try this.. go into start menu
run
regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
remove any unusual programs in those registry keys
find the file that those key(s) point to on your hard disk and also remove the exe (trojan) or send it over to VXheavens for sampling
then see if it installed a rootkit (sys file) in one of these registry keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
BE VERY CAREFUL WITH YOUR REGISTRY, YOU COULD HOSE YOUR SYSTEM IF YOU DELETE THE WRONG ONES
run
regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
remove any unusual programs in those registry keys
find the file that those key(s) point to on your hard disk and also remove the exe (trojan) or send it over to VXheavens for sampling
then see if it installed a rootkit (sys file) in one of these registry keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
BE VERY CAREFUL WITH YOUR REGISTRY, YOU COULD HOSE YOUR SYSTEM IF YOU DELETE THE WRONG ONES