Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
In need of some computer help

Page 1 of 2 1 2
Reply  
Thread Tools
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
23-Mar-2008, 02:00 PM #1
In need of some computer help
Hello, I'm completely new to this site, but my computer has been giving me some trouble and a friend of mine told me I could get some help at this site.

My computer will run ok on safe mode, but if I run it normally and start a few programs the task bar will disappear and everything will freeze up for a bit. It eventually unfreezes, but the task bar remains missing as well as all my short cut buttons, so once I exit out of everything, I have to restart the computer if I want to get back to anything. I can use Ctrl-Alt-Del to get to my task manager and shut it off that way. I've tried looking for some free virus removal software--I've been using the AVG free edition because I just don't have the money to buy any software.

I don't know much about computers... I know that I have a windows XP, if that helps. Can anyone help me out?
Register for free to hide this ad!
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
23-Mar-2008, 02:34 PM #2
Hi, Let's see if any malware shows by checking a Hijackthis log:

go to Click here to download HJTsetup.exe
  • Click the blue "Download the Hijackthis Installer" link
  • Save HJTsetup.exe to your desktop. DO NOT just press run from the website
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

don't forget this second part

Please also do this:
  • Open Hijack This and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button.
  • Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
  • Copy and paste that list here in your reply
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
23-Mar-2008, 04:19 PM #3
Thanks for the help, this is what I've got so far:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:31 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Task Scheduler] C:\WINDOWS\system32\dlha\mstask32.com
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [7c03cf4c] rundll32.exe "C:\WINDOWS\system32\voovmgbp.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM7f30fcd0] Rundll32.exe "C:\WINDOWS\system32\eptimedc.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5425 bytes
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
24-Mar-2008, 12:30 AM #4
Hi,

SD FIX
Please read all through the info so you know what will be done.
**Note that SDFix runs only in Safe Mode
**Also> any user account that you boot into, in Safe Mode, has to be at Administrator user level...
There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a Hijackthis log made after SDFix is done
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
25-Mar-2008, 11:09 PM #5
Here's the SDFix report:


SDFix: Version 1.160

Run by Administrator on Mon 03/24/2008 at 03:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\359.TMP - Deleted
C:\ADWARE.EXE - Deleted
C:\WINDOWS\admintxt.txt - Deleted
C:\WINDOWS\system32\dlha\mstask32.com - Deleted
C:\WINDOWS\system32\ipv6monl.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 19:04:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 9


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*i sabled:LEXPPS.EXE"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:IE6"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*isabled:Ares"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*isabled:AIM"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Mon 1 Jan 2007 88 ..SHR --- "C:\WINDOWS\system32\324A749AC3.sys"
Mon 12 Nov 2007 56 ..SHR --- "C:\WINDOWS\system32\C39A744A32.sys"
Mon 12 Nov 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 20 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 15 Aug 2007 19,968 ...H. --- "C:\Documents and Settings\Cory\My Documents\~WRL0003.tmp"
Tue 1 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 13 Mar 2007 362,264 A..H. --- "C:\Documents and Settings\Cory\Local Settings\Temp\AutoDetect.exe"
Sat 11 Mar 2006 33,792 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL0989.tmp"
Sat 11 Mar 2006 34,304 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL1555.tmp"
Sat 11 Mar 2006 33,792 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL1801.tmp"
Sat 11 Mar 2006 33,792 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL2338.tmp"
Sat 11 Mar 2006 33,792 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL2410.tmp"
Sat 11 Mar 2006 34,304 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL3006.tmp"
Sat 11 Mar 2006 19,456 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL3013.tmp"
Sat 11 Mar 2006 33,792 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL3158.tmp"
Thu 9 Mar 2006 37,888 ...H. --- "C:\Documents and Settings\David\My Documents\class\~WRL3696.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR421.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR423.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR425.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR427.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR429.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR42B.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR42D.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR457.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR459.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR45B.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR45E.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR461.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR463.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR465.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR467.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR469.tmp"
Thu 5 Jan 2006 1,409 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\FOR46B.tmp"
Thu 5 Jan 2006 10,564 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR420.tmp"
Thu 5 Jan 2006 12,340 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR422.tmp"
Thu 5 Jan 2006 12,904 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR424.tmp"
Thu 5 Jan 2006 12,048 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR426.tmp"
Thu 5 Jan 2006 10,688 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR428.tmp"
Thu 5 Jan 2006 10,004 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR42A.tmp"
Thu 5 Jan 2006 10,760 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR42C.tmp"
Thu 5 Jan 2006 30,004 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR456.tmp"
Thu 5 Jan 2006 33,012 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR458.tmp"
Thu 5 Jan 2006 43,044 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR45A.tmp"
Thu 5 Jan 2006 22,028 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR45D.tmp"
Thu 5 Jan 2006 10,564 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR460.tmp"
Thu 5 Jan 2006 12,904 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR462.tmp"
Thu 5 Jan 2006 12,048 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR464.tmp"
Thu 5 Jan 2006 12,340 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR466.tmp"
Thu 5 Jan 2006 10,004 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR468.tmp"
Thu 5 Jan 2006 10,760 ...H. --- "C:\Documents and Settings\Patricia\Local Settings\Temp\ZTR46A.tmp"
Fri 19 Jan 2007 2,928 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Sat 4 Aug 2007 20,992 ...H. --- "C:\Documents and Settings\Cory\Application Data\Microsoft\Word\~WRL0003.tmp"
Sun 12 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Cory\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 17 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Cory\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 21 Oct 2006 107 A..H. --- "C:\Documents and Settings\Cory\Local Settings\Temp\Free Download Manager\tic19F.tmp"
Sat 14 Oct 2006 234 A..H. --- "C:\Documents and Settings\Cory\Local Settings\Temp\Free Download Manager\tic451.tmp"
Sat 14 Oct 2006 686 A..H. --- "C:\Documents and Settings\Cory\Local Settings\Temp\Free Download Manager\tic456.tmp"
Sat 9 Sep 2006 28,160 ...H. --- "C:\Documents and Settings\David\Application Data\Microsoft\Word\~WRL2948.tmp"
Sun 20 Nov 2005 4,348 A..H. --- "C:\Documents and Settings\Cory\My Documents\My Music\other\License Backup\drmv1key.bak"
Tue 16 May 2006 20 A..H. --- "C:\Documents and Settings\Cory\My Documents\My Music\other\License Backup\drmv1lic.bak"
Sun 20 Nov 2005 400 A.SH. --- "C:\Documents and Settings\Cory\My Documents\My Music\other\License Backup\drmv2key.bak"
Mon 19 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 19 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 19 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Sat 19 Nov 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Tue 18 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4(2)\lock.tmp"

Finished!

And this is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:35 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Cory\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AIM6\anotify.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [7c03cf4c] rundll32.exe "C:\WINDOWS\system32\mjdqsccg.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM7f30fcd0] Rundll32.exe "C:\WINDOWS\system32\gqmrfedb.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Intel Audio Studio V2.0] C:\WINDOWS\fmideploy.exe
O4 - HKCU\..\Run: [Audio Studio V2.8] C:\WINDOWS\flsmontr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Cory\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [IntelliMouse Explorer V2.3] C:\WINDOWS\netpefr32.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.9x] C:\WINDOWS\cabview32.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6922 bytes
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
26-Mar-2008, 06:40 PM #6
Hi, Good....please do what is below:

Note: it is very important that you turn off the protective programs as it says, so do go to the link, and do what it says...


COMBO FIX:
Please read all through the info so you know what will be done.
Here are directions etc but I also have them below:
http://www.bleepingcomputer.com/comb...o-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------

  3. Double click on combofix.exe & follow the prompts.
  4. When finished, it will produce a report for you.
  5. Please post the "C:\ComboFix.txt" in your next reply..And, after you are done posting the log from ComboFix....run Hijackthis again, Scan and Save a Log....post the brand new log
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
_ _ _ _ _ _ _
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
26-Mar-2008, 11:59 PM #7
Here's the ComboFix log:

ComboFix 08-03-25.4 - Administrator 2008-03-26 22:26:31.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.131 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\Cory\Application Data\ShoppingReport
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Cory\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Patricia\Application Data\ShoppingReport
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Patricia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\newdotnet
C:\Program Files\newdotnet\newdotnet7_14(2).dll
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\spysheriff
C:\Program Files\spysheriff\base.avd
C:\Program Files\spysheriff\base001.avd
C:\Program Files\spysheriff\base002.avd
C:\Program Files\spysheriff\found.wav
C:\Program Files\spysheriff\heur000.dll
C:\Program Files\spysheriff\heur001.dll
C:\Program Files\spysheriff\heur002.dll
C:\Program Files\spysheriff\heur003.dll
C:\Program Files\spysheriff\notfound.wav
C:\Program Files\spysheriff\removed.wav
C:\Program Files\spysheriff\SpySheriff.dvm
C:\Program Files\spysheriff\SpySheriff.exe
C:\Program Files\spysheriff\Uninstall.exe
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1189116244.old
C:\Program Files\WinBudget\bin\matrix.dll.1189116241.old
C:\Program Files\yazzle sudoku
C:\WINDOWS\BM7f30fcd0.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\audellku.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\emclckmh.dll
C:\WINDOWS\system32\eptimedc.dll
C:\WINDOWS\system32\fiyxvwmj.dll
C:\WINDOWS\system32\gqmrfedb.dll
C:\WINDOWS\system32\ieouwlxa.dll
C:\WINDOWS\system32\ingseldo.dll
C:\WINDOWS\system32\iqburmnc.dll
C:\WINDOWS\system32\odlesgni.ini
C:\WINDOWS\system32\qommnmj.dll
C:\WINDOWS\system32\roaaagro.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\rvcptknk.dll
C:\WINDOWS\system32\srdgaxdc.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\xwvolfow.dll
C:\WINDOWS\system32\yayyxyv.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 20:18 . 2008-03-26 20:18 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-25 19:16 . 2008-03-26 22:39 231,424 --a------ C:\WINDOWS\idmparse32.dll
2008-03-25 19:16 . 2008-03-26 22:39 17,920 --a------ C:\WINDOWS\dmsynth.dll
2008-03-24 16:37 . 2008-03-24 16:37 1,577,785 ---hs---- C:\WINDOWS\system32\gccsqdjm.ini
2008-03-24 15:50 . 2008-03-24 15:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-24 15:44 . 2008-03-25 19:14 <DIR> d-------- C:\SDFix
2008-03-23 19:25 . 2008-03-23 19:25 268 --ah----- C:\sqmdata10.sqm
2008-03-23 19:25 . 2008-03-23 19:25 244 --ah----- C:\sqmnoopt10.sqm
2008-03-23 16:29 . 2008-03-23 16:29 1,543,159 ---hs---- C:\WINDOWS\system32\whtgapdr.ini
2008-03-23 14:51 . 2008-03-23 14:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 13:01 . 2008-03-23 13:01 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-03-23 12:44 . 2008-03-23 12:44 244 --ah----- C:\sqmnoopt09.sqm
2008-03-23 12:44 . 2008-03-23 12:44 232 --ah----- C:\sqmdata09.sqm
2008-03-23 12:43 . 2008-03-23 12:43 244 --ah----- C:\sqmnoopt08.sqm
2008-03-23 12:43 . 2008-03-23 12:43 232 --ah----- C:\sqmdata08.sqm
2008-03-22 23:02 . 2008-03-25 06:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-22 22:39 . 2005-09-19 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-22 22:39 . 2005-09-19 09:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-22 22:39 . 2005-09-19 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-03-13 22:55 . 2008-03-13 22:55 268 --ah----- C:\sqmdata07.sqm
2008-03-13 22:55 . 2008-03-13 22:55 244 --ah----- C:\sqmnoopt07.sqm
2008-03-13 22:46 . 2008-03-13 22:46 <DIR> d-------- C:\Documents and Settings\Patricia\Application Data\x3watch
2008-03-13 22:46 . 2008-03-13 22:47 <DIR> d-------- C:\Documents and Settings\Patricia\Application Data\AVG7
2008-03-05 22:29 . 2008-03-25 19:20 <DIR> d-------- C:\Documents and Settings\Cory\Application Data\AVG7
2008-03-05 22:27 . 2008-03-05 22:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-05 22:25 . 2008-03-05 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 22:25 . 2008-03-06 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 18:54 . 2008-03-05 22:46 1,307,488 ---hs---- C:\WINDOWS\system32\pbgmvoov.ini
2008-03-05 16:31 . 2008-03-05 18:49 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-02 04:06 . 2008-03-02 04:08 <DIR> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\x3watch
2008-03-05 19:30 4 ----a-w C:\KLSA.DAT
2008-02-23 23:32 --------- d-----w C:\Program Files\X3watch
2008-02-23 22:35 --------- d-----w C:\Documents and Settings\David\Application Data\x3watch
2008-02-22 14:35 249,856 ----a-w C:\WINDOWS\cabview32.exe
2008-02-07 21:53 --------- d-----w C:\Documents and Settings\Cory\Application Data\SQLX3
2008-02-07 20:52 559,104 ----a-w C:\WINDOWS\click.dll
2008-02-04 04:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 04:02 --------- d-----w C:\Program Files\Symantec
2007-01-26 03:12 1,443,213 -c--a-w C:\Documents and Settings\LocalService\Application Data\Install.dat
2005-11-19 22:54 2,855,080 -c--a-w C:\Program Files\aawsepersonal.exe
2005-11-19 22:46 1,541,704 -c--a-w C:\Program Files\aresregular188_installer.exe
2005-11-19 22:40 8,715,352 -c--a-w C:\Program Files\Install_AIM.exe
2005-11-19 22:36 9,352,392 -c--a-w C:\Program Files\Install_MSN_Messenger.exe
2007-01-01 23:48 88 --sh--r C:\WINDOWS\system32\324A749AC3.sys
2007-11-13 01:16 56 --sh--r C:\WINDOWS\system32\C39A744A32.sys
2007-11-13 01:16 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Audio Studio V2.8"="C:\WINDOWS\flsmontr.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"LxrAutorun"="C:\Documents and Settings\Cory\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2006-11-09 11:00 24576]
"IntelliMouse Explorer V2.3"="C:\WINDOWS\netpefr32.exe" [ ]
"Legacy VGA Drivers V1.0"="C:\WINDOWS\certproc32.exe" [ ]
"Legacy VGA Drivers V1.9x"="C:\WINDOWS\cabview32.exe" [2008-02-22 10:35 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 01:22 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" [2007-09-28 09:50 299008]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 22:26 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 22:26 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-19 09:59:12 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 16:00:00 65588]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 16:00:00 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= C:\\Program Files\\Internet Explorer\\iexplore.exe
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-12-14 09:37]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{17f8e1b9-60c6-11dc-a339-00038a000015}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Audio Studio V2.8]
C:\WINDOWS\flsmontr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3]
C:\WINDOWS\netpefr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.9x]
C:\WINDOWS\cabview32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 19:41:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-10 05:33:56 C:\WINDOWS\Tasks\New Task.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 22:39:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-26 22:49:10 - machine was rebooted [Cory]
ComboFix-quarantined-files.txt 2008-03-27 02:49:04
.
2008-03-12 07:04:42 --- E O F ---

