Home > General > Hijack.folderoptions


If reports don't fit on one post. o When the scan completes, it will open two notepad windows. Use the 'Add Reply' and add the new log to this thread. is infected!! navigate here

While Running (and only while running) MalwareBytes a Windows error pops up: "Generic Host Process for Win32 Services" then asks to send or don't send (I click don't send). Under the Custom Scan box paste this in netsvcs drivers32 %SYSTEMDRIVE%\*.* %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\Fonts\*.exe %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.jpg %systemroot%\*.png %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp let combofix start running, then this prompt came up: WARNING! Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). this content

Information on A/V control HERE We also need a new log from the GMER anti-rootkit scanner. File not foundO18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - Thank you for the responses, especially Galdorf for your recommendations on useful software, which I will keep in mind for the future.

After uninstalling AVG from the Control Panel, also run the AVG remover from their site. File Protocol\Handler\msdaipp - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attached Files Attached.zip (4.9 KB, 16 views) Remove Advertisements Sponsored

Enquiring minds want to know. Anybody can ask, anybody can answer. from my view.. Tech Reviews Tech News Tech How To Tech Buying Advice Laptop Reviews PC Reviews Printer Reviews Smartphone Reviews Tablet Reviews Wearables Reviews PC & Laptop Storage Reviews Antivirus Reviews Best Tech

Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. Thanks! Notepad will open with the results. I have logs for Malwarebytes, logs for hijackthis too.

Copy the entire contents of the report and paste it in a reply here. http://www.geekstogo.com/forum/topic/285470-help-removing-hijackfolderoptions/ When prompted to Select Disks for Scan, make sure C:\ is checked and click OK Wait till the scanner has finished and then click File, Save Report. I was at other forum help site and I have the log for OTL if that helps but Im unable to get logs for GMER. Then you haven't cleared off the root infection, you need to be looking for rootkits or a winlogon entry.

and welcome to the Malwarebytes forums.I would be glad to take a look at your log and help you with solving any malware problems. R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-4-27 233488] R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-4-27 65072] R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-4-27 60416] R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-8-14 26176] R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-8-14 The first time the tool is run, it makes also another log (Addition.txt). If there's anything that you do not understand, kindly ask your questions before proceeding.

After running Malware Bytes it comes up with a vendor: Hyjack.FolderOptions located at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoption Below are the DDS & MalwareBytes reports and attached are the "Attached & Ark" files. sectors 156249998 (+255): user != kernel Warning: possible TDL4 rootkit infection ! scanning hidden autostart entries ... File not foundO18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error.

It can be confusing. the whole computer does (I have to do a hard shut down) and it stops at a random point in regular mode.. Thank you. 0 Advertisements #2 emeraldnzl Posted 30 August 2010 - 01:22 AM emeraldnzl GeekU Instructor GeekU Moderator 19,899 posts Hi tubui,This won't fix you machines problems but it will give

This is normal.

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: AOL Toolbar: Also, when I start Mozilla, I get flooded with new viruses. Your desktop may go blank. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: IntelĀ® Matrix

Apart from using consumer-focused scanning software, what have you done to identify & remove virus infections from this computer? #4 iptech, Sep 15, 2010 Galdorf Expand Collapse Well-Known Member Likes Click here to Register a free account now! I ran ComboFix as instructed and have posted the log below. Try What the Tech -- It's free!

Useful Searches Recent Posts Technibble Forums Forums > Technical Discussions > Security, Viruses and Trojans > Hijack.FolderOptions Infection Discussion in 'Security, Viruses and Trojans' started by Compbck, Sep 15, 2010. All Rights Reserved. Several functions may not work. No, create an account now.

scanning hidden files ... Download GMER Rootkit Scanner from here to your desktop.