Will Restoring My PC to Factory Settings Remove Virus?

I can't download it. It loads much slower than it should, and when it finishes, the dialog box freezes so it doesn't finish downloading to my desktop. Running it instead of saving it didn't give enough time because it froze mid installation.

Here are 3 error messages that popped up when things really got bad:

Error message 1: eplorer.exe-Application Error

The instruction at 0x75f686b4 referenced memory at 0x7350b938. The required data was not placed into memory because of an I/O error status of 0xc0000056

Error message 2: ::{26EE0668-A00A-44D7-9371-BEB064C98683}

::{26EE0668-A00A-44D7-9371-BEB064C98683} application not found

Error message 3: Logon process has failed to create the security options dialog

Failure-Security options

Also, it freezes in safe mode

The way I'm reading this is that, AVG found some virus and now will not do a complete scan. Have you tried anything besides  AVG?

How about MBAM?  See if you can download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,
• manually download them from here
  and just double-click on mbam-rules.exe to install.
  Alternatively, you can update through MBAM's interface from a clean computer,
  copy the definitions (rules.ref) located in
  C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
  Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.
• It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully.
• Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report along with a fresh HijackThis log into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

* If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned above to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the file to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

I'll try the DDS thing but first I wanted you to know I got the malwarebytes thing to install but it freezes after about 12,000 files, and the computer restarts on its own unsuccessfully. Also, how do I disable script blocking protection?

See if you can download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following logs by copying and pasting the text of each into your next reply:

DDS.txt
Attach.txt

If you are using Symantec's (which runs even in Safemode):

1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.

I got the scan log from the DDS but I can't attach it because the file type isn't supported. I could email it possibly. Also, I noticed a lot of new threads say their PC has been hijacked. I know my scanner found a virus but could I be hijacked?

Here's the DDS file:

DDS (Version 1.0.1) - NTFSx86 
Run by Brandon at 16:40:32.22 on Wed 12/17/2008
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3069.1921 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brandon\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-20 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-20 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-20 231704]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\drivers\avgwfpx.sys [2008-9-20 69128]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 Agmksvr;Agmksvr;c:\windows\system32\drivers\msdsm.sys [2006-11-2 80488]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]

=============== Created Last 30 ================

2008-12-12 21:13 

Are you able to run MBAM in Safemode?  If not, restoring to factory settings just may be something to consider. I've been having a problem posting on these forums without getting errors, so if I don't reply, that is why. Hopefully, Dell will fix the posting problem soon.  Perhaps another helper will pick up this thread if I am unable to reply.

I also noticed the scan froze on two different registry keys on two scans. They were in a place called HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

I don't know if that helps at all. I couldn't find the specific folder.

I just tried a quick scan again. It froze after 29 seconds at 12160 files which has happened before. The computer restarted on its own. Is it a guarantee restoring to factory settings will cure it or will the restored factory copy of Vista be corrupted too? Thanks a lot. I don't have too much to lose by resetting to factory.

The problem with MBAM will probably be fixed in the next version. I cannot guarantee that a factory restore will help, but if I were you, and Vista was installed by Dell, I'd give it a try. I do not work for Dell.  This is a user to user forum. Considering your many errors, restoring might be the way to go.

For some reason, my advanced boot menu doesn't have a repair computer option needed to restore to factory settings. I thought about reinstalling the OS but wouldn't the virus be stored in a Windows.old folder on my D drive?