And here's the newest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54, on 2008-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5196 bytes
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
27-Mar-2008, 12:12 AM #8
Hi,

Back in my first reply, was this:
Quote:
don't forget this second part

Please also do this:
  • Open Hijack This and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button.
  • Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
  • Copy and paste that list here in your reply

You didn't post that list, please do so.
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
27-Mar-2008, 05:19 PM #9
sorry, about that, here you go:

Adobe Flash Player ActiveX
Adobe Shockwave Player
AIM 6
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
AVG 7.5
BitTorrent 4.2.2
Broadcom Management Programs
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 3.1
EarthLink setup files
eMusic Download Manager 3.0
FaxTools
FoneSync
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro Studio, Dell Editon
Lexmark 1200 Series
Lexmark Z600 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NetZeroInstallers
Opera 9.0
Qualxserve Service Agreement
QuickTime
RealPlayer
Rhapsody Player Engine
Screensavers Installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
X3watch 5.0.5
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
27-Mar-2008, 08:46 PM #10
Hi,

Need to have you have the files shown below scanned at the site shown - takes just seconds to scan one file at a time.

Go to > http://virusscan.jotti.org/ and use the Browse button there...you just navigate to the location of the file, one at a time, and when you find it, click on it once to highlight it...don't run it....and the path to it will show up in the Jotti scan window. Then just click on the "Submit" button to upload the file to them for the quick scan....

