As a number of the threads here already are based upon Vundo, I too have been hit by this virus, I've been unable to get it through the Standard Virus Scan / Spyware methods, so finding that there is some way to remove it was quite a relief. I am however, unsure as to how to proceed once I've run VundoFix & HiJackThis, since from what I can see the next steps are mostly based on HiJack this results, which I don't know how to interpret. Any help you could provide would be much appreciated!

Go to the this link: Disable Realtime Protection Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files. Run Vundo fix again and post your Hijack This log. Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces.

Thanks for the quick reply! This is after having done my go through the HiJack This log and running Combofix, these are the resulting log files. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:18:08 PM, on 5/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\RUNDLL32.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Desktop\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaba.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://telstra.com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.c... O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: FireDaemon Service: svchost (svchost) - Unknown owner - c:\winnt\system32\drivers\etc\FireDaemon.exe (file missing) O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: FireDaemon Service: winserv32 (winserv32) - Unknown owner - c:\winnt\system32\drivers\etc\FireDaemon.exe (file missing) -- End of file - 11547 bytes ComboFix 08-02.05.3 - WinXP 2008-02-05 14:19:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 11:00] Running from: C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe C:\Program Files\outlook C:\Program Files\outlook\p.zip C:\WINDOWS\explore.exe C:\WINDOWS\system32\fhvpmnwv.ini C:\WINDOWS\system32\gmuyuijm.ini C:\WINDOWS\system32\iismthsn.ini C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\ijkmp.ini2 C:\WINDOWS\system32\kyxeqfyi.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\msn.exe C:\WINDOWS\system32\ovpgtrhc.dll C:\WINDOWS\system32\uvpvjmae.ini C:\WINDOWS\system32\vmuhrhps.dll G:\RECYCLER\[u]0[/u].0 G:\RECYCLER\1.0 ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com hxxp://www.downloõj+|Cü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+|Cü¤Ì›vad S-1-5-18 ` €HT4? ?    6ÚVwoQZC¬¬D¢HÿóM sC:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\8d779e337920b097aa0c01859912950606e9fc12‡ . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SVCHOST -------\svchost ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) . 2008-02-05 13:54 . 2008-02-05 14:00 139,264 --a------ C:\WINDOWS\War3Unin.exe 2008-02-05 13:54 . 2008-02-05 14:01 76,078 --a------ C:\WINDOWS\War3Unin.dat 2008-02-05 13:54 . 2008-02-05 14:00 2,829 --a------ C:\WINDOWS\War3Unin.pif 2008-02-05 13:30 . 2008-02-05 14:08 <DIR> d-------- C:\VundoFix Backups 2008-02-03 18:17 . 2008-01-20 21:55 85,568 --------- C:\WINDOWS\system32\trz77F6.tmp 2008-02-03 18:17 . 2008-01-20 21:47 76,352 --------- C:\WINDOWS\system32\trz77F5.tmp 2008-02-02 16:07 . 2008-02-02 16:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-02-01 12:21 . 2008-02-05 14:18 31,416 --a------ C:\WINDOWS\system32\msn 2008-02-01 12:21 . 2008-02-05 14:18 31,365 --a------ C:\WINDOWS\system32\explor 2008-02-01 12:20 . 2008-02-01 12:20 3,507,272 ---hs---- C:\WINDOWS\setup2.exe 2008-02-01 12:20 . 2008-02-01 12:20 12,800 --a------ C:\WINDOWS\system32\explor.exe 2008-01-29 18:51 . 2008-01-29 18:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-01-29 18:49 . 2008-01-29 18:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-29 18:49 . 2008-01-29 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-28 23:37 . 2008-01-28 23:37 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-23 19:32 . 2006-07-04 21:33 472,000 --a------ C:\WINDOWS\system32\drivers\WPN311.sys 2008-01-23 19:30 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2008-01-23 19:30 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys 2008-01-23 19:30 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2008-01-23 19:30 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys 2008-01-23 19:30 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2008-01-23 19:30 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys 2008-01-23 19:30 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-01-23 19:30 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys 2008-01-23 19:15 . 2008-01-23 19:15 <DIR> d-------- C:\Program Files\NETGEAR 2008-01-23 19:15 . 2008-01-23 19:15 <DIR> d-------- C:\OEMSettings 2008-01-23 19:15 . 2008-01-23 19:15 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-23 16:54 . 2007-02-04 05:32 527,136 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2008-01-23 16:54 . 2007-02-04 05:27 490,784 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS 2008-01-23 16:54 . 2003-02-21 23:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll 2008-01-23 16:54 . 2007-02-04 05:29 264,992 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2008-01-23 16:54 . 2007-02-04 05:32 215,840 -ra------ C:\WINDOWS\system32\LVUI2.dll 2008-01-23 16:54 . 2007-02-04 05:29 129,824 -ra------ C:\WINDOWS\system32\lvci1051.dll 2008-01-23 16:54 . 2007-02-04 03:59 50,127 -ra------ C:\WINDOWS\system32\lvcoinst.ini 2008-01-23 16:54 . 