Not done yet, but we're getting closer. Please upload the following file to my submission channel link above. C:\WINDOWS\system32\MRT.INI...
Hi Dave :) First, get rid of your current version of HijackThis, then download the HijackThis Installer from here and install it. Next,...
Hi Den, You got some brand new stuff. :) Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files...
Glad to hear things are back to normal anyway. There's always next time for the tracert. ;)
I'm completely confused as to how you could have run that reg file from your account if you were logged onto her account. :confused: Please try...
Hi FK :) There is indeed some evidence of a zlob (smitfraud) infection. Lets do some cleanup and see if it helps. Download SmitfraudFix by...
Must have deleted the files/folders from C:\Program Files ?? :confused: May as well delete the trueinstall.exe file too.
That's great! Ready to tidy up and run an online scan, just to be sure? Click Start>Run and type ComboFix /u then hit enter to remove ComboFix...
Right click the ResetProtocolDefaults.reg link below and select Save Target As, then save the file to your desktop....
I'll have to check into the volume icon issue. I do believe the back button behavior you're experiencing is due to the mvps hosts file. Have a...
Get a Deckards log from 1 of the other accounts and post it. Once we get through that one we can move on to another, til we've checked them all.
If you can delete the following files manually, there's no need to run ComboFix again. C:\WINDOWS\012o41bm.exe C:\WINDOWS\system32\e404d.dll...
Great! You actually only have 1 infected file. E:\Documents and Settings\Steve\My Documents\Downloads\AVICodecPackPlus210_exe.vir It's...
Is the current HOSTS file already Read Only? Navigate to C:\Windows\system32\drivers\etc and right click the HOSTS file then select properties. If...
Running a tracert to the sites might show a particular server or set of servers having difficulty. Good chance the proxy takes different routes.
Hi Hugh! All working here. Have you tried going thru a proxy?
I doubt you will like this effect because the entire screen becomes the command window, but here it is. Right click in the top left corner of...
Separate names with a comma.
