What is happening/search

waddler_8

Have you had this happening for a while? The likely culprit is:

uRun: [YHWVPZAEFL] rundll32 "c:\users\castle96\appdata\roaming\0ð#pctlspo.dll" ,xczrgelb

2012-09-21 11:39:08 139264 --sha-r- c:\users\castle96\appdata\roaming\0ð#pctlspo.dll

Possibly medfos

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Medfos

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• IMPORTANT! Ensure you temporarily turn off AVG before running.
  Instructions here
• Save combofix to your desktop.
• Double click combofix.exe & follow the prompts closely.
• Combofix may reboot the PC several times.
• When it's finished, it will automatically produce a log. Post the contents of that log.
• It can also be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course. It may take combofix slightly longer than stated.

castle96

blimey that looks complicated for a numpty. Is this course to cure things, or 'just' to produce another log that I will post as a reply

waddler_8

It's a cure. If it doesn't get it first time round we can script it out. Just read the tutorial carefully and you'll be ok. It's not as daunting as it looks.

I'm nipping out but will be back later.

macman

Windows Defender is not a full AV program, it's an on-demand scanner specifically intended to detect spyware.
If AVG is not working then you have no proper AV protection.

castle96

ran combo fix

got as far as ...

50 stages, then
deleting file App.Data/Roaming/o-#.......dll
" " VLC media player.exe

deling folder AppData/Local/Assembly/tmp

cursor blinking for 20 mins, but it didnt run any further...

turned off computer - few messages (ie 'error loading App/Data/Roaming....."

Worth trying again ??

waddler_8

cursor blinking for 20 mins, but it didnt run any further...

You should have asked about that, before doing this..

turned off computer

There's ways to check it's still running, as it looks as though it wasn't finished.

waddler_8 wrote: »

Above all, BE PATIENT! and let it run it's course. It may take combofix slightly longer than stated.

deleting file App.Data/Roaming/o-#.......dll

Looks to refer to the bad file I mentioned.

error loading App/Data/Roaming.....

Probably refers to the file above that is no longer there.

castle96 wrote: »

Worth trying again ??

yes. Run it again.