Hi jdumond3,

Welcome to DCF!

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New HijackThis log.

Thanks for your response. I tried running combofix and it sadi I have an incompatible OS even though I have XP SP2. Any ideas as to what happened?

jdumond3,

 

Delete that version of Combofix and download the latest from the link. Combofix's author is constantly updating the program, so the latest upload might have that bug fixed.

 

If it still doesn't work, I will ask Combofix's author what could be causing the error message and we will go from there. 

Well, I downloaded it from the in the tutorial, but I still get the same problem.

Let's try this for now:

Go HERE and download File Lister.

• Save it to your Desktop
  
  Rt Click ->> Extract all ->> And extract it to your Desktop
  
  Additional help on extracting zip files can be found HERE
  
  Open the File Lister Folder.
  
  Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  
  As the program runs, it will appear that nothing is happening.
  
  When the program is finished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

I'm sorry for all the posts. It kept getting an error message that the log was too big. I couldn't find anyway to attach the file.

It says It is OK nothing found

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\system32\awdkxjjp.ini
* Click Open
* Please let me know the results.

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======


====== Folders under "\Program Files" Last 30 Days======

8/18/2008 7:06:05 PM    32437598    C:\Program Files\AVG
8/18/2008 7:06:05 PM    32437598    C:\Program Files\AVG\AVG8
8/18/2008 7:06:05 PM    493406    C:\Program Files\AVG\AVG8\Firefox
8/18/2008 7:06:05 PM    68372    C:\Program Files\AVG\AVG8\Firefox\Chrome
8/18/2008 7:06:05 PM    423708    C:\Program Files\AVG\AVG8\Firefox\Components
8/18/2008 7:06:05 PM    40376    C:\Program Files\AVG\AVG8\Icons
8/18/2008 7:06:05 PM    488317    C:\Program Files\AVG\AVG8\ToolbarFF
8/18/2008 7:06:05 PM    399081    C:\Program Files\AVG\AVG8\ToolbarFF\Chrome
8/18/2008 7:06:05 PM    32505    C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache
8/18/2008 7:06:05 PM    87899    C:\Program Files\AVG\AVG8\ToolbarFF\Components
8/18/2008 7:06:05 PM    83611    C:\Program Files\AVG\AVG8\ToolbarIEcache
7/21/2008 4:28:59 PM    7230697    C:\Program Files\DiskInternals
7/21/2008 4:28:59 PM    7230697    C:\Program Files\DiskInternals\Uneraser
7/21/2008 4:28:59 PM    22679    C:\Program Files\DiskInternals\Uneraser\lng
7/29/2008 5:37:02 PM    210582    C:\Program Files\EAGLE-4.09r2
7/29/2008 5:37:02 PM    990    C:\Program Files\EAGLE-4.09r2\bin
7/29/2008 5:37:03 PM    209592    C:\Program Files\EAGLE-4.09r2\projects
7/29/2008 5:37:31 PM    209592    C:\Program Files\EAGLE-4.09r2\projects\GPS
7/29/2008 6:02:17 PM    83473800    C:\Program Files\EAGLE-4.16r2
7/30/2008 11:28:07 PM    40128    C:\Program Files\EAGLE-4.16r2\backup.001
7/29/2008 6:02:17 PM    12511533    C:\Program Files\EAGLE-4.16r2\bin
7/30/2008 11:28:07 PM    4325561    C:\Program Files\EAGLE-4.16r2\bin\backup.001
7/29/2008 6:02:18 PM    32632    C:\Program Files\EAGLE-4.16r2\cam
7/30/2008 11:28:08 PM    16316    C:\Program Files\EAGLE-4.16r2\cam\backup.001
