Solved Error Warning RECYCLERS\

[Resolved] Error Warning RECYCLERS\

Hi my pc recently went all crazy i figured i had a virus of some sort and cause of my novice with dealing with these things i tried running my anti virus but to no avail then had trouble accessing sites for more detail but unfortunately it all became a mess i was unable to acess my hard drives'
i got this warning :

RECYCLERS\5-7-1-51 100008833-1000020111-7799.com make sure you typed the names corectly and then try again to search for a file click start button, and then click search.

As unable to do much i decide ah well ill back up and do a clean install as it needed it anyway ,All went well with the clean install but the problem i have is that i have my hard drive partioned one partion is what my xp and programes run on that is the one i did the clean install on and it seems ok . but the other partion is where i have all my back up files pics music ect. on when i click onto open that drive now i get the message as i did with the other partion i did the clean install on .Cani fix my other partion with this error or whatever it is with out having to reformatt that too ???? any help will be appreciated below is a logs that were suggested to post:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Dave at 17:29:23.21 on Fri 04/10/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.2047.1511 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-4-10 22360]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2009-4-10 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2009-4-10 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2009-4-10 27776]
R1 AvgClean;AVG Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-4-10 10760]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-4-10 45416]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-10 138680]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2009-4-10 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2009-4-10 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2009-4-10 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2009-4-10 4960]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-10 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-10 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-10 185089]

=============== Created Last 30 ================

2009-04-10 16:25 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 16:25 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 16:25 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 16:25 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-10 16:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-10 16:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-10 16:21 <DIR> --d----- c:\program files\CCleaner
2009-04-10 15:23 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-10 15:05 169 a------- c:\windows\RtlRack.ini
2009-04-10 14:03 <DIR> --ds---- c:\documents and settings\dave\UserData
2009-04-10 13:50 <DIR> --d----- c:\docume~1\dave\applic~1\AVG7
2009-04-10 13:50 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-10 13:50 23,424 a------- c:\windows\system32\drivers\avgmfrs.sys
2009-04-10 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-04-10 13:16 156,672 a----r-- c:\windows\system32\RTLCPAPI.dll
2009-04-10 13:16 <DIR> --d----- c:\program files\Realtek Sound Manager
2009-04-10 13:16 <DIR> --d----- c:\program files\AvRack
2009-04-10 13:14 60,928 a----r-- c:\windows\system32\drivers\viamraid.sys
2009-04-10 13:14 27,904 a----r-- c:\windows\system32\drivers\VIAAGP1.SYS
2009-04-10 13:13 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2009-04-10 13:13 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2009-04-10 13:13 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-10 13:13 <DIR> --d----- c:\program files\VIA
2009-04-10 12:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-10 12:23 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-10 12:23 <DIR> --d----- c:\docume~1\dave\applic~1\SUPERAntiSpyware.com
2009-04-10 12:23 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-10 12:16 <DIR> --d----- c:\windows\RegisteredPackages
2009-04-10 12:15 <DIR> --d----- c:\program files\ATI Technologies
2009-04-10 12:11 <DIR> --d----- c:\windows\system32\URTTemp
2009-04-10 11:49 <DIR> --d----- c:\program files\Avira
2009-04-10 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-10 11:30 <DIR> --dsh--- c:\windows\Installer
2009-04-10 11:29 <DIR> --d----- c:\documents and settings\Dave
2009-04-10 11:27 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-10 11:25 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-04-10 11:24 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-10 11:22 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-10 11:22 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-10 11:22 <DIR> --d----- c:\program files\Online Services
2009-04-10 11:22 <DIR> --d----- c:\program files\Messenger
2009-04-10 11:22 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-10 11:21 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-04-10 11:24 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-10 11:22 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 17:29:45.32 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2009 9:26:46 PM
System Uptime: 4/10/2009 4:16:19 PM (1 hours ago)

Motherboard: | | P4M800Pro-8237
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3066/133mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3066/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 34.595 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 46.137 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_50041458&REV_86\3&13C0B0C5&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_50041458&REV_86\3&13C0B0C5&0&84
Service:

==== System Restore Points ===================

RP1: 4/10/2009 11:30:22 AM - System Checkpoint
RP2: 4/10/2009 11:46:51 AM - Avira AntiVir Personal - 4/10/2009 11:46
RP3: 4/10/2009 12:11:38 PM - Installed Microsoft .NET Framework 1.1
RP4: 4/10/2009 12:15:45 PM - Installed DirectX 9.0
RP5: 4/10/2009 12:16:53 PM - Installed ATI Catalyst Control Center
RP6: 4/10/2009 12:23:20 PM - Installed SUPERAntiSpyware Free Edition
RP7: 4/10/2009 1:13:41 PM - Installed Platform
RP8: 4/10/2009 1:16:09 PM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
RP9: 4/10/2009 1:16:26 PM - Installed Realtek AC'97 Audio

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
avast! Antivirus
AVG Free Edition
CCleaner (remove only)
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Platform
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
VIA Platform Device Manager
WebFldrs XP

==== Event Viewer Messages From Past Week ========

4/10/2009 10:19:05 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8053a2f8, parameter3 bae8058c, parameter4 00000000.

