The forum is run by volunteers who donate their time and expertise.Want to help others? Mar 19, 2009 #13 meloman TS Rookie Topic Starter Hello Kritius, Thank you for responding so quickly. However, an antivirus is not always effective against Trojan horse, so at that instance the way out of the problem is to remove Trojan horse virus manually. As DDS did work, I assume I did not need to also run RSIT?

Stay with this topic until I give you the all clean post. The ImagePath of WinDefend service is OK.

c:\windows\system32\cxcahxsg.dll c:\windows\system32\fhhrur.dll c:\windows\system32\llyvkp.dll c:\windows\system32\wepsufok.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PACKET ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-13 16:52 . 2009-02-13 16:52

d-------- c:\documents and settings\David Baker\Application Data\Malwarebytes It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal Well, apparently I downloaded a friendly virus to my pc sometime in the last few weeks. I've been running virus scans daily as well as using Spybot in the background to block new registry entries.

Once I did that, things went downhill from there. I installed the Antispyware, realized later that I had been duped, so I removed it using the Control Panel / Add or Remove Programs. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Finally, delete the following folders if they still exist: C:\Program Files\ViewManager\ <-- and delete this folder C:\Program Files\Viewpoint\ <-- and delete this folder Run CFScript Open notepad and copy/paste the text

At the minute the best option may be to re install. I've attached the log here. uStart Page = hxxp:// uInternet Connection Wizard,ShellNext = hxxp:// uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: Backward Links - c:\program It is.

HKEY_CLASSES_ROOT\CLSID\{dd114a26-7d07-4331-b176-493cadfc7d75} (Trojan.Vundo.H) -> Delete on reboot. this content Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. My WebsiteMy help doesn't cost a penny, but if you'd like to consider a donation, click Back to top #5 nazatul nazatul Topic Starter Members 12 posts OFFLINE Local C:\WINDOWS\system32\BdNTCJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

You will be prompted: Do you want to clean the registry ? When I click Apply the Startup type reset to Disabled. Machine seems to be running normally--no problems.

To try changing these settings yourself, go to System in Control Panel.

The program will proceed to remove the folders and will perform another scan for bak folders. Pls help.. timeout was 2 seconds. Do not attempt to fix any item yet.

Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.16 Adobe Reader out of Date! TechSpot Account Sign up for free, it takes 30 seconds. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. check over here Virus/Malware issues 1 2 3 4 9 By kstmommy, March 28, 2013 219 replies 21,796 views Maurice Naggar April 13, 2013 system running slow. 1 2 3 4 9 By scorpian,

Do not add anything to the ignore list. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.