2007-02-04 05:32 41,504 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-01-23 16:54 . 2007-02-04 04:01 13,398 -ra------ C:\WINDOWS\system32\Repository.reg 2008-01-23 16:49 . 2008-01-23 16:54 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2008-01-23 16:49 . 2008-01-23 16:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logishrd 2008-01-20 21:53 . 2007-12-05 00:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:53 . 2004-01-09 20:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:53 . 2007-12-04 23:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:53 . 2007-12-05 01:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:53 . 2007-12-05 01:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:53 . 2007-12-05 01:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:53 . 2007-12-05 01:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:53 . 2007-12-05 01:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 21:51 . 2008-01-20 21:51 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-18 16:54 . 2008-01-18 16:54 <DIR> d-------- C:\Program Files\iPod 2008-01-18 16:49 . 2007-10-11 10:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-18 16:49 . 2007-07-01 14:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-18 16:49 . 2007-07-01 14:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-18 16:49 . 2007-10-11 10:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-18 16:49 . 2007-10-11 10:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-18 16:49 . 2007-10-11 10:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-18 16:49 . 2007-10-11 10:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-18 16:49 . 2007-10-11 10:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-18 16:49 . 2007-10-10 21:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-18 16:44 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-08 12:16 . 2008-01-08 12:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-07 02:16 . 2008-01-07 02:16 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-01-07 01:26 . 2008-01-07 01:26 <DIR> d-------- C:\Program Files\MagicISO 2008-01-07 00:43 . 2008-01-07 00:43 <DIR> d-------- C:\Program Files\MSBuild 2008-01-07 00:34 . 2008-02-03 14:51 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-01-07 00:33 . 2008-01-07 00:33 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-01-07 00:32 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-07 00:13 . 2008-01-07 00:13 <DIR> d-------- C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\Sony Setup 2008-01-05 08:59 . 2008-01-05 08:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-05 08:59 . 2008-01-05 08:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-05 08:58 . 2008-01-05 08:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-05 08:58 . 2008-01-05 08:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-05 08:58 . 2008-01-05 08:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-05 08:56 . 2008-01-05 08:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-05 08:56 . 2008-01-05 08:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 03:01 --------- d-----w C:\Program Files\Warcraft III 2008-02-03 08:30 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-02-03 02:34 --------- d-----w C:\Program Files\Sony 2008-02-03 02:33 --------- d-----w C:\Program Files\Sony Setup 2008-02-03 02:16 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\Azureus 2008-02-02 05:07 --------- d-----w C:\Program Files\Lavasoft 2008-02-02 05:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-31 23:43 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\LimeWire 2008-01-23 05:49 --------- d-----w C:\Program Files\Logitech 2008-01-23 04:06 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\AdobeUM 2008-01-21 14:18 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\dvdcss 2008-01-21 12:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2008-01-20 02:37 --------- d-----w C:\Program Files\DivX 2008-01-18 05:54 --------- d-----w C:\Program Files\iTunes 2008-01-18 05:53 --------- d-----w C:\Program Files\QuickTime 2008-01-16 10:37 --------- d-----w C:\Program Files\DebugMode 2008-01-16 00:57 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\Apple Computer 2008-01-06 15:17 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-06 15:16 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-01-06 14:36 --------- d-----w C:\Program Files\Vstplugins 2008-01-06 14:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony 2008-01-06 14:27 --------- d-----w C:\Documents and Settings\WinXP.WINXP-KBYKG320P\Application Data\Sony 2008-01-06 13:40 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-06 12:57 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-01-06 12:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 01:36 --------- d-----w C:\Program Files\World of Warcraft 2008-01-03 13:38 --------- d-----w C:\Program Files\Winamp 2007-12-29 16:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-27 15:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-27 14:59 --------- d-----w C:\Program Files\Windows Live 2007-12-27 14:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2007-12-27 14:57 --------- d-----w C:\Program Files\MSN Messenger 2007-12-26 07:00 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-26 06:39 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8589.sys 2007-12-25 09:32 --------- d-----w C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer 2007-12-25 07:38 --------- d-----w C:\Program Files\Azureus 2007-12-22 11:34 --------- d-----w C:\Program Files\MySpace 2007-12-20 06:05 512 ----a-w C:\drmHeader.bin 2007-12-19 01:06 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-17 06:15 --------- d-----w C:\Program Files\Apple Software Update 2007-12-17 06:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple 2007-12-14 00:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-09 03:23 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-04 15:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.exe 2007-12-04 14:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-04 14:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-04 14:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-04 14:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-04 14:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-04 14:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-04 14:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-04 14:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-04 14:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-04 14:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-04 14:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-04 14:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-04 14:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-04 14:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-04 14:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-04 14:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-04 14:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-04 14:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-04 14:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-04 14:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-04 14:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-04 14:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-04 14:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-04 14:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-04 14:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-04 14:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-04 14:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-04 14:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-04 14:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-04 14:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-04 14:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2006-06-06 03:45 271 --sh--w C:\Program Files\desktop.ini 2006-06-06 03:45 21,952 ---ha-w C:\Program Files\folder.htt 2006-01-25 00:30 456,768 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys 2005-01-26 23:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.exe 2005-01-26 23:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [ ] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ] "EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}"="C:\program files\Telstra\Signup\tbpt.exe" [ ] "snpstd"="C:\WINDOWS\vsnpstd.exe" [ ] "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [ ] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ] "vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00 79224] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Cmaudio"="cmicnfg.cpl" [] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 21:13 77824 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.exe" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] NETGEAR WPN311 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2006-02-22 13:49:28 1486848] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-09-17 17:23] S2 winserv32;FireDaemon Service: winserv32;c:\winnt\system32\drivers\etc\FireDaemon.exe [] S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 23:12] S3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\FA31xND5.SYS [2001-04-17 19:41] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D3957CBA-F412-1EE5-C0DB-E57D5C7E5C55}] C:\WINDOWS\system32\msn.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FFB51E11-E299-1285-7107-8806CB3DFE73}] C:\WINDOWS\system32\explor.exe . Contents of the 'Scheduled Tasks' folder "2008-01-29 09:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-05 14:25:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . r Running Proce . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2008-02-05 14:29:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-05 03:29:05 . 2008-02-03 03:52:49 --- E O F ---

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked": F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaba.exe O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.exe Exit Hijack This Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\WINDOWS\system32\trz77F6.tmp C:\WINDOWS\system32\trz77F5.tmp C:\WINDOWS\system32\explor.exe C:\Program Files\DAP\DAP.exe C:\WINDOWS\system32\ddaba.exe Folder:: C:\WINDOWS\system32\explor C:\Program Files\DAP Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FFB51E11-E299-1285-7107-8806CB3DFE73}] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download ATF Cleaner from this link: ATF Cleaner Run ATF-Cleaner Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Run an online scan with Kaspersky from the following link: Kaspersky Online Scanner Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Base Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.