cannot unlock taskbar or make changes in Start menu properties

omegatx,

Thanks for the update.

Restoring the PC to factory condition is a good move.

From the get-go, had a hunch that there was more than met the eye here. As mentioned before, using System Restore to get rid of certain malware is sometimes risky. There may be infected RPs, and you can tap right into them. However, that is water under the bridge.

When you get back to factory defaults, you are welcomed to come back and we can run a proggie or two that can dig deep to make sure nothing shows up.

Or, if you feel comfortable the way things are, or, develop malware problems at a later time, give us a holler!!


Also, if you wish to give this old dog a bone (rep) do so by using the scale icon above (in the middle). Thanks!

Will be waiting for you when you get done.

Look at your last post, and you should see the following. It is the icon in the middle, a miniature scale:

You did the right thing.

Let's take a look at the system running a special tool...

Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?


>>> If you have the Repair your computer option, please run FRST from your bootable computer, as follows:
(You may want to print these instructions for reference after the process starts.)

First, please check the size an name of the Hard Drive that has Windows Seven installed.
Start > double-click: Computer (Take note of the info.)

Next, download the Farbar Recovery Scan Tool:
Farbar Recovery Scan Tool Download
Select the version that applies to computer (64-bit)

Save FRST.exe to the Desktop

Right-click Start, and select: Open Windows Explorer
Look for drive C:\
On the Desktop, right-click FRST.exe, and move it into C:\
Confirm that FRST.exe is in C:\.

Restart the computer.

Tap the F8 key until the Advanced Boot Options menu appears.
Select: Repair your Computer
Select language settings, and User account. (In the User Account leave the passworrd field blank, if you do not have one.)

On the System Recovery Options menu, select: Command Prompt

In the Command Prompt window, at the blinking cursor, type: notepad

In Notepad, under the File menu select: Open
Double-click: Computer
Double-click on the OS drive (May not show as C:\ in the Recovery Environment, but you have its name and size to recognize it)
Press: Open

At the Command Prompt window type: X:\frst64.exe, and press: Enter
(Replace X with the letter of drive that showed.)

The tool starts and presents a prompt with:
The tool is setting up to read the Local Disk. Please wait...

Click OK to continue.

When presented with the disclaimer, press: Yes

When the FRST console appears, press the Scan button.

Once the scan finishes, a prompt appears stating:
Scan completed. The frst.txt has been saved in the same location FRST tool is run.

Close this prompt. Notepad shows that a log was created.

Close FRST, and close everything else except System Recovery Options.
Press: Restart


Back in Windows, right-click Start, and select: Open Windows Explorer
Look for drive C:\, and open it.
A folder named: FRST is there.

Inside the FRST folder, there are three folders.
One of them is named: Logs

Open the Logs folder to find the text document resulting from the scan.

Please post the FRST.txt in your reply.

omegatx,

Vipre is recognizing the following:
Trojan.HTML.Framer.do:
It exploits PDF or Flash vulnerabilities
Trojan.JS.Obfuscator.aa
May be hosted on a website and run when you access it.

Please download CCleaner:
CCleaner - Standard
Save to the Desktop.

Double-click the downloaded setup file to install.

On the program console, select Options > Advanced

Uncheck: Only delete files in Windows Temp folder older than 24 hours

Go back to: Cleanup (left side)
Press: Run Cleaner

A notice appears advising this process permanently deletes files...
Click: OK

Exit when done scanning and cleaning the system.


~~~~
Next, download Security Check:
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Save to the Desktop.

Double-click SecurityCheck.exe and follow the onscreen instructions (on the black screen).
When done, a Notepad document opens automatically: checkup.txt
Please post the contents of checkup.txt in your reply.


~~~~
Please download Emsisoft Anti-Malware Free edition 7.0.0.18:
http://www.majorgeeks.com/Emsisoft_A...ion_d4281.html
Save to the Desktop.

Double-click on the a2FreeSetup.exe.cgzgic1 icon to install the program.
After the program is installed, you are asked the mode you wish to use Emsisoft Anti-Malware.
Click on: Freeware mode

On the next prompt, uncheck:
Join the Anti-Malware Network
Update additional languages

Click: Next

Update Emsisoft Anti-Malware.

When the updates are completed, click on: Clean computer now

Emsisoft Anti-Malware starts to load its scanning engine and then displays a screen asking what type of scan you would like to perform:



Please select: Deep Scan

Click on the Scan button.

Emsisoft Anti-Malware now starts to scan your computer for rootkits and malware.

When the scan finishes, the program displays the scan results with any infections found.



Click: Quarantine selected objects (If the option is available)
(Please do not delete anything!)

Click: View results

If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

Please provide the Emisoft report in your reply..


~~~~
As this infection is known to be installed by vulnerabilities in out-dated and insecure programs,
it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer.
A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:
http://www.bleepingcomputer.com/tuto...h-secunia-psi/


~~~~
Option: Use if Emsisoft does not run on your computer.

Download Malwarebytes Anti-Malware (MBAM):
Downloading Malwarebytes Anti-Malware
Save to the Desktop.

If you already installed MBAM, launch the program.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you. Permit the program to allow the changes, or, temporarily disable:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

When MBAM starts, you are asked to update the program.
Press OK, and continue.

On the Scanner tab:
Select the Perform Quick Scan option.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.

Next, click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When finished, a message box shows: The scan completed successfully. Click 'Show Results' to display all objects found.
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.

Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is also automatically saved and can be viewed by clicking the Logs tab.

Please provide the entire contents of the MBAM report in your reply.

Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to do this, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

omegatx,

Press on with the instructions in Post #37 (the last one).

Depending on what these programs show, we can go back to FRST.