1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No volume after finding a worm

Discussion in 'Virus & Other Malware Removal' started by Bluevelvet, Sep 1, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Bluevelvet

    Bluevelvet Thread Starter

    Joined:
    Sep 1, 2008
    Messages:
    6
    Hi ! I am experiencing a problem with no volume. I am currently using my roommates PC> It has had 3 owners now. It started last week with Widow updates now telling us we might have Counterfeit Windows, and none of the update will download now. Basically Windows is useless and we do not have the CD from original installation. But now I have no sound. I live rural so there is no TV and I was going bonkers and went to Hulu TV site and was going to watch a Movie ( I have many times with no issues) then all the sudden I was getting a lot of POP Up Blockers then the next thing I know I have no sound. I have AVG 7.5 and it found and contained the worm "Worm/Audiet Cev on C:/ System Volume information restore". I am at a complete loss as to what to do. I have tries unsuccessfully to down load stuff to help then to only uninstall it, I tried to do a System restore and that has been very unsuccessful. I feel I have a double edged problem here with the sound and Windows. Is one affecting the other? I just have to resolve this or I will freak out. There is nothing to do and I can only watch one of 15 Cd's for so long. Hope you can help resolve my crisis along with yours. This comp says View Sonic on it, what ever brand that is and it is using Windows XP Professional and we use Firefox. Hope you sound issue is resolved soon. Thanks for any help you can give!
    God Bless
    Cher
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,902
    Hiya and welcome to Tech Support Guy :)

    Are you still having this problem? If so, lets have a look at a HijackThis log:

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Regards

    eddie
     
  3. Bluevelvet

    Bluevelvet Thread Starter

    Joined:
    Sep 1, 2008
    Messages:
    6
    Thanks for answering my post. I have tried everything I can find. I have been trouble with Windows for some time now ans talked to Windows Customer Service, they sent me two plugins and neither works for beans. They gave me another link in case that doesn't work and that link no longer exists. That was 3 days ago. Windows people say we might have counterfeit Windows, We have explained that we are 3 owners and have no disc. Every time we try something it seems to just get worse. It is just volume with we had fine until worm came. Also I still have all the virus information still contained in Avg 7.7 history.. Should I delete it? I have been saving it as it is my referal to error we recieved. Thanks for any help you can give, it is so deeply appricated.
    Cher


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:50 AM, on 9/10/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\lxcgcoms.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgPSWX.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Desktop\WGAPluginInstall(5).exe
    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 4133 bytes
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,902
    We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
    Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
    Apply the update, reboot, and post a fresh Hijack This log.

    Regards

    eddie
     
  5. Bluevelvet

    Bluevelvet Thread Starter

    Joined:
    Sep 1, 2008
    Messages:
    6
    Hi Eddie!!!!
    Ran what you said then came and saw something from MS that said something about a Validation Key and Blah! I am so lost, aI am getting nothing but bad news everywhere I turn. If I can resolve this isue I would be so happy, just to unload one thing from my weary mind. Thanks so much for all you are trying to do to help, it is deeply appricated!
    BV


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:56:42 PM, on 9/10/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\lxcgcoms.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 3957 bytes
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,902
    We really need Service Pack 1 installed, to help further:


    Please run the MGA Diagnostic Tool and post back the report it shall produce:
    1. Download MGADiag to your desktop.
    2. Double-click on MGADiag.exe to launch the program
    3. Click "Continue"
    4. Ensure that the "Windows" tab is selected (it should be by default).
    5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    6. Paste the MGA Diagnostic Report back here in your next reply.

    eddie
     
  7. Bluevelvet

    Bluevelvet Thread Starter

    Joined:
    Sep 1, 2008
    Messages:
    6
    Hi Eddie
    I downloaded the link you gave and got to the part where you click copy. Which I do and nothing happens. Doesn't go to clipboard. notepad or anything. I can't copy and paste it. Won't let me print it out so I am guess I best write is down ver batem and type it all in by hand. So should have that done by Xmas.:( Okey dokey I will have at it!!!! :p Thanks:)

    BV
     
  8. Bluevelvet

    Bluevelvet Thread Starter

    Joined:
    Sep 1, 2008
    Messages:
    6
    Eddie this is it typed as it is displayed.:)

    Validation info

    Validation Status: Blocked VLK
    Validation Code: 3
    Online Validation Code: 3
    Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
    Product Key Hash: RVvFclZMdQfJLyDpZteolhaqicQ=
    Product ID: 55274-640-0000356-23113
    Product ID Type: 1- Volume
    Windows 0S Version- 5.1.2600.2.00010100.0.0.pro
    OSVLK Server: N/A
    OSVLK PID: N/A
    ID: {1COA162A-DF57-47C9-8CBF-9200AC11F747} (3)
    Administrator: Yes
    Test Cab: 0x0
    WGA Version: Registered, 1.7.18.7
    Signed By: Microsoft
    Product Name: N/A
    Architecture & Build: N/A N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1
    Resolution Status: N/A

    Note: The Last entry "Resolution Status" was in faded text but I added it just in case!:eek:

    Thanks Eddie! You are a doll!
    BV
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,902
    Your computer has a Volume Licensing edition of XP Pro installed and that installation was done with a now-blocked Volume Licensing Key See line 2: Validation Status: Blocked VLK

    VLKs are blocked by Microsoft at the request of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, ie, more installations of XP using that key than authorized.

    A "Blocked VLK" is a Volume License Key that is valid, but was licensed solely to a corporation or larger enterprise/business. Blocked VLK's are Product Keys that Microsoft has received consent from the original owner to block usage of. A VL Product Key is non-transferrable to individuals.


    You can get more information here: http://www.microsoft.com/genuine/downloads/faq.aspx#Question5Label

    I'm sorry but we cannot help with pirated software. You need to buy a valid copy of the OS and reformat your computer. If you report this person to Microsoft, they may help you out with a reduced price.

    In view of the above, I have no choice but to close this thread.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/746016

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice