We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
XP Antispyware 2011 virus help please
Comments
-
I will carry on tomorrow - your help has been amazing - I am very grateful to you
Dave.0 -
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
find and destroy these files -
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
c:\windows\system32\ConduitEngine.tmp
c:\windows\sfshell.tmp
......................................................................
Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
................................................................
Open notepad and copy/paste the text in RED below
File::
c:\windows\sfshell.tmp
Folder::
c:\documents and settings\All Users\Application Data\iAoPhJe06300
c:\documents and settings\All Users\Application Data\nCmBgJa06300
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
Had trouble deleting the first file WUDFTrace.etl which said it needed a restart to complete.
On restart it was still there
Please advise.
Thanks
Dave.0 -
reboot and keep pressing F8 to get into SAFE MODE
Try using malwarebytes to remove the file from there:idea:0 -
The file WUDFTrace.etl was successfully removed by malwarebytes tools in Safemode.
I noticed that on the Combofix log below that the file gets mentioned as failed to delete - hope you can make sense of that.
Thanks
Dave
ComboFix 11-03-07.02 - DAVE 08/03/2011 19:46:33.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.510 [GMT 0:00]
Running from: c:\documents and settings\DAVE\My Documents\Dave's Files\ComboFix.exe
Command switches used :: c:\documents and settings\DAVE\My Documents\Dave's Files\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\sfshell.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\iAoPhJe06300
c:\documents and settings\All Users\Application Data\iAoPhJe06300\iAoPhJe06300
c:\documents and settings\All Users\Application Data\nCmBgJa06300
c:\documents and settings\All Users\Application Data\nCmBgJa06300\nCmBgJa06300
c:\windows\system32\LogFiles . . . . Failed to delete
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-07 20:12 . 2011-03-07 20:12 388096 ----a-r- c:\documents and settings\VAL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 20:12 . 2011-03-07 20:12
d
w- c:\program files\Trend Micro
2011-03-07 17:44 . 2011-03-07 17:44
d
w- c:\documents and settings\VAL\Local Settings\Application Data\Sunbelt Software
2011-03-06 22:17 . 2011-03-06 22:17
d
w- c:\documents and settings\Administrator
2011-03-06 21:57 . 2011-03-06 21:57
d
w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2005-04-08 14:15 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 19:54 . 2011-01-10 19:54 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2011-01-07 14:09 . 2005-04-08 14:14 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-04-08 14:15 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-04-08 14:15 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-04-08 14:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-04-08 14:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-04-08 14:15 1469440
w- c:\windows\system32\inetcpl.cpl
2010-12-20 20:01 . 2010-03-13 16:47 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 18:09 . 2009-12-15 16:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-12-15 16:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2009-04-15 19:55 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-04-08 14:15 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-04-15 19:55 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2005-04-08 14:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2009-04-15 19:55 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2009-04-15 19:55 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-10 36864]
"USB Storage Toolbox"="c:\program files\USBToolbox\Res.EXE" [2004-08-06 122880]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-22 98304]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1166006998\ee\AOLSoftware.exe" [2006-11-17 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2010-12-07 3042816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-4-8 225280]
.
c:\documents and settings\HELEN\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-4-8 225280]
.
c:\documents and settings\LAURA\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-4-8 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-4-8 225280]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^OCRAWARE.lnk]
path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\OCRAWARE.lnk
backup=c:\windows\pss\OCRAWARE.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\UMAX VistaAccess.lnk
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-03-19 13:17 78960 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-12-07 15:30 71008 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2003-08-19 12:47 16384
w- c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
2003-06-28 15:10 1658965
w- c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-08 00:42 376832 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 15:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-04-22 18:08 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-02-28 21:50 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 05:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-12-06 20:31 36975 ----a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2005-08-18 10:49 307200 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Britannica\\BCD\\BCD2000.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166006998\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/12/2009 20:08 64288]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [10/01/2011 19:54 38976]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/03/2010 16:46 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/09/2010 07:46 1375992]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [08/04/2005 08:13 1258432]
S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys --> c:\windows\system32\DRIVERS\aiptektp.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/09/2010 07:46 15264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 08:28]
.
2011-03-08 c:\windows\Tasks\User_Feed_Synchronization-{D6AB9A3F-617A-40C1-8925-70A17474BE79}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.aol.co.uk/
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Free YouTube Download - c:\documents and settings\DAVE\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\DAVE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab
FF - ProfilePath - c:\documents and settings\DAVE\Application Data\Mozilla\Firefox\Profiles\jy2zbfbn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {DF807363-7C0C-4598-BFF5-1D7F4FAD4A91} - c:\documents and settings\VAL\Local Settings\Application Data\{DF807363-7C0C-4598-BFF5-1D7F4FAD4A91}
FF - Ext: XULRunner: {8B2FE264-AE32-44D6-936B-6A688D1C2604} - c:\documents and settings\DAVE\Local Settings\Application Data\{8B2FE264-AE32-44D6-936B-6A688D1C2604}
FF - Ext: XULRunner: {4925E797-CABD-47AF-8BEF-E7244D2BBD2B} - c:\documents and settings\HELEN\Local Settings\Application Data\{4925E797-CABD-47AF-8BEF-E7244D2BBD2B}
FF - Ext: XULRunner: {0DB11AB3-D21C-460A-92CB-764DC7C2F525} - c:\documents and settings\LAURA\Local Settings\Application Data\{0DB11AB3-D21C-460A-92CB-764DC7C2F525}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 19:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-03-08 20:03:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-08 20:03
ComboFix2.txt 2011-03-07 22:49
ComboFix3.txt 2011-03-07 21:47
.
Pre-Run: 114,432,368,640 bytes free
Post-Run: 114,431,500,288 bytes free
.
- - End Of File - - 3A32DA9756A2FE7969B7CEF217E43FD80 -
Give it a clean and your good to go
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0 -
Have done Ccleaner ok
I cannot thank you enough for all your help on getting this sorted for me.
Hope it doesn't happen again!!
Bye
Dave0 -
Happy computing :idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards