vimzkl.exe Removal
I need help removing this program. No matter what I do, it is always back when i restart the computer. I've tried Adaware, Spybot, Counter Spy, Hijack This, Tend Micro Online virus scan, Kill Box, DLL Compare, and Adaware Away - and I've run them all in safe mode and regular mode. I've done all the usual other spyware removal techniques, but can't get rid of it. My Hijack This log is posted below. Any advice to get rid of this will be appreciated. Recommending a format and reinstall is not necessary because I already know that will fix just about anything - I'd just rather avoid that scenario.
<< Hijack This log removed by humeniuk, Page Editor >>
<< log file available at www.hijackthis.de/logfiles/beee8c753a8283f57ce344aebf8040f9.html >>
<< Hijack This log removed by humeniuk, Page Editor >>
<< log file available at www.hijackthis.de/logfiles/beee8c753a8283f57ce344aebf8040f9.html >>
ASKER
Yes, several times. I've even used Kill Box to delete on restart, but it always comes back.
I haven't an idea....i've never heard of that particular process and i can't find any info on it????
Doesn't appear you really have anything bad running in that hijack this log...at least none that should cause problems...
The only other thing I can think of is using your firewall to block this executable from starting up but then you still have the issue that someone/something is trying to start it up and is obviously replacing it in the same folder when you delete it so you do have some other spyware/adware/virus on your PC that should be taken care of. It looks like you have done most things that you would normally do...Did you check for any weird services starting up....these are usually the culprit of applications repopulating themselves? Other than that I would say have fun re-formating....it is sometimes the best way to make sure your system is clean...
Doesn't appear you really have anything bad running in that hijack this log...at least none that should cause problems...
The only other thing I can think of is using your firewall to block this executable from starting up but then you still have the issue that someone/something is trying to start it up and is obviously replacing it in the same folder when you delete it so you do have some other spyware/adware/virus on your PC that should be taken care of. It looks like you have done most things that you would normally do...Did you check for any weird services starting up....these are usually the culprit of applications repopulating themselves? Other than that I would say have fun re-formating....it is sometimes the best way to make sure your system is clean...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The scan for REMV3 caused my computer to shut down about ten minutes into it. I tried it twice. When I first started working on this laptop, it would shut down when I tried to run a scan of any type - spyware scan or virus scan.
The log for rkfiles is:
Files Found.................
--------------------------
Files Not deleted.................
--------------------------
Merging registry entries
--------------------------
The Registry Entries Found...
--------------------------
Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
--------------------------
Volume in drive C has no label.
Volume Serial Number is 5083-5EBA
Directory of C:\WINDOWS\system32
msi.dll
Finished
Here is the link for my current Hijack This log:
http://www.hijackthis.de/logfiles/beee8c753a8283f57ce344aebf8040f9.html
Thanks for this and any future advice.
The log for rkfiles is:
Files Found.................
--------------------------
Files Not deleted.................
--------------------------
Merging registry entries
--------------------------
The Registry Entries Found...
--------------------------
Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
--------------------------
Volume in drive C has no label.
Volume Serial Number is 5083-5EBA
Directory of C:\WINDOWS\system32
msi.dll
Finished
Here is the link for my current Hijack This log:
http://www.hijackthis.de/logfiles/beee8c753a8283f57ce344aebf8040f9.html
Thanks for this and any future advice.
Did you run these two in Safe Mode? Did you wait until the DOS window closed before opening up those two log files?
If you did, nothing is showing up here which is weird. There usually are a couple of files here. So make sure you are doing this in safe mode and wait until the dos window closes.
If that's what you did already, then try these logs to see if they will show any files:
Download FindQoologic-Narrator.zip at http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981 and save it to your Desktop. Create a new folder on your desktop (right click and select New->Folder) and call it FindQoologic. Now unzip the file contents of that zip file into that folder. Locate and double-click the Find-Qoologic.bat file to run it. Wait until a text file opens and post that in your next reply.
Download DllCompare http://www.greyknight17.com/spy/DllCompare.exe and run it. Click on the 'Locate.com' button. Wait a few seconds and then click on the 'Compare' button. Let it run, then click on 'Make a log of what was found'. Post that log here. Note: If you are having problems using DllCompare (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running DllCompare.
If you did, nothing is showing up here which is weird. There usually are a couple of files here. So make sure you are doing this in safe mode and wait until the dos window closes.
If that's what you did already, then try these logs to see if they will show any files:
Download FindQoologic-Narrator.zip at http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981 and save it to your Desktop. Create a new folder on your desktop (right click and select New->Folder) and call it FindQoologic. Now unzip the file contents of that zip file into that folder. Locate and double-click the Find-Qoologic.bat file to run it. Wait until a text file opens and post that in your next reply.
Download DllCompare http://www.greyknight17.com/spy/DllCompare.exe and run it. Click on the 'Locate.com' button. Wait a few seconds and then click on the 'Compare' button. Let it run, then click on 'Make a log of what was found'. Post that log here. Note: If you are having problems using DllCompare (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running DllCompare.
Just for grins, in safe mode, look in:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
I had a similar situation last week on a workstation where the bad file could not be deleted, even in safe mode and with Killbox. There was a hidden file in the startup folder called nkur.exe. I suppose it could be a random file name, so it could be anything. Post back if you see anything odd there. One caveat - after I found it, I navigated away to open a snoop program. When I returned it was not visible anymore. Rebooted to safe mode and there it was again.
Maybe yours is similar to this.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
I had a similar situation last week on a workstation where the bad file could not be deleted, even in safe mode and with Killbox. There was a hidden file in the startup folder called nkur.exe. I suppose it could be a random file name, so it could be anything. Post back if you see anything odd there. One caveat - after I found it, I navigated away to open a snoop program. When I returned it was not visible anymore. Rebooted to safe mode and there it was again.
Maybe yours is similar to this.
ASKER
I appreciate everyone's help with this. I already had a lot of time into this, and the customer said she was not having a problem with the computer shutting down. Since the problem only occurs when scanning for viruses or spyware, she elected to take the computer as-is. I did a follow-up with her and all is good. Something obviously is causing the problem, but I guess it will have to remain a mystery for right now. Thank for your help.
Dis