I've got a pop-up message titled "Windows security alert" with the following content:
"Windows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses.Run full system scan now to protect your PC from Internet attacks,hijacking attempts and spyware!Click here to download spyware remover for total protection."
Immidiatelly after this,the IE opens with the adress of some site called <http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2>.
There is a red cross kind of icon in my system tray and after every minute a trigger pops up a message window on my screen asking me to go to some other website like <http://www.udefender.com/freeware/3/?wmid=6010&mid=MjI6OjEzMzk=&lndid=15&p=1>
Pleas tell me if you know what kind of virus is this and how can i get rid of it. I need help immediately.
I am really very annoyed from all these pop ups coming up and not letting me do my work. confused1.gif
Please help

I was stupid and don't have a restore point to go back to dohhh.

I need help with this pleeeeeese here is the log from Hijack

i will be checking back here from time to time the rest of the night but not going to go to my email don't want to be hit.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10: VIRUS ALERT!, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Administrator\Desktop\muBlinder.exe -startup
O4 - HKLM\..\Run: [f0ada003] rundll32.exe "C:\WINDOWS\system32\ubadvrpf.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /c md "%USERPROFILE%\Impostazioni locali\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179312862578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179314129343
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: onfwbsak - {EF31C6C9-6401-4A0B-BED5-EF363978127B} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {4C635B72-31A2-4CE3-8431-4042C3D7F223} - C:\WINDOWS\rwlfsdmk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9792 bytes

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

SDFix: Version 1.230
Run by Administrator on Mon 09/29/2008 at 06:09

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
msconfig.exe restored from dllcache

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\awtTmJcc.dll - Deleted
C:\WINDOWS\EWTE.EXE - Deleted
C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url - Deleted
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\lwpwer.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\windfr.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\tmpA2.tmp - Deleted
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\fbxrqtwn.exe - Deleted
C:\WINDOWS\onfwbsak.dll - Deleted
C:\WINDOWS\peltodgx.dll - Deleted
C:\WINDOWS\rwlfsdmk.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 02:01:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fd,8e,49,89,5c,44,b3,df,e1,63,a9,7a,96,65,f9,fc,9b,ed,8a,65,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b7,aa,9a,df,6c,ad,0f,a5,0b,54,64,7e,29,6b,59,34,a9,..
"khjeh"=hex:28,1f,6d,1b,dc,d5,84,cd,1c,31,4a,a2,a5,43,3c,38,49,2f,14,a4,b6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,7e,a8,f8,7b,38,7c,30,59,25,a7,69,bc,77,62,48,3f,8a,50,5b,5c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e4,7e,a8,f8,7b,38,7c,30,59,25,a7,69,bc,77,62,48,3f,8a,50,5b,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fd,8e,49,89,5c,44,b3,df,e1,63,a9,7a,96,65,f9,fc,9b,ed,8a,65,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b7,aa,9a,df,6c,ad,0f,a5,0b,54,64,7e,29,6b,59,34,a9,..
"khjeh"=hex:28,1f,6d,1b,dc,d5,84,cd,1c,31,4a,a2,a5,43,3c,38,49,2f,14,a4,b6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,7e,a8,f8,7b,38,7c,30,59,25,a7,69,bc,77,62,48,3f,8a,50,5b,5c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e4,7e,a8,f8,7b,38,7c,30,59,25,a7,69,bc,77,62,48,3f,8a,50,5b,5c,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Groove Games\\LASR\\LASR.exe"="C:\\Program Files\\Groove Games\\LASR\\LASR.exe:*:Enabled:LASR"
"C:\\Program Files\\damaka\\damaka.exe"="C:\\Program Files\\damaka\\damaka.exe:*:Enabled:damaka - A Connection Revolution™"
"C:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"="C:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe:*:Enabled:Madden NFL 08"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Enabled:Realmon"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"="C:\\Program Files\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 3 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 9 Mar 2008 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti28.tmp"
Sun 23 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT2.tmp"
Sun 21 Sep 2008 1,745 ...HR --- "C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 3 Jul 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Sat 6 Oct 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 16 May 2007 312 A.SH. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 298 Go Free : 20 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total : 465 Go Free : 5 Go
I:\ (Local Disk) - FAT32 - Total : 151 Go Free : 10 Go
J:\ (Local Disk) - NTFS - Total : 127 Go Free : 4 Go

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Tue 09/30/2008| 2:11 )

