Jump to content

pieces

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much, you "guys" are amazing
  2. No longer get the rundll.exe message, although I have to be really patient as the display program in the control panel is slow to apply the new photo. If I try to do other tasks, minimize etc. while it "applies" the photo it hangs again. It may be slow because I am applying large full res Jpeg files from from a 16 megapixel camera. Otherwise all appears to be running fine.
  3. Sorry we were posting at the same time, will follow the instructions and get back to you.
  4. Here is the log file from the MBAM scan. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6163 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2011/03/25 06:49:21 AM mbam-log-2011-03-25 (06-49-21).txt Scan type: Quick scan Objects scanned: 179095 Time elapsed: 20 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 27 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 6 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  5. Hi LD Tate Thanks for the response. When I try to change my desktop wallpaper to a photo from my own collection when I click apply and okay to change the wallpaper the display programme hangs and I get an "End Program-rundll32.exe this program is not responding" message. Windows wants to send an error message containing the following files C:\DOCUMEN~1\USERXP\LOCAL~1\TEMP\WER8236.dir00\rundll32.exe.mdmp or at other times this C:\DOCUMEN~1\USERXP\LOCAL~1\TEMP\WER11ef.dir00\rundll.exe.mdmp. I have run a scan using the SFC with my XP disc in but this did not help. MWBAM picked up about 30+ threats when I ran the scan.
  6. I have a rundll error which I suspect is from malware.I have updated and run a scan using the malwarebytes software which has not provided a solution. As a result I am unable change my desktop wallpaper without the display programme hanging. I have posted the 3 log files DDS.txt and attach.txt, as well as the rootkit file as per instructions on website. Thanks for your help. DDS file . DDS (Ver_11-03-05.01) - NTFSx86 Run by USERXP at 15:30:34.76 on 2011/03/25 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1074 [GMT 2:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\conquest\dgateserv.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\conquest\dgate.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\USERXP\Desktop\Defogger.exe C:\Documents and Settings\USERXP\Desktop\dds(2).scr . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\userxp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe uRun: [skype] "c:\documents and settings\userxp\desktop\phone\Skype.exe" /nosplash /minimized mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation mRun: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken2\billmind.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken2\bagent.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: MIW Deployment - hxxps://196.38.48.3/downloads/MIWDeploy.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://pacs.tuft.co.za:87/ami/install/amiviewer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\userxp\applic~1\mozilla\firefox\profiles\952ut2xk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.mweb.co.za/home/home.aspx|http://www.google.co.za/|http://www.iafrica.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc03dc5&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\userxp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984] R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-28 55224] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208] R2 RUSHTON;RUSHTON;c:\conquest\DgateServ.exe [2008-12-2 54784] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176] S2 mrtRate;mrtRate; [x] S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\userxp\locals~1\temp\aticdsdr.sys --> c:\docume~1\userxp\locals~1\temp\ATICDSDr.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-21 517448] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] . =============== Created Last 30 ================ . 2011-03-22 15:08:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2011-03-22 15:08:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2011-03-22 15:08:30 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2011-03-22 15:08:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2011-03-22 15:08:24 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2011-03-22 15:07:38 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2011-03-22 15:07:33 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2011-03-22 15:07:31 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2011-03-22 15:07:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2011-03-22 15:07:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-03-22 15:06:24 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2011-03-22 15:06:18 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2011-03-22 15:06:16 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2011-03-22 15:06:02 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2011-03-22 15:04:59 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2011-03-22 15:03:58 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll 2011-03-22 15:02:59 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys 2011-03-22 15:01:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll 2011-03-22 15:01:56 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys 2011-03-22 15:01:53 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys 2011-03-22 15:01:50 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll 2011-03-22 15:01:47 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll 2011-03-22 15:01:43 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll 2011-03-22 15:01:39 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll 2011-03-22 15:01:28 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll 2011-03-22 15:01:25 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll 2011-03-22 15:01:23 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys 2011-03-22 15:01:19 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys 2011-03-22 15:01:02 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys 2011-03-22 14:59:39 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll 2011-03-22 14:59:37 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys 2011-03-22 14:59:34 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys 2011-03-22 14:59:32 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys 2011-03-22 14:59:29 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys 2011-03-22 14:59:29 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys 2011-03-22 14:59:28 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys 2011-03-22 14:59:21 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll 2011-03-22 14:59:19 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll 2011-03-22 14:59:15 