It appears the VundoFix did work, though there is still one file showing that I question.
However let's try the AVG Anti-spy once more.
I want you to reboot to SAFE MODE.
Run the ATF-Cleaner one more time;
Double-click ATF-Cleaner.exe to run the program.Click Exit on the Main menu to close the program.
- Under Main "Select Files to Delete" choose: Select All.
- Click the Empty Selected button.
Important.. Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
- Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan"tab then click on "Complete Scan".
Once the scan is complete do the following:
- AVG will now begin the scanning process, be patient this may take a little time to complete.
Click Start - Run - and type in:
- If you have any infections you will prompted, then select "Apply all"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system, (Make sure to remember where you have saved the file, this is important.
- Close AVG Anti-Spyware 7.5 and reboot your system back into Normal Mode
services.msc
Click OK.
In the services window find WinTrust32 - Unknown owner
Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.
Exit the Services utility.
Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped then just exit the Services utility.
Next run HJT again and place a checkmark next to the following entries if they still exist;
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\apexktlc.dll
O2 - BHO: (no name) - {32391C4F-148B-4477-A109-B689B3A3E870} - C:\WINDOWS\system32\vtuvw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: nnnlmjk - nnnlmjk.dll (file missing)
O23 - Service: WinTrust32 - Unknown owner - C:\WINDOWS\system32\wintrust32.exe (file missing)
Once you have placed the checkmark then click the FIX button.
Exit HJT.
Reboot and run a new HJT scan. Save the log and post it back here along with the AVG Scan log.
Judy
Reply With Quote