Hi,
My son clicked on something vicious, and we have been inundated with trojans, spyware, you name it. I've followed the basic removal instructions, plus ran scans with super anti-spyware, drweb-cureit and a couple of other tools. Most of the tools found and cured several issues, but I am left with two problems:
1. Despite deleting it in safe mode, c:\windows\system32\%programfiles% directory regenerates when I reboot into normal mode, and I can't delete it. The error message says that "connection wizard is being used by another program or user" - connection wizard is a subdirectory under %programfiles%\Internet explorer. By the way, there are no files in any of the folders in the %programfiles% directory.
2. Internet Explorer was moved from the default directory to c:\windows\Internet Explorer. I tried uninstalling and reinstalling IE, but it stays in the same custom directory. This is a huge problem because we can't get Quick Books up and need to do billing for the month asap.
If anyone has suggestions, I'd be grateful!
Attached are HJT, AVG and Combofix logs.
Thanks in advance,
Amy
My son clicked on something vicious, and we have been inundated with trojans, spyware, you name it. I've followed the basic removal instructions, plus ran scans with super anti-spyware, drweb-cureit and a couple of other tools. Most of the tools found and cured several issues, but I am left with two problems:
1. Despite deleting it in safe mode, c:\windows\system32\%programfiles% directory regenerates when I reboot into normal mode, and I can't delete it. The error message says that "connection wizard is being used by another program or user" - connection wizard is a subdirectory under %programfiles%\Internet explorer. By the way, there are no files in any of the folders in the %programfiles% directory.
2. Internet Explorer was moved from the default directory to c:\windows\Internet Explorer. I tried uninstalling and reinstalling IE, but it stays in the same custom directory. This is a huge problem because we can't get Quick Books up and need to do billing for the month asap.
If anyone has suggestions, I'd be grateful!
Attached are HJT, AVG and Combofix logs.
Thanks in advance,
Amy