grenneam Posted March 28, 2012 Share Posted March 28, 2012 Hi Folks, Got a problem with an older couple's PC. Each person has their own User Profile under windows XP Home Edition SvcPk 3. User 1 is unable to execute ANY programs - either by clicking on the program shortcut or the program directly, or by entering a name in the RUN box. Any of these actions results in an "Open With" window appearing that has 'iexplorer' highlighted. User 2 appears to function ok with one exception - When the desktop loads there is a Windows Security Center alert that indicates that "Auto-Updates" is turned off and it isn't able to be turned on via the security center. Other than that User 2 seems to be able to do everything else normally. I started in SafeMode, signed on as Administrator, and ran ESET remotely, Malwarebytes, Spybot, Uninstalled AVG version 2011, installed 2012 and ran a selective full scan on User 1's D&S Profile. Each of these programs said that it found & corrected some stuff - but the problem persist. Could really use some HELP and DIRECTION!!!! Thanks Link to post Share on other sites
grenneam Posted March 29, 2012 Author Share Posted March 29, 2012 I know you guys are busy so I was trying some stuff and I think I might have found the problem. Currently running some tests to see if it's fixed. Link to post Share on other sites
grenneam Posted March 29, 2012 Author Share Posted March 29, 2012 Yep got it !! I think it was part of the XP Anti-Virus 2011 fake security program. Sorry to bother you Folks. Registry Keys Detected: 1 HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCR.exeshellopencommand| (Hijack.ExeFile) -> Data: "C:Documents and SettingsEdwidgeLocal SettingsApplication Datarvt.exe" -a "%1" %* -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCRexefileshellopencommand| (Broken.OpenCommand) -> Bad: ("C:Documents and SettingsEdwidgeLocal SettingsApplication Datarvt.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and repaired successfully. Link to post Share on other sites
caintry_boy Posted March 29, 2012 Share Posted March 29, 2012 Good to hear it, but you'd better be safe than sorry... Download DDS from here > http://download.blee...om/sUBs/dds.scr and run the program like this: Disable any script blocking protection (How to Disable your Security Programs > http://forums.whatth...showtopic=96260 ) Double click on the DDS icon to run the tool (may take up to 3 minutes to run). When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > http://forums.pcpits...-been-hijacked/ Wait for help there from one of our Trusted Malware Techs, they'll help make sure you're clean. Link to post Share on other sites
Recommended Posts
Archived
This topic is now archived and is closed to further replies.