7/29/2008 6:02:18 PM    305502    C:\Program Files\EAGLE-4.16r2\doc
7/30/2008 11:28:08 PM    152751    C:\Program Files\EAGLE-4.16r2\doc\backup.001
7/29/2008 6:02:18 PM    8674    C:\Program Files\EAGLE-4.16r2\dru
7/30/2008 11:28:08 PM    4337    C:\Program Files\EAGLE-4.16r2\dru\backup.001
7/29/2008 6:02:18 PM    55740848    C:\Program Files\EAGLE-4.16r2\lbr
7/30/2008 11:28:08 PM    27868864    C:\Program Files\EAGLE-4.16r2\lbr\backup.001
7/29/2008 6:02:21 PM    10154940    C:\Program Files\EAGLE-4.16r2\projects
7/30/2008 11:28:27 PM    279    C:\Program Files\EAGLE-4.16r2\projects\backup.001
7/29/2008 6:02:21 PM    2003492    C:\Program Files\EAGLE-4.16r2\projects\examples
7/30/2008 11:28:27 PM    94    C:\Program Files\EAGLE-4.16r2\projects\examples\backup.001
7/29/2008 6:02:21 PM    273718    C:\Program Files\EAGLE-4.16r2\projects\examples\hexapod
7/30/2008 11:28:27 PM    136859    C:\Program Files\EAGLE-4.16r2\projects\examples\hexapod\backup.001
7/29/2008 6:02:21 PM    273096    C:\Program Files\EAGLE-4.16r2\projects\examples\singlesided
7/30/2008 11:28:27 PM    136548    C:\Program Files\EAGLE-4.16r2\projects\examples\singlesided\backup.001
7/29/2008 6:02:22 PM    1456490    C:\Program Files\EAGLE-4.16r2\projects\examples\tutorial
7/30/2008 11:28:27 PM    728245    C:\Program Files\EAGLE-4.16r2\projects\examples\tutorial\backup.001
7/29/2008 6:05:06 PM    2782941    C:\Program Files\EAGLE-4.16r2\projects\gps
7/30/2008 12:49:33 AM    1664802    C:\Program Files\EAGLE-4.16r2\projects\GPS2
7/30/2008 11:37:05 PM    3697897    C:\Program Files\EAGLE-4.16r2\projects\New_Project_1
8/4/2008 1:52:12 AM    5250    C:\Program Files\EAGLE-4.16r2\projects\New_Project_2
7/29/2008 6:02:22 PM    17928    C:\Program Files\EAGLE-4.16r2\scr
7/30/2008 11:28:28 PM    8964    C:\Program Files\EAGLE-4.16r2\scr\backup.001
7/29/2008 6:02:23 PM    4587140    C:\Program Files\EAGLE-4.16r2\ulp
7/30/2008 11:28:28 PM    2293570    C:\Program Files\EAGLE-4.16r2\ulp\backup.001
7/31/2008 4:59:21 PM    7748559    C:\Program Files\eagle3d
7/31/2008 4:59:21 PM    242    C:\Program Files\eagle3d\doc
7/31/2008 4:59:21 PM    6400710    C:\Program Files\eagle3d\examples
7/31/2008 4:59:21 PM    835874    C:\Program Files\eagle3d\povray
7/31/2008 4:59:22 PM    511733    C:\Program Files\eagle3d\ulp
8/6/2008 8:18:54 PM    6381875    C:\Program Files\Lavasoft
8/6/2008 8:18:54 PM    6381875    C:\Program Files\Lavasoft\Ad-Aware
8/6/2008 8:18:55 PM    2146934    C:\Program Files\Lavasoft\Ad-Aware\Help
8/6/2008 8:18:56 PM    709483    C:\Program Files\Lavasoft\Ad-Aware\Lang
8/6/2008 8:18:56 PM    3498834    C:\Program Files\Lavasoft\Ad-Aware\Skin
7/31/2008 4:50:53 PM    841141    C:\Program Files\POV-Ray for Windows v3.6
7/31/2008 4:50:53 PM    835874    C:\Program Files\POV-Ray for Windows v3.6\include
7/31/2008 4:50:53 PM    5267    C:\Program Files\POV-Ray for Windows v3.6\renderer
7/31/2008 4:51:00 PM    5267    C:\Program Files\POV-Ray for Windows v3.6\renderer\rerun
8/6/2008 8:18:06 PM    3095712    C:\Program Files\Spybot - Search & Destroy
7/21/2008 4:25:19 PM    804298    C:\Program Files\Sure Delete
8/19/2008 8:22:31 PM    405288    C:\Program Files\Trend Micro
8/19/2008 8:22:31 PM    405288    C:\Program Files\Trend Micro\HijackThis
7/21/2008 3:01:41 PM    0    C:\Program Files\UnPacker

====== Files under "\System32\Drivers" Last 30 Days======

8/18/2008 7:06:26 PM    96520    32    C:\WINDOWS\system32\drivers\avgldx86.sys
8/18/2008 7:06:24 PM    26824    32    C:\WINDOWS\system32\drivers\avgmfx86.sys
8/18/2008 7:06:29 PM    76040    32    C:\WINDOWS\system32\drivers\avgtdix.sys
7/29/2008 7:41:03 PM    167976    0    C:\WINDOWS\system32\drivers\core.cache.dsk
7/31/2008 9:57:19 AM    26368    33    C:\WINDOWS\system32\drivers\RimSerial.sys
7/31/2008 9:57:50 AM    25736    32    C:\WINDOWS\system32\drivers\swmsflt.sys

====== Files under "\User\Local Settings\Temp" Last 30 Days======

8/18/2008 7:06:39 PM    65350    32    C:\Documents and Settings\Jesse\Local Settings\Temp\avg8inst.log
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b120x240.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b120x600.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b120x90.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b125x125.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b160x600.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b180x150.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b234x60.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b240x400.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b250x250.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b300x100.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b300x250.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b336x280.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b468x60.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b720x300.tmp
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\b728x90.tmp
8/18/2008 9:22:51 PM    274432    32    C:\Documents and Settings\Jesse\Local Settings\Temp\eauninstall.exe
8/21/2008 9:52:55 AM    0    34    C:\Documents and Settings\Jesse\Local Settings\Temp\etilqs_dOfXCSVi7yfYQZodcCO4
8/18/2008 3:29:45 PM    24600    34    C:\Documents and Settings\Jesse\Local Settings\Temp\etilqs_KSbPaNjs9LnVEOb0Yu2c
8/7/2008 9:00:56 PM    22371    32    C:\Documents and Settings\Jesse\Local Settings\Temp\eve.tmp
8/18/2008 9:22:51 PM    39056    32    C:\Documents and Settings\Jesse\Local Settings\Temp\filelist.txt
8/21/2008 10:58:50 AM    733787    32    C:\Documents and Settings\Jesse\Local Settings\Temp\fla267.tmp
8/18/2008 3:36:30 PM    866952    32    C:\Documents and Settings\Jesse\Local Settings\Temp\fla88.tmp
8/18/2008 9:27:17 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\java_install.log
8/18/2008 9:27:17 PM    920    32    C:\Documents and Settings\Jesse\Local Settings\Temp\java_install_reg.log
8/18/2008 9:26:37 PM    806    32    C:\Documents and Settings\Jesse\Local Settings\Temp\java_install_sp.log
8/18/2008 9:26:33 PM    9617    32    C:\Documents and Settings\Jesse\Local Settings\Temp\jinstall.cfg
8/7/2008 9:03:37 PM    7185    32    C:\Documents and Settings\Jesse\Local Settings\Temp\jusched.log
8/19/2008 5:36:50 PM    1452    32    C:\Documents and Settings\Jesse\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt
8/19/2008 5:55:31 PM    40398336    32    C:\Documents and Settings\Jesse\Local Settings\Temp\VSE850.MSI
8/19/2008 6:57:09 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\xx2
8/19/2008 6:57:09 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\xx3
8/19/2008 6:57:09 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\xx4
8/19/2008 6:57:09 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\xx5
8/19/2008 6:57:09 PM    0    32    C:\Documents and Settings\Jesse\Local Settings\Temp\xx6

