Sounds like some malware remain. I have a hard time reading that HJT log - Make sure the Word Wrap is turned off.Originally Posted by Tirhakah
I did see some Vundo remnants. So, until Judy can check in, please run the following as per the instructions:
http://vundofix.atribune.org/
Post the Vundofix log and a fresh HJT for Judy. We'll probably need to run ComboFix as well, but the compy will need to be online for that.
I'll defer to Judy now, since she is more up-to-date on baddies than I these days.
Best Luck
PP
** Just wanted to add that the "shell.exe" message is likely due to the removal of a malware file (shell.exe) that remains in the registry to be called at startup.
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,winwork .exe,taskmar.exe
There remains a bunch more in the HJT log, but I think a run of ComboFix will weed them down considerably!
Reply With Quote