Since the last 4-5 weeks I get multiple times per day the message below, since a boot scan does not reveal any virus, should I report this as a false positive?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9250BEDF-1BFB-4B9B-9BCB-75710F53A530} URL =
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
FF NetworkProxy: "backup.gopher", "93.63.71.211"
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "gopher", "93.63.71.211"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "type", 0
C:\Users\AD\cyggcc_s-1.dll
C:\Users\AD\cygstdc++-6.dll
C:\Users\AD\cygwin1.dll
C:\Users\AD\iperf.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
What shall I do with this instead?
This is coming up from time to time, say weekly.
I have always used VLC and keep it updated, but this message pops-up since a few months now.
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
Nope, it’s alive and kicking.
If it’s part of my WAN Miniport IP, how do I get rid of it?
It’s blocked by Avast every time but there must be a way to identify what triggers this?