OK, sounds like someone has done some tinkering...we'll troubleshoot the "Office" issue later, let's search for malicious code...
Please temporarily disable your on board protective programs as detailed Here
. Carefully read through that entire thread to make certain any and all programs YOU have on board are disabled.
Next: It is extremely important that you DO NOT close this program until or unless you are directed to do so. Once the program is closed, it will automatically uninstall itself taking with it anything that was removed and the related report.
Please read through this instruction thoroughly before you begin. Save these instructions in a notepad file, or print them out if necessary so you can refer to them should something go wrong for you during your attempt to carry out these steps. If you have any questions, please ask first before you attempt anything at all.
Please download the AVP removal tool
to the desktop and double-click the executable to install it. Select your language preference, accept the agreement and click the Start
button. You should see something like this:
...click the settings button...it's the small "Gear" icon just to the right of the large yellow button. Make sure the following boxes are checked:System memory
Hidden startup objects
Disk boot sectors
...Next, click the Actions
link and click the bullet item labeled "Select action". Disinfect
and Delete if disinfection fails
should already be checked by default...then return to the Automatic Scan
tab and click the Start scanning
button. If you happen to receive a pop up during the scan which reads "File C:\whatever...is password protected, you can safely ignore them. The program will find it's own password protected files and report these during the scan. If there is a genuine malicious file that is password protected, we will deal with it manually later.
The scan will begin and you will see a progress bar and scanned objects counter. When the scan completes, the progress bar will disappear. Click the "Reports" tab icon to the far right, just under the large yellow button. Click on the "Automatic scan report" link, then click the save button. Save the report to your desktop as Scan 1
. The report will be saved as a text file.
That file is going to be very large...too large to post the entire thing. What I need you to do at this point, is to open that log in "Notepad", then click Edit
from the menu at the top and select "Find". Using that Find
search function, use these as search terms:Disinfected
Cleared of viruses
Now...you'll need to search for those terms in that log, one at a time. Having selected the "Edit-->Find" function in Notepad, in the Find what
search box, type in the word Disinfected
then click the Find Next
button. The search function will find anything in the text file having the name "Disinfected". Once it presents the findings, copy that individual line item and paste it into another blank notepad, then continue searching by clicking the Find Next
button. Do this in like manner, for each of the search terms identified above. Once you complete the search and copied everything you found into the other blank notepad, save it to your desktop as Edited_AVP_Log.txt
Next, please return to the AVP scanning utility and click the Manual Disinfection
tab. Please click the Start gathering system information
button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager)
. Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks!