The legitimate file is called rundll32 so CF did remove the bad version
How is the computer behaving now /
-
Close any open browsers.
-
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-
Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\~tmf5904701207093653827.tmp"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.