====== Files and Folders under "All Users\Application Data" Last 30 Days======

7/31/2008 4:28:20 PM    1268    C:\Documents and Settings\All Users\Application Data\AT&T
7/31/2008 4:28:20 PM    1268    C:\Documents and Settings\All Users\Application Data\AT&T\Communication Manager
8/18/2008 7:06:05 PM    39942707    C:\Documents and Settings\All Users\Application Data\avg8
8/18/2008 7:06:05 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\admincli
8/18/2008 7:06:05 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\AvgAm
8/18/2008 7:06:05 PM    5917    C:\Documents and Settings\All Users\Application Data\avg8\Cfg
8/18/2008 7:06:05 PM    2787    C:\Documents and Settings\All Users\Application Data\avg8\emc
8/18/2008 7:06:37 PM    2787    C:\Documents and Settings\All Users\Application Data\avg8\emc\Log
8/18/2008 7:06:38 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue
8/18/2008 7:06:38 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\ACTIVE
8/18/2008 7:06:38 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\OUT
8/18/2008 7:06:38 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\TEMP
8/18/2008 7:06:05 PM    8247691    C:\Documents and Settings\All Users\Application Data\avg8\Log
8/18/2008 7:06:05 PM    984352    C:\Documents and Settings\All Users\Application Data\avg8\Lsdb
8/18/2008 7:06:05 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\Lsdb\Prev
8/18/2008 7:06:05 PM    54803    C:\Documents and Settings\All Users\Application Data\avg8\scanlogs
8/18/2008 7:06:05 PM    30647157    C:\Documents and Settings\All Users\Application Data\avg8\update
8/18/2008 7:07:51 PM    27783599    C:\Documents and Settings\All Users\Application Data\avg8\update\backup
8/18/2008 7:07:51 PM    2863558    C:\Documents and Settings\All Users\Application Data\avg8\update\download
8/18/2008 7:07:51 PM    0    C:\Documents and Settings\All Users\Application Data\avg8\update\prepare
8/6/2008 8:18:53 PM    6660963    C:\Documents and Settings\All Users\Application Data\Lavasoft
8/6/2008 8:18:53 PM    6660963    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware
8/6/2008 8:18:53 PM    17044    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\logs
8/6/2008 8:20:26 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\MiniMessage
7/30/2008 3:53:30 PM    19245963    C:\Documents and Settings\All Users\Application Data\Skype
7/30/2008 3:54:00 PM    647954    C:\Documents and Settings\All Users\Application Data\Skype\Pictures
7/30/2008 3:53:56 PM    300835    C:\Documents and Settings\All Users\Application Data\Skype\Plugins
7/30/2008 3:54:05 PM    36835    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache
7/30/2008 3:54:05 PM    21399    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\Categories
7/30/2008 3:54:05 PM    109814    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins
7/30/2008 3:54:05 PM    109814    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8
7/30/2008 3:54:05 PM    7540    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache
7/30/2008 3:54:01 PM    384854    C:\Documents and Settings\All Users\Application Data\Skype\Wallpapers
7/30/2008 3:53:30 PM    17912320    C:\Documents and Settings\All Users\Application Data\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
8/6/2008 8:18:06 PM    1504216281    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
8/6/2008 8:18:17 PM    17880566    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
8/6/2008 8:18:17 PM    1486335715    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
WormRadar.com IESiteBlocker.NavFilter

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
WormRadar.com IESiteBlocker.NavFilter

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}
WormRadar.com IESiteBlocker.NavFilter

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
WormRadar.com IESiteBlocker.NavFilter