--------------------\\ Listing folders in APPLIC~1

[08/12/2008|22:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\.SwarmPlayer
[08/10/2008|20:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\.Tribler
[04/19/2008|02:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[11/06/2007|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[05/15/2007|16:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[09/23/2007|14:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
[09/21/2008|14:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVGTOOLBAR
[09/25/2008|20:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
[09/23/2007|14:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\COWON
[07/16/2008|06:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[04/16/2008|02:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[10/07/2007|00:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
[10/01/2007|13:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[05/15/2007|16:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[12/23/2007|12:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[12/23/2007|12:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield Installation Information
[09/26/2007|09:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Joost
[07/09/2007|22:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[07/13/2008|20:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
[05/15/2007|16:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[12/23/2007|12:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Center Programs
[05/16/2007|03:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[09/21/2008|13:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[08/15/2008|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\mIRC
[01/22/2008|23:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Move Networks
[09/28/2008|23:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[09/28/2008|23:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
[03/23/2008|08:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[08/14/2007|20:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
[07/09/2007|22:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Seven Zip
[09/16/2008|21:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[05/16/2007|03:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[05/19/2007|12:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[09/23/2007|14:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Systweak
[09/28/2008|22:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\TmpRecentIcons
[05/22/2008|20:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\TVU networks
[07/01/2008|01:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
[05/23/2007|16:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\VERITAS
[05/16/2007|03:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[08/22/2007|22:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[10/14/2007|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[08/22/2007|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro
[02/15/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/21/2008|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[05/17/2007|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[07/06/2008|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Codemasters
[02/14/2008|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[09/25/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[09/16/2007|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/15/2007|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[08/21/2007|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[12/19/2007|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagate
[05/25/2007|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/19/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[09/30/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/22/2008|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU networks
[05/16/2007|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[05/15/2007|16:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[09/21/2008|13:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[09/21/2008|13:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/30/2008 01:56][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/23/2007|19:43] C:\Program Files\7-Zip
[11/11/2007|12:38] C:\Program Files\Activision
[02/15/2008|02:39] C:\Program Files\Adobe
[05/15/2007|16:33] C:\Program Files\Advanced System Optimizer
[11/13/2007|08:25] C:\Program Files\Alarm Clock
[09/19/2008|21:40] C:\Program Files\Attack on Pearl Harbor
[09/21/2008|14:01] C:\Program Files\AVG
[07/02/2008|02:28] C:\Program Files\Azureus
[02/15/2008|01:52] C:\Program Files\Bonjour
[07/06/2008|22:32] C:\Program Files\Codemasters
[08/12/2008|19:50] C:\Program Files\Combined Community Codec Pack
[09/29/2008|00:19] C:\Program Files\Common Files
[05/15/2007|16:27] C:\Program Files\ComPlus Applications
[10/06/2007|23:10] C:\Program Files\DAEMON Tools
[11/10/2007|23:20] C:\Program Files\damaka
[05/15/2007|16:34] C:\Program Files\Diskeeper Corporation
[05/15/2007|16:34] C:\Program Files\DivX
[01/31/2008|00:38] C:\Program Files\EA SPORTS
[03/07/2008|22:59] C:\Program Files\Electronic Arts
[05/15/2007|16:38] C:\Program Files\filtercodecpack
[03/07/2008|23:19] C:\Program Files\GameSpy
[05/15/2007|16:34] C:\Program Files\GlobalSCAPE
[09/25/2008|09:40] C:\Program Files\Google
[02/10/2008|02:15] C:\Program Files\GrabIt
[09/30/2007|19:48] C:\Program Files\Hamachi
[02/12/2008|20:25] C:\Program Files\Infogrames Interactive
[07/06/2008|22:32] C:\Program Files\InstallShield Installation Information
[10/25/2007|23:42] C:\Program Files\InterActual
[09/03/2008|00:59] C:\Program Files\Internet Explorer
[05/15/2007|16:35] C:\Program Files\Java
[07/09/2007|22:35] C:\Program Files\LG Software Innovations
[05/15/2007|16:35] C:\Program Files\LimeWire
[07/07/2008|21:07] C:\Program Files\Mediatwins software
[09/01/2008|03:00] C:\Program Files\Messenger
[05/30/2007|14:38] C:\Program Files\Microsoft ActiveSync
[05/16/2007|05:16] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[05/15/2007|16:30] C:\Program Files\microsoft frontpage
[07/25/2007|12:35] C:\Program Files\Microsoft Office
[09/01/2008|03:02] C:\Program Files\Microsoft Silverlight
[07/25/2007|12:35] C:\Program Files\Microsoft Works
[07/07/2008|21:37] C:\Program Files\Microsoft Xbox 360 Accessories
[05/30/2007|14:37] C:\Program Files\Microsoft.NET
[08/08/2007|13:27] C:\Program Files\Miracle C
[08/15/2008|02:14] C:\Program Files\mIRC
[05/15/2007|16:30] C:\Program Files\movie maker
[09/30/2008|02:07] C:\Program Files\Mozilla Firefox
[05/16/2007|13:20] C:\Program Files\MSBuild
[05/15/2007|16:27] C:\Program Files\MSN
[05/15/2007|16:30] C:\Program Files\msn gaming zone
[05/15/2007|16:37] C:\Program Files\MSN Messenger
[05/16/2007|13:43] C:\Program Files\MSXML 6.0
[08/22/2007|22:20] C:\Program Files\Nero
[05/15/2007|16:28] C:\Program Files\NetMeeting
[05/15/2007|16:27] C:\Program Files\Online Services
[07/06/2008|23:15] C:\Program Files\OpenAL
[06/14/2007|08:11] C:\Program Files\Outlook Express
[06/06/2007|12:23] C:\Program Files\PERRLA
[05/15/2007|16:37] C:\Program Files\PowerISO
[05/18/2007|15:24] C:\Program Files\QuickPar
[02/15/2008|02:24] C:\Program Files\QuickTime
[09/30/2007|20:46] C:\Program Files\RamBooster 2.0
[01/31/2008|00:39] C:\Program Files\ratDVD
[03/15/2008|08:40] C:\Program Files\Real
[05/16/2007|13:18] C:\Program Files\Reference Assemblies
[09/25/2008|09:33] C:\Program Files\Registry Mechanic
[12/19/2007|19:37] C:\Program Files\Seagate
[06/22/2008|20:07] C:\Program Files\SEGA
[05/25/2007|13:21] C:\Program Files\Skype
[10/01/2007|09:24] C:\Program Files\Smart Projects
[05/16/2007|03:06] C:\Program Files\Sonic
[07/08/2008|07:13] C:\Program Files\SpeedFan
[09/29/2008|00:19] C:\Program Files\Spyware Doctor
[08/10/2008|20:22] C:\Program Files\SwarmPlayer
[09/19/2008|21:39] C:\Program Files\Symantec
[09/21/2008|08:26] C:\Program Files\Trend Micro
[05/22/2008|20:33] C:\Program Files\TVUPlayer
[01/30/2008|15:30] C:\Program Files\Ubisoft
[05/15/2007|16:38] C:\Program Files\Uninstall Information
[06/29/2008|18:32] C:\Program Files\uTorrent
[05/16/2007|03:02] C:\Program Files\VIAudioi
[05/16/2007|03:35] C:\Program Files\VideoLAN
[06/06/2007|15:38] C:\Program Files\Winamp
[10/18/2007|02:03] C:\Program Files\Windows Media Player
[05/15/2007|16:30] C:\Program Files\Windows NT
[05/15/2007|16:29] C:\Program Files\WindowsUpdate
[10/17/2007|10:08] C:\Program Files\WinRAR
[05/15/2007|16:30] C:\Program Files\xerox
[09/25/2008|23:10] C:\Program Files\yEnc32

