So I even have Microsoft confused....

???
Hello!
I first noticed a problem when I was getting stack overflows and other errors in Internet Explorer… then it closed strangely several times in a row… I was told to update Defender… I could not install a certain recent Security update for Excel. I ran avast anti-virus and found over 1,700 items that could not be scanned because they were “password protected.” This had never happened to me before. Among them I found old friends like Zwinkies, that I thought I had got rid of. So I ran hijack this (although this is not in safe mode - do I need to do it again?) and here it is. (I know that some of those things might be found locked in virus chests, this password protected, but all of them?)

Meanwhile I googled the security update for excel and ended up calling Microsoft. After sharing control of my desktop for nearly an hour the nice guy in India had to have someone call me back tomorrow. I could see him trying to enter the “Run” and something under run with the word optional in it, with no success. He could not gain permission to see the registry, nor could he change it manually. We will try again tomorrow. However, it seems to me that this is all related, and that you might be the best people to help me kick this malware into the abyss…

thanks for any help! Please, give me step-by-step instructions if you have any suggestions - I only SOUND computer-literate (sometimes)… let me know if I have to disable something first, and when… and if I should do something in boot-up mode or safe-mode, please tell me how to get there… THANK YOU!! :slight_smile:

Nothing obvious in the log.

Password protected files are usually nothing to worry about.

Did you try a boot time scan with avast!?


In addition to what Frank posted, I did an analysis of your HJT log. Not much found but a couple of entries that can be fixed with HJT.

We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
Unnecessary (deactivated) entry that can be fixed.

After fixing the above entries, do as Frank suggested and try a boot time scan with avast.


Thanks!

  1. How exactly does one do a boot time scan? I’ve been wondering…

  2. So strange. Every few months I do a hijack scan and my firewall is deactivated, yet last week I checked and it was activated. :frowning:

  3. So I ran a complete scan in Dr Web and this is what it found:
    msimg32.dll
    C:\Program Files\Internet Explorer
    Adware.MyWebSearch.6

I tried to cure it but since it could not be cured I deleted it. Hope I have not done anything bad to my system.

Try a scan with MBAM , and post back the log . Make sure to update before scan

http://filehippo.com/download_malwarebytes_anti_malware/

Boot scan http://www.digitalred.com/avast-boot-time.php

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.