====== Services ( Services that are Whitelisted are not shown) ======

 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto

 AVG Free8 E-mail Scanner (avg8emc) C:\PROGRA~1\AVG\AVG8\avgemc.exe  - Auto

 NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe  - Auto

 NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe  - Auto

 PnkBstrA (PnkBstrA) C:\WINDOWS\system32\PnkBstrA.exe  - Auto

 Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe  - Auto


====== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [776]   \SystemRoot\System32\smss.exe
csrss.exe   [828]  
winlogon.exe   [852]   winlogon.exe
services.exe   [948]   C:\WINDOWS\system32\services.exe
lsass.exe   [960]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [1148]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1196]  
svchost.exe   [1236]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [1332]  
svchost.exe   [1372]  
WLTRYSVC.EXE   [1564]   C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
BCMWLTRY.EXE   [1576]   C:\WINDOWS\System32\bcmwltry.exe
spoolsv.exe   [1636]   C:\WINDOWS\system32\spoolsv.exe
scardsvr.exe   [1700]  
AppleMobileDeviceService.exe   [1772]   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
avgwdsvc.exe   [1792]   C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
mDNSResponder.exe   [1808]   "C:\Program Files\Bonjour\mDNSResponder.exe"
btwdins.exe   [1848]   "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"
GoogleUpdaterService.exe   [1912]   "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
MDM.EXE   [2008]   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NicConfigSvc.exe   [208]   "C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe"
nvsvc32.exe   [256]   C:\WINDOWS\system32\nvsvc32.exe
PnkBstrA.exe   [276]   C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe   [328]   C:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe   [416]  
avgemc.exe   [2192]   C:\PROGRA~1\AVG\AVG8\avgemc.exe
avgrsx.exe   [2532]   avgrsx.exe
wmiprvse.exe   [2840]  
explorer.exe   [3072]   C:\WINDOWS\Explorer.EXE
alg.exe   [3264]  
rundll32.exe   [3856]   "C:\WINDOWS\system32\rundll32.exe" nvHotkey.dll,Start
jusched.exe   [3876]   "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
WLTRAY.EXE   [3892]   "C:\WINDOWS\system32\WLTRAY.exe"
stsystra.exe   [3900]   "C:\WINDOWS\stsystra.exe"
SynTPEnh.exe   [3908]   "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
DLACTRLW.EXE   [3916]   "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
issch.exe   [3932]   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
PCMService.exe   [3940]   "C:\Program Files\Dell\MediaDirect\PCMService.exe"
Corel Photo Downloader.exe   [3972]   "C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe"
iTunesHelper.exe   [280]   "C:\Program Files\iTunes\iTunesHelper.exe"
ctfmon.exe   [476]   "C:\WINDOWS\system32\ctfmon.exe"
msmsgs.exe   [664]   "C:\Program Files\Messenger\msmsgs.exe" /background
BTTray.exe   [1608]   "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
DLG.exe   [1224]   "C:\Program Files\Digital Line Detect\DLG.exe"
wuauclt.exe   [2092]   "C:\WINDOWS\system32\wuauclt.exe"
BTSTAC~1.EXE   [2304]   C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE -Embedding
iPodService.exe   [908]   "C:\Program Files\iPod\bin\iPodService.exe"
firefox.exe   [10320]   "C:\Program Files\Mozilla Firefox\firefox.exe"
wscript.exe   [9684]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Jesse\Desktop\FileLister\FileLister.vbe"
wmiprvse.exe   [11392]  

====== Uninstall List From Registry ======

Adobe Flash Player Plugin
Adobe Shockwave Player
AVG Free 8.0
Dell Wireless WLAN Card
Conexant HDA D110 MDC V.92 Modem
EAGLE 4.16r2
Google Updater
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
High Definition Audio Driver Package - KB835221
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Windows Media Player 10 Hotfix - KB894476
Hotfix for Windows XP (KB896256)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Hotfix for Windows XP (KB906569)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Update for Windows XP (KB912945)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914642)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937894)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
lcc-win32 version 3.2 (base system)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
MATLAB Student R2007a
Microsoft .NET Framework 1.1
Microsoft .NET Framework (English) v1.0.3705
Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205
Mozilla Firefox (3.0.1)
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
Adobe Flash Player 9 ActiveX
Sure Delete 5.1.1
Synaptics Pointing Device Driver
Viewpoint Media Player
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Imaging Component
WinAVR 20080512 (remove only)
WinAVR 20080512 (remove only)
Windows Media Format Runtime
Windows Media Player 10
Xbox 360 Controller for Windows
Roxio RecordNow Data
QuickTime
Roxio DLA
Google Earth
Roxio MyDVD LE
Broadcom Advanced Control Suite
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Norton Security Scan
URL Assistant
WIDCOMM Bluetooth Software
NetWaiting
Apple Mobile Device Support
Photosynth
Bonjour Core for Windows
Windows Live Messenger
Sonic Activation Module
Skype™ 3.6
Business Complete Care Services Agreement
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
Corel Snapfire Plus
Modem Helper
Visual J# .NET Redistributable Package
Microsoft Office Standard Edition 2003
OutlookAddinSetup
MediaDirect
iTunes
Roxio RecordNow Audio
Adobe Reader 7.0.9
Roxio RecordNow Copy
Microsoft .NET Framework (English)
Apple Software Update
MSXML 4.0 SP2 (KB936181)
QuickSet
Microsoft .NET Framework 1.1
AVRStudio4
Digital Line Detect

