hi. thanks for reading my concern. i accidentally opened a bad application and some malware just spread. although popups werent there, im really concerned about my security. i ran vundo fix 6.7.7 and it somehow removed some of the files, but others just keep coming back. this is the log from vundo fix.


VundoFix V6.7.7

Checking Java version...

Scan started at 11:21:05 AM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\khfgfda.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\DrvMon.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\gebcb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 11:40:53 AM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\gebcb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.exe
C:\WINDOWS\system32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 12:15:06 PM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtsqp.exe
C:\WINDOWS\system32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hello rafraf16, and welcome to BleepingComputer.

Download Dr Web-Cureit! to your Desktop.
Don't run it yet.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\khfgfda.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now, press F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Run Dr Web-Cureit! by double-clicking on the drweb-cureit.exe file.

• Click OK in the prompt window that will open, asking "Start the express scan now".
• It will first make a quick scan of your system, let it clean what it finds.
• When it says "Done" in the lower left corner click on all your drives.
• A red dot will mark the selected drive(s) .
• Then click the pedestrian who now has turned green.
• It will scan ALL your drives, say Yes to all.
• Select 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File | Save Report List.
• Save the report to your Desktop. The report will be called DrWeb.csv

Reboot normally.
Please post this log in your reply