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/15/2008|02:41] C:\Program Files\Common Files\Adobe
[08/22/2007|22:20] C:\Program Files\Common Files\Ahead
[05/30/2007|14:38] C:\Program Files\Common Files\DESIGNER
[09/29/2008|00:19] C:\Program Files\Common Files\Download Manager
[09/03/2007|19:10] C:\Program Files\Common Files\InstallShield
[06/10/2007|17:56] C:\Program Files\Common Files\Invictus
[05/15/2007|16:34] C:\Program Files\Common Files\Java
[02/14/2008|01:28] C:\Program Files\Common Files\Macrovision Shared
[09/29/2007|20:33] C:\Program Files\Common Files\Microsoft Shared
[05/15/2007|16:28] C:\Program Files\Common Files\MSSoap
[05/15/2007|17:23] C:\Program Files\Common Files\ODBC
[03/15/2008|08:40] C:\Program Files\Common Files\Real
[12/19/2007|19:33] C:\Program Files\Common Files\Seagate
[05/15/2007|16:28] C:\Program Files\Common Files\Services
[05/25/2007|13:21] C:\Program Files\Common Files\Skype
[05/16/2007|03:06] C:\Program Files\Common Files\Sonic
[05/15/2007|16:30] C:\Program Files\Common Files\speechengines
[09/19/2008|21:43] C:\Program Files\Common Files\Symantec Shared
[06/14/2007|08:11] C:\Program Files\Common Files\System
[12/19/2007|19:37] C:\Program Files\Common Files\Wise Installation Wizard
[03/15/2008|08:40] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\nsa6D.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 02:14:40
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\PrYyyyxx.ini
C:\WINDOWS\system32\PrYyyyxx.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Favorites\bittorent\adult\puretna\yes\yesssssss\yes\yes\more\Pure TnA Details for torrent Avena (TeachMyAss) - 20 Yr. Old Beauty Has Her Crackhole Crammed.url


[F:322][D:170]-> C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp
[F:20][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:442][D:21]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 09/30/2008| 2:17 - Option : [1]

--------------------\\ Scan completed at 2:17:33

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Also post a new HJT log

Malwarebytes' Anti-Malware 1.28
Database version: 1224
Windows 5.1.2600 Service Pack 2

9/30/2008 7:46:57 AM
mbam-log-2008-09-30 (07-46-57).txt

Scan type: Quick Scan
Objects scanned: 46302
Time elapsed: 16 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gtlynpym.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyyyYrP.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54501aaf-57f5-4279-b5b3-10af5f204a0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54501aaf-57f5-4279-b5b3-10af5f204a0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bxfa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyyyyrp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyyyyrp -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xxyyyYrP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\PrYyyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PrYyyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtlynpym.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mypnyltg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubadvrpf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fprvdabu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcBRIB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfEvtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOeDSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C2GQCXMW\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.

Post the Kaspersky log

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.