======== Other Info ========

TOTAL PHYSICAL RAM: 2146 MB

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+  By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>>  8/21/2008 11:08:43 AM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"NVHotkey"="rundll32.exe nvHotkey.dll,Start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"PCMService"="\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\""
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\Corel Photo Downloader.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BM1792d2e6"="Rundll32.exe \"C:\\WINDOWS\\system32\\vhksylgp.dll\",s"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"P2kAutostart"=""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Skype"="\"C:\\Program Files\\Skype\\\\Phone\\Skype.exe\" /nosplash /minimized"
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

8/18/2008 7:16:53 PM    4145710    C:\$AVG8.VAULT$
8/20/2008 5:54:45 PM    5982345    C:\327882R2FWJFW
7/23/2008 7:37:26 PM    97827    C:\AVR projects
7/23/2008 7:39:53 PM    97827    C:\AVR projects\TVBgone
7/23/2008 7:48:43 PM    6414    C:\AVR projects\TVBgone\programmingstuff
7/23/2008 7:49:28 PM    6414    C:\AVR projects\TVBgone\programmingstuff\tvbgone
8/20/2008 6:09:24 PM    11618916    C:\cmdcons
8/20/2008 6:09:43 PM    1177600    C:\cmdcons\system32
8/7/2008 6:34:06 PM    4029790    C:\Config.Msi
7/29/2008 7:40:56 PM    16537884    C:\Temp
7/29/2008 7:41:01 PM    49375    C:\Temp\1cb
7/29/2008 7:40:56 PM    1858    C:\Temp\epr1
7/29/2008 7:41:14 PM    0    C:\Temp\tn3
8/20/2008 6:09:52 PM    211    39    C:\BOOT.BAK
8/20/2008 5:54:53 PM    990    32    C:\Bug.txt
8/20/2008 6:09:47 PM    260272    7    C:\cmldr
8/21/2008 11:08:43 AM    0    32    C:\Files.txt
8/18/2008 3:47:42 PM    2145869824    38    C:\hiberfil.sys
8/7/2008 8:03:18 PM    2141    32    C:\rapport.txt
8/17/2008 9:09:48 PM    1465414    C:\WINDOWS\$NtUninstallKB944338-v2$
8/17/2008 9:09:48 PM    597062    C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst
8/17/2008 9:11:38 PM    709399    C:\WINDOWS\$NtUninstallKB946648$
8/17/2008 9:11:38 PM    626455    C:\WINDOWS\$NtUninstallKB946648$\spuninst
8/17/2008 9:11:27 PM    869788    C:\WINDOWS\$NtUninstallKB950974$
8/17/2008 9:11:27 PM    626588    C:\WINDOWS\$NtUninstallKB950974$\spuninst
8/17/2008 9:10:13 PM    1310159    C:\WINDOWS\$NtUninstallKB951066$
8/17/2008 9:10:13 PM    626639    C:\WINDOWS\$NtUninstallKB951066$\spuninst
8/17/2008 9:10:25 PM    687834    C:\WINDOWS\$NtUninstallKB951072-v2$
8/17/2008 9:10:25 PM    627418    C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst
8/17/2008 9:10:19 PM    958547    C:\WINDOWS\$NtUninstallKB952287$
8/17/2008 9:10:19 PM    626771    C:\WINDOWS\$NtUninstallKB952287$\spuninst
8/17/2008 9:11:43 PM    701011    C:\WINDOWS\$NtUninstallKB952954$
8/17/2008 9:11:43 PM    626771    C:\WINDOWS\$NtUninstallKB952954$\spuninst
8/17/2008 9:09:57 PM    13278017    C:\WINDOWS\$NtUninstallKB953838$
8/17/2008 9:09:57 PM    637761    C:\WINDOWS\$NtUninstallKB953838$\spuninst