Copy and paste the results for each file scanned....

C:\WINDOWS\idmparse32.dll
C:\WINDOWS\system32\pbgmvoov.ini
C:\WINDOWS\cabview32.exe
C:\WINDOWS\netpefr32.exe
C:\WINDOWS\click.dll
C:\Program Files\aresregular188_installer.exe
C:\WINDOWS\system32\Drivers\toywdm.sys



After that we can get finished, hopefully.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
28-Mar-2008, 09:20 PM #11
confused about last post...
Um, I couldn't find some of them... I found something in my AVG virus vault that looked like idmparse32.dll, but I'm not quite sure what to do. Anyway, here are the ones I can find. Do you know where I need to look for the others?

C:\WINDOWS\cabview32.exe

Scan taken on 28 Mar 2008 23:44:45 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.Agent.kfq.1
ArcaVir Found Trojan.Downloader.Agent.Kfq
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Agent.Delf.GY
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found BackDoor.Weby
F-Prot Antivirus Found Possibly a new variant of W32/MalwareHiderPatched-based!Maximus
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.kfq
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.kfq
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/Agent.EXBW
Panda Antivirus Found Bck/Weby.A
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.Agent.kfq

C:\WINDOWS\click.dll

Scan taken on 29 Mar 2008 00:07:01 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Win32.Trojan-Downloader (probable variant)


C:\Program Files\aresregular188_installer.exe

Scan taken on 29 Mar 2008 00:07:37 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
28-Mar-2008, 11:51 PM #12
Hi, Can you simply type or copy the filepath, with the filename showing, here, from the AVG results?

You have to have these settings to be able to see hidden, system, and all files:

Quote:
Because XP will not always show you hidden files and folders by default, Go to Start > Search>Files and Folders>> and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Use the list from before, and look again, have them scanned, post results.
Last edited by Byteman; 28-Mar-2008 at 11:56 PM..
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
29-Mar-2008, 12:39 PM #13
a little bit better
Ok, I was able to type the results for idmparse32.dll, and I found pbgmvoov.ini. However, the other two are still MIA. I'm not sure what to do.

C:\WINDOWS\idmparse32.dll (From AVG virus Vault Object Details)

Object name idmparse32.dll
Object path C:\WINDOWS\
Discovery Trojan horse Downloader.Agent.ACUQ
Date of detection 2008-03-14 21:56
Source Computer DH6VFJ81
Finder Cory
File size 226 KB (231424 bytes)
Healable No
Source Moved Object
Status Infected

C:\WINDOWS\system32\pbgmvoov.ini

Scan taken on 29 Mar 2008 15:12:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


C:\WINDOWS\cabview32.exe

Scan taken on 28 Mar 2008 23:44:45 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.Agent.kfq.1
ArcaVir Found Trojan.Downloader.Agent.Kfq
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Agent.Delf.GY
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found BackDoor.Weby
F-Prot Antivirus Found Possibly a new variant of W32/MalwareHiderPatched-based!Maximus
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.kfq
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.kfq
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/Agent.EXBW
Panda Antivirus Found Bck/Weby.A
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.Agent.kfq

C:\WINDOWS\netpefr32.exe

still unable to find

C:\WINDOWS\click.dll

Scan taken on 29 Mar 2008 00:07:01 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Win32.Trojan-Downloader (probable variant)


C:\Program Files\aresregular188_installer.exe

Scan taken on 29 Mar 2008 00:07:37 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

C:\WINDOWS\system32\Drivers\toywdm.sys

still unable to find
the mitchness's Avatar
Computer Specs
Junior Member with 18 posts.
  
Join Date: Mar 2008
Location: Erie, PA
Experience: Advanced
29-Mar-2008, 09:45 PM #14
Give it the three finger salute. Ctrl+alt+del. Click on the performance tab. Is something being ran using 100% of your processor and not letting up on it? If so, check the tab before performance and see what program is hogging if anything is hogging resources
on_fire26's Avatar
Junior Member with 13 posts.
  
Join Date: Mar 2008
Experience: Beginner
29-Mar-2008, 10:49 PM #15
nope, it's actually a really low percentage... the highest it went up to was 17%.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 07:40 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.