      Once installed, the scanner will be initialized.
    4. Click "Start". Make sure that the options:
      • Remove found threats is UNCHECKED
      • Scan unwanted applications is CHECKED
    5. Click "Scan"
    6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
    7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
    8. Copy and paste the contents of log.txt in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #36
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default Eset Results

    Here are the ESET scan results.



    ===

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6050
    # api_version=3.0.2
    # EOSSerial=e395a69fd435d6458b88288da198e7af
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-09-18 08:14:31
    # local_time=2009-09-18 02:14:31 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=769 62 16 20 753521936562500
    # compatibility_mode=1026 21 83 97 28554296562500
    # scanned=57446
    # found=50
    # cleaned=0
    # scan_time=3179
    C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe Win32/Adware.HiWire application 00000000000000000000000000000000 I
    C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\bgqwwsnw.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fmifkfgn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gtccwsvp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hniivpof.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jvwfpfxx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mghrgosi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\npyyuwol.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qiphxufk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\waksdqvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\wscui.cpl.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir a variant of Win32/Adware.WindowsAntivirusPro.B application 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus4.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP465\A0112299.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112300.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112301.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112302.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112303.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112304.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112305.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112306.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112307.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112308.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112309.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112310.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112311.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112312.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112313.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112314.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112315.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112316.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112317.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112318.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112319.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112320.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112321.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112322.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112323.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112324.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112325.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
    ${Memory} Win32/Olmarik.MF trojan 00000000000000000000000000000000 I

  7. #37
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default Latest HJT results

    and just in case you need it, here is a new HJT file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:13:56 PM, on 9/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Filseclab\FilMsg.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
    O4 - Global Startup: Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1252200236875
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 7551 bytes

  8. #38
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Empty this folder:

    C:\Qoobox\Quarantine

    Delete this:

    C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe

    Empty Recycle Bin.

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #39
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default Persistent problem

    Today's AVG scan found two "infections" AVG could not heal. They are the same two from the other days this week (except last night's clean scan). AVG says the following are "virus identified Packed.Hidden"

    \\?\globalroot\systemroot\system32\vsfocetkopabwq.dll

    and

    c:\Window\Explorer.exe (3128)

    I ran a trial google search, and the second result I tried to go to started to redirect and a received an AVG threat warning.

    (I still get the paging file error as well every time I boot up.)

  10. #40
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Explorer.exe is false positive; another one isn't.

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    File::
    C:\windows\system32\vsfocetkopabwq.dll
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •