Another Winantivirus, looked at other solutions [Archive]

View Full Version : Another Winantivirus, looked at other solutions

Matt W

2006-10-01, 20:25

I cant remember even how i got it, i have tried many soltions, and finally decided i needed to post somewhere

i have run vundofix, at least 10 times, it finds files, deletes them, and they all come back

Occasionally Norton picks it up...but does no good.

my latest HJT log and vundofix log are below

Logfile of HijackThis v1.99.1
Scan saved at 1:22:36 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\hjt\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CE24FD0-9D56-4544-A048-3D52090E8EA9} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\jgusdmjl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpySweeperUninstallSurvey] http://products.webroot.com/disp0201.php?pc=64021&rc=3601&ps=T&oc=33&mjv=5&mnv=0&bld=1608&cd=&dcc=&drc=&mo=&sid=&lang=en&loc=USA&opi=2&omj=5&omn=1&rsc=
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

------------------------------------------------

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 5:21:21 PM 9/27/2006

Listing files found while scanning....

No infected files were found.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 6:50:07 PM 9/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.tmp
C:\WINDOWS\system32\stutv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 7:04:22 PM 9/27/2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.8

Scan started at 12:50:10 PM 10/1/2006

Listing files found while scanning....

C:\WINDOWS\system32\jgusdmjl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jgusdmjl.dll
C:\WINDOWS\system32\jgusdmjl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 1:18:11 PM 10/1/2006

Listing files found while scanning....

No infected files were found.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 1:25:06 PM 10/1/2006

Listing files found while scanning....

No infected files were found.

steamwiz

2006-10-01, 23:21

1. Please download VirtumundoBegone, and save it to your desktop.

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

2. Double-click on VirtumundoBeGone.exe and follow the instructions.

Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.

3. When the process finishes, reboot.

4. Post the contents of the VBG.TXT file, which you will find on your desktop

steam

Matt W

2006-10-02, 05:24

thank you for the speedy reply

ran the program, ran smoothly

heres the log

[10/01/2006, 22:15:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matthew\Desktop\VirtumundoBeGone.exe" )
[10/01/2006, 22:16:03] - Detected System Information:
[10/01/2006, 22:16:04] - Windows Version: 5.1.2600, Service Pack 2
[10/01/2006, 22:16:04] - Current Username: Matthew (Admin)
[10/01/2006, 22:16:04] - Windows is in NORMAL mode.
[10/01/2006, 22:16:04] - Searching for Browser Helper Objects:
[10/01/2006, 22:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/01/2006, 22:16:04] - BHO 2: {2CE24FD0-9D56-4544-A048-3D52090E8EA9} ()
[10/01/2006, 22:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:16:04] - Checking for HKLM\...\Winlogon\Notify\vtuts
[10/01/2006, 22:16:04] - Found: HKLM\...\Winlogon\Notify\vtuts - This is probably Virtumundo.
[10/01/2006, 22:16:04] - Assigning {2CE24FD0-9D56-4544-A048-3D52090E8EA9} MSEvents Object
[10/01/2006, 22:16:04] - BHO list has been changed! Starting over...
[10/01/2006, 22:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/01/2006, 22:16:04] - BHO 2: {2CE24FD0-9D56-4544-A048-3D52090E8EA9} (MSEvents Object)
[10/01/2006, 22:16:04] - ALERT: Found MSEvents Object!
[10/01/2006, 22:16:04] - BHO 3: {3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED} ()
[10/01/2006, 22:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:16:04] - Checking for HKLM\...\Winlogon\Notify\vtuts
[10/01/2006, 22:16:04] - Found: HKLM\...\Winlogon\Notify\vtuts - This is probably Virtumundo.
[10/01/2006, 22:16:04] - Assigning {3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED} MSEvents Object
[10/01/2006, 22:16:04] - BHO list has been changed! Starting over...
[10/01/2006, 22:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/01/2006, 22:16:04] - BHO 2: {2CE24FD0-9D56-4544-A048-3D52090E8EA9} (MSEvents Object)
[10/01/2006, 22:16:04] - ALERT: Found MSEvents Object!
[10/01/2006, 22:16:04] - BHO 3: {3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED} (MSEvents Object)
[10/01/2006, 22:16:04] - ALERT: Found MSEvents Object!
[10/01/2006, 22:16:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/01/2006, 22:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:16:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/01/2006, 22:16:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/01/2006, 22:16:04] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/01/2006, 22:16:04] - BHO 6: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/01/2006, 22:16:04] - BHO 7: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/01/2006, 22:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:16:04] - Checking for HKLM\...\Winlogon\Notify\jgusdmjl
[10/01/2006, 22:16:04] - Key not found: HKLM\...\Winlogon\Notify\jgusdmjl, continuing.
[10/01/2006, 22:16:04] - Finished Searching Browser Helper Objects
[10/01/2006, 22:16:04] - *** Detected MSEvents Object
[10/01/2006, 22:16:04] - Trying to remove MSEvents Object...
[10/01/2006, 22:16:05] - Terminating Process: IEXPLORE.EXE
[10/01/2006, 22:16:05] - Terminating Process: RUNDLL32.EXE
[10/01/2006, 22:16:05] - Disabling Automatic Shell Restart
[10/01/2006, 22:16:05] - Terminating Process: EXPLORER.EXE
[10/01/2006, 22:16:06] - Suspending the NT Session Manager System Service
[10/01/2006, 22:16:06] - Terminating Windows NT Logon/Logoff Manager
[10/01/2006, 22:21:08] - Re-enabling Automatic Shell Restart
[10/01/2006, 22:21:08] - File to disable: C:\WINDOWS\system32\vtuts.dll
[10/01/2006, 22:21:08] - Renaming C:\WINDOWS\system32\vtuts.dll -> C:\WINDOWS\system32\vtuts.dll.vir
[10/01/2006, 22:21:08] - ! File rename was unsucessful.
[10/01/2006, 22:21:08] - Attempting to Deny Access to C:\WINDOWS\system32\vtuts.dll
[10/01/2006, 22:21:08] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[10/01/2006, 22:21:08] - processed file: C:\WINDOWS\system32\vtuts.dll

[10/01/2006, 22:21:08] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[10/01/2006, 22:21:08] - Removing HKLM\...\Browser Helper Objects\{2CE24FD0-9D56-4544-A048-3D52090E8EA9}
[10/01/2006, 22:21:08] - Removing HKCR\CLSID\{2CE24FD0-9D56-4544-A048-3D52090E8EA9}
[10/01/2006, 22:21:08] - Adding Kill Bit for ActiveX for GUID: {2CE24FD0-9D56-4544-A048-3D52090E8EA9}
[10/01/2006, 22:21:08] - Deleting ATLEvents/MSEvents Registry entries
[10/01/2006, 22:21:08] - Removing HKLM\...\Winlogon\Notify\vtuts
[10/01/2006, 22:21:08] - Searching for Browser Helper Objects:
[10/01/2006, 22:21:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/01/2006, 22:21:08] - BHO 2: {3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED} (MSEvents Object)
[10/01/2006, 22:21:08] - ALERT: Found MSEvents Object!
[10/01/2006, 22:21:08] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/01/2006, 22:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:21:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/01/2006, 22:21:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/01/2006, 22:21:08] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/01/2006, 22:21:08] - BHO 5: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/01/2006, 22:21:08] - BHO 6: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/01/2006, 22:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:21:08] - Checking for HKLM\...\Winlogon\Notify\jgusdmjl
[10/01/2006, 22:21:08] - Key not found: HKLM\...\Winlogon\Notify\jgusdmjl, continuing.
[10/01/2006, 22:21:08] - Finished Searching Browser Helper Objects
[10/01/2006, 22:21:08] - *** Detected MSEvents Object
[10/01/2006, 22:21:08] - Trying to remove MSEvents Object...
[10/01/2006, 22:21:09] - Terminating Process: IEXPLORE.EXE
[10/01/2006, 22:21:09] - Terminating Process: RUNDLL32.EXE
[10/01/2006, 22:21:09] - Disabling Automatic Shell Restart
[10/01/2006, 22:21:09] - Terminating Process: EXPLORER.EXE
[10/01/2006, 22:21:09] - Suspending the NT Session Manager System Service
[10/01/2006, 22:21:10] - Terminating Windows NT Logon/Logoff Manager
[10/01/2006, 22:21:10] - Re-enabling Automatic Shell Restart
[10/01/2006, 22:21:10] - File to disable: C:\WINDOWS\system32\vtuts.dll
[10/01/2006, 22:21:10] - Renaming C:\WINDOWS\system32\vtuts.dll -> C:\WINDOWS\system32\vtuts.dll.vir
[10/01/2006, 22:21:10] - ! File rename was unsucessful.
[10/01/2006, 22:21:10] - Attempting to Deny Access to C:\WINDOWS\system32\vtuts.dll
[10/01/2006, 22:21:10] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[10/01/2006, 22:21:10] - processed file: C:\WINDOWS\system32\vtuts.dll

