chevysales

soryy about that been super busy at work. ended up just clean installing it over the weekend. to me it appeared to deep rooted. i then imaged her so next time if it happens again i can just reinstall in 45 minutes and be done with it. thank you very much for your help i do appreciate it and sorry i couldn't get back sooner.

will doo exactly what you asked tonight when i get home from work. and thank you so much for your help i really appreciate it.

my daughters dell laptop inspiron i9300 running xpsp3 has a trojan. would like to clean it up instead of a clean install as she has all her college work on their. i installed hijack this to get a startup log to post and regular log. unable to get to windows update (standard IE8 unable connect to page) or microsoft update (where it tries to load activeX but gets bounced to page showing error 0x80072EFF). when i do a search which we use goggle as our default it takes to all wierd pages non are porn most are other search type pages. also not being able to get to any windows update site is impossible to update stuff. i had to manaully get dat files for MSE antivirus. i know my way around the computer pretty well and am comfortable in regedit, etc. norton antivirus 2009 ran out yesterday so i installed microsoft security essentials which i heard good things about. it found 3 trojans: TrojanDownloader-JS/Renos TrojanDropper-W32/Fainli.A TrojanClicker-ASX/Wimad.CS thank you all in advance ---------------------------------------------------------------- hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:32:14 PM, on 6/13/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HiJackThis\JackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java