Hello, My pc was infected with the vista security 2008 virus which I believe that I was able to remove from my registry with some help from a yahoo reference on how to do it. But my pc now is slower than it was before, I'm not able to change the background picture on my desktop and random web pages pop up. I also have the red shield with the white "X" by the clock in the lower right. This leads me to believe that my pc is still infected. I read some other posts and tried to download the software HJT but the link kept wasn't working. I'm not sure if it the link or my pc. What can I do to get rid of this problem? Thanks, Larks
Here is the results from the latest HJT scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:49 AM, on 7/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\admtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: {6e9fb420-23d8-5baa-7834-a906f9838b50} - {05b8389f-609a-4387-aab5-8d32024bf9e6} - C:\WINDOWS\system32\bzhovw.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {DBFCA8CF-7409-4E5E-AA92-FFBB89020922} - C:\WINDOWS\system32\jkkhIYrS.dll (file missing) O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\byXNdbXR.dll (file missing) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [1d0f117a] rundll32.exe "C:\WINDOWS\system32\mkvyqkti.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://D:\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.norwich.edu/lib/norwich/support/plugins/ebraryRdr.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://69.219.210.130:8082/activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://69.219.210.129:8081/activex/AxisCamControl.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: byXNdbXR - byXNdbXR.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 10841 bytes
Hi 2oldGeek, My coworker has this virus on one of our office computers and I have followed the directions of the link you have to a "t". The problem is that I downloaded hijackthis and whenever I try to open the app, it flashes and then goes away. This is the last step to totally clean the virus out of the system, is there anyway I can get around to keeping the app open? I have included the log from the malwarebytes. Malwarebytes' Anti-Malware 1.22 Database version: 972 Windows 5.1.2600 Service Pack 2 12:07:15 PM 7/21/2008 mbam-log-7-21-2008 (12-07-15).txt Scan type: Full Scan (C:\|) Objects scanned: 58410 Time elapsed: 17 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 72 Registry Values Infected: 10 Registry Data Items Infected: 1 Folders Infected: 11 Files Infected: 100 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad659865-2789-4a55-fd3a-7ea2ecef19c3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad659865-2789-4a55-fd3a-7ea2ecef19c3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/setup.dll (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{587097ab-a686-4c3b-83a7-2b8e2d47868e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5f2b8ee3-5b51-4424-a4bd-6c0595c40007} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ea8b974-5b45-680e-2625-92cbdad5a531} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4ea8b974-5b45-680e-2625-92cbdad5a531} (Adware.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusremover2008 (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{89cd7d20-8cc8-6f8c-6f6a-af867348c75a} (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dv32 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\drivers\dmioo.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dawtnnuw.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\My Documents\?racle\nopdb.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2008\VRM2008.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ppobo.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP387\A0020083.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP387\A0020085.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP390\A0020101.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP390\A0020141.dll (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP390\A0020161.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP390\A0020162.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP392\A0020247.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu572.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\portsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\VRM_Free.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zggokqphvqgirtlk.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\whInstall\license.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\whInstall\readme.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dv32\FFrout77.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ejypcrcckjtrkzke.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMfGAst.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddccawUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqOihgD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqQhFyX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXQGaaX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcdAqQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifgGaay.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mlJBQKaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM0ae16075.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM0ae16075.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
Hi chynaboo, If there is this much infection on an office machine, you probably need to get a better IT Guy… Anytime that you use the fixes for another computer on your own, because you “think” you have the same problem, it’s like playing Russian roulette with 5 bullets in the gun.. The reason that I referenced that link is because it’s a double post on two different forums. You might try going back to a Restore Point that’s before you had the problems with HJT and try again to post a HJT Log. Then, we can work on the problems that are in YOUR machine. Regards 2OG
Hi chynaboo Perhaps 2oldgeek's advice is sound when he says that an IT guy with physical access to your computer will be able to fix it better and more easily then any one of us telling you what to do. However, there are some instructions that you can follow. 1. Rename HijackThis to scanner.exe. 2. Boot into safe mode. You can do this by repeatedly pressing the F8 key after you have pressed the power button. 3. Run Malwarebytes again and quarantine everything it finds. However, before you quarantine the files, I would like you to copy two of the dll files that it detects as Trojan.Vundo to a separate folder on your desktop. We will deal with this later. 4. Now, run scanner.exe and see if it will work. Post a log here if it does. Boot back into normal mode, and do these two steps: Go to CWSandbox.org, and submit the two dll files which were detected. Post the resulting website here. Download Combofix. With Combofix, at the download window, please rename it to Combo-fix before downloading it. Disable all other security programs such as firewalls and antimalwares. Run Combofix, and follow the prompts. Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. Do not click on the Comobofix window, as it may cause it to stall. If it asks for a reboot, do it. Post the log here. Best Regards
Hi cdavfrew and 2oldGeek, The computer is too far gone. It won't let us navigate from the homepage and when we try, it closes Internet Explorer and the virus pops back up like it is scanning the system for viruses(go figure). We don't want to make the mistake of erasing any programs that we need so I am going to make the suggestion to find a new IT person to handle the situation. Needless to say 2oldGeek's assessment of our IT guy is correct as we have been calling him an ass for years. I just started back after a two year hiatus and the first thing I asked was why we don't have virus and spyware protection on our computers. I will keep you both up to date on the situation and thanks a bunch for your suggestions.
Hi chynaboo, That’s what I read between the lines.. ; ) I am the IT for a hotel chain and some of the IT’s in other locations are about the same as yours…. Lol @cdavfrew, you supply good information but sometimes a little too deep. ; ) My way is to apply the K.I.S.S. Theory ….. Keep It Simple Stupid…. LOL I really hope it works out, chynaboo… Regards 2OG
Hey chynaboo There's still one more alternative which you can take to restore the security of your PC: boot cds. Let me know if you're interested. BTW: Is safe mode working on your computer? If it is, there is hope. To access safe mode, just repeatedly type the F8 key after you press the power button. Best Regards
Hi guys! I have been at a different office location so I haven't been able to give updates. I just got back to this office and guess what? That jerk never fixed the problem with the pc and now it doesn't get past the screen where its offering the different kinds of modes(safe,etc) you can choose. No matter which one is chosen, it just circles back to that screen. Now they say another computer went out without warning. It's just a black screen with the words "disk read error occurred", "press ctrl alt del to restart". Of course when you do that, it goes back to the same screen! Just wanted to post an update....later!
Welcome back, chynaboo Time to use a boot cd. Please download Antivir RescueCD, run it to burn a cd (on a different computer), and then boot your computer using the cd. Run a scan, and see how your computer turns out. Notes: 1.You have to click space after highlighting English as a language to select it. 2. As an option, select "Rename files that cannot be repaired" or something like that. Best Regards