[10/01/2006, 22:21:10] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[10/01/2006, 22:21:10] - Removing HKLM\...\Browser Helper Objects\{3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED}
[10/01/2006, 22:21:10] - Removing HKCR\CLSID\{3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED}
[10/01/2006, 22:21:10] - Adding Kill Bit for ActiveX for GUID: {3C14B331-E6D3-4A1A-A1A3-60E3AA6051ED}
[10/01/2006, 22:21:10] - Deleting ATLEvents/MSEvents Registry entries
[10/01/2006, 22:21:10] - Removing HKLM\...\Winlogon\Notify\vtuts
[10/01/2006, 22:21:10] - Searching for Browser Helper Objects:
[10/01/2006, 22:21:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/01/2006, 22:21:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/01/2006, 22:21:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:21:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/01/2006, 22:21:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/01/2006, 22:21:10] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/01/2006, 22:21:10] - BHO 4: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/01/2006, 22:21:10] - BHO 5: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/01/2006, 22:21:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 22:21:10] - Checking for HKLM\...\Winlogon\Notify\jgusdmjl
[10/01/2006, 22:21:10] - Key not found: HKLM\...\Winlogon\Notify\jgusdmjl, continuing.
[10/01/2006, 22:21:10] - Finished Searching Browser Helper Objects
[10/01/2006, 22:21:10] - Finishing up...
[10/01/2006, 22:21:10] - A restart is needed.
[10/01/2006, 22:21:36] - Attempting to Restart via STOP error (Blue Screen!)

i didnt delete any of the files that it said i should

steamwiz

2006-10-02, 21:33

HI

Find and delete this file :-

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\vtuts.dll.vir

It may appear like either of the ones above...

This other file mentioned, was deleted by vundofix...

C:\WINDOWS\system32\jgusdmjl.dll

Virtumundobegone has cleaned out the registry & disabled the file which vundofix could not delete...

After deleting the vtuts.dll.vir file ....

run both vundofix & Virtumundobegone again and post both logs, along with a new hijackthis log

cheers

steam

Matt W

2006-10-03, 04:14

well when i opened the windows folder, there was no system32 folder, do you know why?

so i used IE to browse the system32 folder, found both files in there.

i used Killbox to delete the vtuts.dll.vir, but the vtuts.dll wouldnt delete, and it said access denied. So i booted up in safemode, and it still wouldnt let me. I finally scanned it with a trojan remover, and it deleted it.

