OK,Is the Norton Antivirus Subscription still valid on this PC?
If Not,Have a Visit to Grisoft and Download>Install>Update>AVG 7http://www.grisoft.c...ng/us/tpl/tpl01
Are the 2 Computers Routed together?
If so you will want to change that until this PC is Clean other wise you stand a better than Average chance of these Infections bouncing back and forth!
Visit the Microsoft Site and Get Windows to Atleast SP1!
Anything we try to do is futile without these Crirical Updates Installed ReInfection is almost Guaranteed!
You may want to Print out or Copy&Paste to Notepad and Save to the Desktop,All the Instructions below since I will ask you to peform all scans in Safe Mode!
To use "Right-click" and select "Install"
Please double check that Ad Aware is Updated and Configured like this
Configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the General window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)
Click the Scanning button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file
Please also click on Select drives & folders to scan and select your hard drive(s). Then click the Advanced button on the left-hand side and make sure all the options under Log-file Detail Level are selected. Next, click the Tweak button on the left-hand side. Click on Scanning Engine and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only
Click on Cleaning Engine and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring
Finally, click on Safety Settings and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)
* Click on Proceed to save the preferences. Then please click the Start button on the bottom right side to begin a scan. Select Use custom scanning options and then click Next. Ad-Aware will then scan for malware.
* Save the log file when it asks and then click Finish
Wait for Safe Mode to run it!
Please Download F-Secure Blacklight Rootkit Elimination
Once at the page,Click "I Accept"
Then Click Download,which sits right under "Graphical user
Once Downloaded,Double Click blbeta.exe to Start it,then
Click "I accept the agreement" and click "Next"
Now Click "Expert Mode" and then"Scan" and let it do its
thing,if it finds anything,it will automatically tell you and go to
Step 2 to begin the cleaning process,if not post back and let
me know ASAP!!
If all went well,look back in the folder that blbeta.exe resides
in,there you should see "fsbl.log"
If Blacklight identified anything,it will be in that log,I will need
to see those Results!
Again,please wait for Safe Mode to run this!
Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
ewido security suite:http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
If you have problems updating see herehttp://www.ewido.net...wnload/updates/
Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:http://service1.syma...src=sec_doc_nam
Once in Safe Mode,Scan the system with F-Secure Blacklight>then Ewido Security Suite>Ad Aware SE!
Save the reports from F-Secure Blacklight(If one is generated)and Ewido!
and enable everything in the startup area. To get to MSCONFIG, click on Start
-> type in MSCONFIG
-> click OK
Under the "General" TabMake Sure Normal Startup is Checked!!
>>Follow the Prompts to Restart
Restart Normal and have the PC Scanned here: Panda Active Scan
You will need to be using Internet Explorer for the Scan to work!
Save the Report it generates!
Post back with a Fresh HijackThis log>Ewido log>F-Secure log and Panda Active Scan log!
You may just want to follow these Instructions for the Second PC and get a fresh scan with HijackThis>Send that log to me in a Private Message here at the board and I will start a new thread for us to clean that one up so as to avoid the confusion of getting help from more than one person!