Hi Ron ,
The two suspicious files are genuine entries from NVIDIA
Corporation.CPL is the Configuration Screen Applet, so
it's rather usefull it's loaded ( else you have no
controls )nvdeamon probably is linked to a number of
functions and shutting it off could cause them to be not
loaded. Id guess you can't shut it down..for such
reasons.
The bpvndw30104lib.dll entry i cannot help with as it
appears to be a random named .dll
Turn off your system restore and run some other scanners
and see if it can find the cause.
Disable System Restore:
Goto start > right click my computer > choose properties
then goto system restore and check the box ' Turn off
system restore ' then press apply, you can set a new
restore point when you are clean by following the above
but unchecking turn off system restore .
Download These:
Ewido Security Suite :
http://www.ewido.net/en/
When installing, under "Additional Options"
Uncheck "Install background guard" and "Install scan via
context menu".
When you run ewido for the first time, you will get a
warning "Database could not be found!". Click OK. From
the main ewido screen, click on Update in the left menu,
then click the Start update button.
After the update finishes (the status bar at the bottom
will display "Update successful")
Close out Ewido & run in safe mode .
Ad-aware SE
http://www.download.com/3000-2144-10045910.html
Again,install and update but run in safe mode with system
restore turned off.
Ccleaner - To rmeove all temp & unused files after
removal.
http://download.ccleaner.com/download119bin.asp
Next Run a online scan at any of these sites with system
restore still turned off :
Trend Micro
http://housecall.antivirus.com/
Panda
http://www.pandasoftware.com/activescan/
Bitdefender
http://www.bitdefender.com/scan/Msie/index.php
Trojan Scanner
http://www.windowsecurity.com/trojanscan/trojanscan.asp
After running the scanners and removing anything found
reboot to safe mode(reboot and keep tapping F8 untill you
see the option page then choose safe mode)
Run Ewido,Ad-aware & MS Antispy on a full scan and clear
anything found
goto start > run > and type
prefetch
Delete the contents of this folder.
If the file you posted isnt removed by any of the
scanners ,search for it find out any info you can about
the file by right clicking and choosing properties on the
screen that opens goto version then go through the list
(company name,product name etc..)
bpvndw30104lib.dll
You may need to enable hidden files and folders to find
it.
Go to My Computer->Tools/View->Folder Options->View tab
and make sure that 'Show hidden files and folders' is
enabled. Also make sure
that 'Display the contents of system folders' is checked
&
'Hide extentions for known file types ' is not checked
then press apply
You can set this back later by opening the same page and
pressing 'restore defaults' then pressing apply,
Windows XP's search feature is a little different. When
searching you click on 'All files and folders' on the
left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.
Then run Ccleaner on all 3 settings (windows,applications
& issues) and remove anything found.
Hopefully this will clear it but let me know if you have
any problems or if you can find any info on the infected
file
Regards
Andy