==== End Of File ===========================

 

Hi
You can only run 1 Anti Virus program.

Please choose 1 and remove the other using your Add/Remove programs.
Avast4
AVGFREE

Reboot your Computer, run a full scan on all drives with the anti virus program you kept and let me know what it says.

Geri

 

Hi thanks for your reply i uninstalled avast and am running avg 8.5 scan showed no threats but every hour a threat comes up .
trojan horse Sheur2.ZFZ D:\system Volume information\:restore_335F2805-C50C4859-B7C4-5062DE384A5}\RP9\A0001524.com
I was looking through some other post that had similar and saw they had run ComboFix so i ran that and i was then able to acess my partioned hard drive ( i hope that was ok ) but am still getting that infection evry hour
thanks i appreciate ur help

 

Hi
Can you post the Combofix log.

Should be located here.
C:\combofix.txt

Geri

 

hi here is combofix log : cheers

ComboFix 09-04-04.01 - Dave 2009-04-11 23:18:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.2047.1573 [GMT 10:00]
Running from: c:\documents and settings\Dave\My Documents\apps\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 23:13 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-04-11 23:13 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-04-11 23:13 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-04-11 23:13 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-04-11 23:13 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-04-11 23:13 . 2004-08-03 14:03 167,704 --a------ c:\windows\system32\wuaucpl.cpl.wusetup.945875.bak
2009-04-11 23:13 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-04-11 23:13 . 2004-08-03 13:59 39,704 --a------ c:\windows\system32\wups.dll
2009-04-11 23:06 . 2002-05-23 09:34 310,272 --a------ c:\windows\system32\winhttp.dll
2009-04-10 14:03 . 2009-04-10 14:03 <DIR> d---s---- c:\documents and settings\Dave\UserData
2009-04-10 13:50 . 2009-04-10 13:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 13:15 --------- d-----w c:\documents and settings\Dave\Application Data\AVG7
2009-04-10 11:05 --------- d-----w c:\program files\Opera
2009-04-10 10:12 --------- d-----w c:\program files\Yahoo!
2009-04-10 09:43 --------- d-----w c:\program files\Windows Installer Clean Up
2009-04-10 09:42 --------- d-----w c:\program files\MSECACHE
2009-04-10 06:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 06:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 06:25 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 06:25 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 06:25 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 06:25 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-10 06:21 --------- d-----w c:\program files\CCleaner
2009-04-10 04:36 --------- d-----w c:\program files\Alwil Software
2009-04-10 04:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-04-10 03:50 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-10 03:50 23,424 ----a-w c:\windows\system32\drivers\avgmfrs.sys
2009-04-10 03:49 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-10 03:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 03:16 --------- d-----w c:\program files\Realtek Sound Manager
2009-04-10 03:16 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 03:16 --------- d-----w c:\program files\AvRack
2009-04-10 03:14 --------- d-----w c:\program files\VIA
2009-04-10 02:23 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-10 02:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-10 02:23 --------- d-----w c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com
2009-04-10 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-10 02:19 --------- d-----w c:\documents and settings\Dave\Application Data\ATI
2009-04-10 02:16 --------- d-----w c:\program files\ATI Technologies
2009-04-10 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-10 01:25 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"RaidTool "= "c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"AVG7_CC "= "c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-04-10 590848]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"SoundMan "= "SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-04-10 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-10 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; "c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BITS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 23:19:00
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(608)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-04-11 23:19:57
ComboFix-quarantined-files.txt 2009-04-11 13:19:56

Pre-Run: 37,148,094,464 bytes free
Post-Run: 37,158,461,440 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect

119

 

Hi
OK please do this. In the order given.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Run a scan and let me know if anything was found.

Geri

 

Hi i did as requested ran scan and showed no threats . however i did run a scan earlier in the day and removed 9 trojans all of the SHeur2.ZFZ ones and one virus, Win32/vampiro , but as i said no threats on recent scan.
thanks again cheers

 

Hi
OK thanks, Good to hear.

Let me know if anything shows up.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri

 

Hi Thanks for your help every thing seems to be running well now . ill be downloading some of the preventive programmes you suggested .
Cheers