im adding the Killbox log too

---------------------

VBG log

[10/02/2006, 21:07:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matthew\Desktop\VirtumundoBeGone.exe" )
[10/02/2006, 21:07:09] - Detected System Information:
[10/02/2006, 21:07:09] - Windows Version: 5.1.2600, Service Pack 2
[10/02/2006, 21:07:10] - Current Username: Matthew (Admin)
[10/02/2006, 21:07:10] - Windows is in NORMAL mode.
[10/02/2006, 21:07:10] - Searching for Browser Helper Objects:
[10/02/2006, 21:07:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/02/2006, 21:07:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/02/2006, 21:07:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2006, 21:07:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/02/2006, 21:07:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/02/2006, 21:07:10] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2006, 21:07:10] - BHO 4: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/02/2006, 21:07:10] - BHO 5: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/02/2006, 21:07:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2006, 21:07:10] - Checking for HKLM\...\Winlogon\Notify\jgusdmjl
[10/02/2006, 21:07:10] - Key not found: HKLM\...\Winlogon\Notify\jgusdmjl, continuing.
[10/02/2006, 21:07:10] - Finished Searching Browser Helper Objects
[10/02/2006, 21:07:10] - Finishing up...
[10/02/2006, 21:07:10] - Nothing found! Exiting...

---------------------

VundoFix

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 5:21:21 PM 9/27/2006

Listing files found while scanning....

No infected files were found.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 6:50:07 PM 9/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.tmp
C:\WINDOWS\system32\stutv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 7:04:22 PM 9/27/2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.8

Scan started at 12:50:10 PM 10/1/2006

Listing files found while scanning....

C:\WINDOWS\system32\jgusdmjl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jgusdmjl.dll
C:\WINDOWS\system32\jgusdmjl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 1:18:11 PM 10/1/2006

Listing files found while scanning....

No infected files were found.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 1:25:06 PM 10/1/2006

Listing files found while scanning....

No infected files were found.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 9:07:36 PM 10/2/2006

Listing files found while scanning....

No infected files were found.

--------------------------

killbox log

Pocket Killbox version 2.0.0.648
Running on Windows XP as Matthew(Administrator)
was started @ Sunday, October 01, 2006, 12:36 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkklkhi.dll

Killbox Closed(Exit) @ 12:40:47 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Matthew(Administrator)
was started @ Monday, October 02, 2006, 8:44 PM

# 1 [Delete on Reboot]
Path = C:/windows/system32/vtuts.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:45:46 PM
# 2 [Delete on Reboot]
Path = C:/windows/system32/vtuts.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:46:05 PM
# 3 [Delete on Reboot]
Path = C:/windows/system32/vtuts.dll.vir

I Rebooted @ 8:46:23 PM
Killbox Closed(Exit) @ 8:46:56 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Matthew(Administrator)
was started @ Monday, October 02, 2006, 8:48 PM

# 1 [Delete on Reboot]
Path = c:/windows/system32/vtuts.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:49:32 PM
# 2 [Delete on Reboot]
Path = c:/windows/system32/vtuts.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:53:12 PM
Killbox Closed(Exit) @ 8:53:14 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Matthew(Administrator)
was started @ Monday, October 02, 2006, 9:00 PM

# 1 [Delete on Reboot]
Path = c:/windows/system32/vtuts.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:00:56 PM
Killbox Closed(Exit) @ 9:01:07 PM

---------------------------------

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 9:12:59 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Matthew\Desktop\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\hjt\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\jgusdmjl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

so far i have used the internet, and not a single winantivirus pro or annoying pop up.

thanks for your help, hope i dont have to post any more problems

p.s. it would be nice if i could find out why i cant see my system32 folder

steamwiz

2006-10-03, 20:13

Hi

Try this :-

Go to Start > My Computer > Tools > Folder Options > "view" tab

Scroll down to & check Show hidden files & folders

uncheck Hide Protected operating system files

If the system32 folder becomes visible, right click it > properties > is hidden checked ?

steam

Matt W

2006-10-03, 22:36

Well i knew it wasnt the first option, but the Hide Protected operating system files was checked, so now i see it.

Thanks for all your help. :bigthumb:

steamwiz

2006-10-04, 21:01

Hi

It shouldn't have been hidden in the first place, so if the "hidden" attribute is checked ... uncheck it.

steam

tashi

2006-10-10, 08:45

As the problem appears to be resolved this topic has been archived. :)

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.