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll 2011-03-22 14:59:09 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll 2011-03-22 14:58:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys 2011-03-22 14:58:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys 2011-03-22 14:58:44 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys 2011-03-22 14:58:40 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll 2011-03-22 14:58:37 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys 2011-03-22 14:58:36 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys 2011-03-22 14:58:32 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll 2011-03-22 14:58:29 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys 2011-03-22 14:58:26 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll 2011-03-22 14:58:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys 2011-03-22 14:58:21 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll 2011-03-22 14:58:18 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2011-03-22 14:57:13 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys 2011-03-22 14:57:11 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2011-03-22 14:57:09 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2011-03-22 14:57:07 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll 2011-03-22 14:57:03 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys 2011-03-22 14:56:50 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2011-03-22 14:56:31 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys 2011-03-22 14:56:28 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys 2011-03-22 14:56:25 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys 2011-03-22 14:56:18 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys 2011-03-22 14:56:15 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys 2011-03-22 14:56:09 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys 2011-03-22 14:56:06 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys 2011-03-22 14:56:02 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys 2011-03-22 14:54:57 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys 2011-03-22 14:53:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys 2011-03-22 14:52:59 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys 2011-03-22 14:51:58 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll 2011-03-22 14:51:56 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys 2011-03-22 14:51:53 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys 2011-03-22 14:51:50 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys 2011-03-22 14:51:47 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys 2011-03-22 14:51:40 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys 2011-03-22 14:51:37 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys 2011-03-22 14:51:35 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys 2011-03-22 14:51:33 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys 2011-03-22 14:51:00 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys 2011-03-22 14:50:57 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll 2011-03-22 14:50:40 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys 2011-03-22 14:50:33 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys 2011-03-22 14:50:31 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys 2011-03-22 14:50:30 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys 2011-03-22 14:50:26 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys 2011-03-22 14:50:23 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys 2011-03-22 14:50:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys 2011-03-22 14:50:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys 2011-03-22 14:50:03 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys 2011-03-22 14:48:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys 2011-03-22 14:48:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys 2011-03-22 14:48:32 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys 2011-03-22 14:48:30 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys 2011-03-22 14:48:29 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll 2011-03-22 14:47:47 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-03-22 14:47:44 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys 2011-03-22 14:47:43 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2011-03-22 14:47:30 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys 2011-03-22 14:47:08 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys 2011-03-22 14:45:58 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys 2011-03-22 14:44:58 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-03-22 14:43:57 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe 2011-03-22 14:42:58 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2011-03-22 14:41:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll 2011-03-22 14:40:56 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll 2011-03-22 14:39:58 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys 2011-03-22 14:38:58 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys 2011-03-22 14:37:59 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys 2011-03-22 14:36:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys 2011-03-22 14:35:14 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2011-03-22 14:34:55 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll 2011-03-22 14:33:59 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys 2011-03-22 14:32:35 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-03-21 18:31:30 -------- d-----w- c:\docume~1\userxp\applic~1\Malwarebytes 2011-03-21 18:31:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-21 18:31:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-21 18:31:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-21 18:31:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-26 16:48:13 -------- d-----w- c:\program files\InterActual . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 15:32:49.40 =============== Attach.txt ark.txt
  7. Ok thanks i will do as suggested and post in the Malware removal forum.
  8. When I got the error the 1st thing I did was download Malwarebytes and run a scan. Some malware was detected which I removed, at no other stage did I remove any rundll file. I have re-updated the Malwarebytes software and am running a repeat scan. Will follow up when that is complete.
  9. I have a rundll.exe error which does not allow me to change my desktop wall paper. When I choose a particular image and say OK the Display program hangs. I have downloaded and run a scan with Malware, no joy. I have run a SFC scan with the Windows XP disk inserted which did not help. I also manually copied the rundll from the windows disc into the Sys32 folder. No joy at all! Please help. Regards Tony
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.