I am the resident IT help at a small law firm. One of our machines running Windows XP Professional SP2 has been infected. Yesterday popups for fake security programs began appearing, one of which asked to uninstall AVG8 and began to after I made the mistake of closing the window, not ignoring it. Shortcuts to porn websites appeared on the desktop and endless popups made working practically impossible.
I disconnected the computer from our network and ran Malwarebytes by installing from a usb drive. I had to rename the install file and the application exe for it to work. After the first scan, restart and re-scan, Malwarebytes showed no infections. I plugged the computer back in, everything came back.
I unplugged the machine from the network again. I ran Malwarebytes in safe mode and regular mode several times. In safe mode, nothing shows up anymore, however, in regular mode, the following items are showing up:
Registry Keys Infected:
Malwarebytes is not doing the trick. I have the most recent version (I updated yesterday while it was plugged in).
I have a HJT log and the Malwarebytes log attached.
Thank you for any advice, help, etc.