8/17/2008 9:11:33 PM    1997189    C:\WINDOWS\$NtUninstallKB953839$
8/17/2008 9:11:33 PM    625029    C:\WINDOWS\$NtUninstallKB953839$\spuninst
8/20/2008 6:09:22 PM    0    C:\WINDOWS\setup.pss
8/20/2008 6:08:53 PM    121688    C:\WINDOWS\setupupd
8/20/2008 6:08:53 PM    121589    C:\WINDOWS\setupupd\temp
7/29/2008 7:41:27 PM    0    C:\WINDOWS\SmVzc2U
7/30/2008 12:52:05 AM    103300    32    C:\WINDOWS\BM1792d2e6.txt
7/30/2008 12:52:05 AM    111609    32    C:\WINDOWS\BM1792d2e6.xml
7/29/2008 9:15:43 PM    70    32    C:\WINDOWS\cookies.ini
8/20/2008 6:08:45 PM    178    32    C:\WINDOWS\DHCPUPG.LOG
7/31/2008 4:22:13 PM    27964    32    C:\WINDOWS\ie7Uninst.log
7/31/2008 4:24:58 PM    2452    32    C:\WINDOWS\iereseticons.log
8/17/2008 7:14:19 PM    12262    32    C:\WINDOWS\KB944338-v2.log
8/17/2008 9:11:37 PM    11729    32    C:\WINDOWS\KB946648.log
8/17/2008 7:14:38 PM    16649    32    C:\WINDOWS\KB950974.log
8/17/2008 9:10:12 PM    11127    32    C:\WINDOWS\KB951066.log
8/17/2008 7:14:35 PM    29719    32    C:\WINDOWS\KB951072-v2.log
8/17/2008 9:10:18 PM    11138    32    C:\WINDOWS\KB952287.log
8/17/2008 7:14:43 PM    17176    32    C:\WINDOWS\KB952954.log
8/17/2008 7:14:27 PM    36578    32    C:\WINDOWS\KB953838.log
8/17/2008 9:11:32 PM    10210    32    C:\WINDOWS\KB953839.log
7/31/2008 10:01:06 AM    4464    32    C:\WINDOWS\ModemLog_Standard Modem.txt
7/31/2008 4:32:10 PM    651    32    C:\WINDOWS\NLSDownlevelMappingUninst.log
7/29/2008 4:33:45 PM    299520    32    C:\WINDOWS\uninst.exe
8/20/2008 6:09:24 PM    264    32    C:\WINDOWS\UPGRADE.TXT
8/20/2008 6:08:43 PM    18137    32    C:\WINDOWS\WINNT32.LOG
8/20/2008 6:08:53 PM    51650    32    C:\WINDOWS\wsdu.log
7/29/2008 7:41:01 PM    152837    C:\WINDOWS\system32\dsr
7/29/2008 7:41:01 PM    0    C:\WINDOWS\system32\fonts
7/29/2008 7:40:56 PM    0    C:\WINDOWS\system32\kBin02
7/29/2008 7:41:01 PM    0    C:\WINDOWS\system32\vn3
7/29/2008 7:46:52 PM    0    32    C:\WINDOWS\system32\1f822504-.txt
8/18/2008 7:06:29 PM    10520    32    C:\WINDOWS\system32\avgrsstx.dll
7/29/2008 7:49:17 PM    1487803    6    C:\WINDOWS\system32\awdkxjjp.ini
8/18/2008 9:27:47 PM    135168    32    C:\WINDOWS\system32\java.exe
8/18/2008 9:27:47 PM    135168    32    C:\WINDOWS\system32\javaw.exe
8/18/2008 9:27:47 PM    139264    32    C:\WINDOWS\system32\javaws.exe
8/18/2008 9:27:29 PM    6587    32    C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
7/29/2008 7:46:03 PM    873787    38    C:\WINDOWS\system32\OWvEffii.ini
7/29/2008 7:46:03 PM    873787    38    C:\WINDOWS\system32\OWvEffii.ini2
7/31/2008 4:23:20 PM    230    32    C:\WINDOWS\system32\spupdsvc.inf
7/29/2008 7:44:47 PM    147456    32    C:\WINDOWS\system32\vbzip10.dll
7/30/2008 12:58:04 AM    1487854    6    C:\WINDOWS\system32\wmgimppv.ini

Nope it still won't run. smae error. I should probably tell you that I installed the Recovery Console from a disk I had. I don't know if this could be the problem. If it is sorry I didn't say earlier.

OK we will come back to that file.

 

For now, continue with the following:

 

 

Open HJT by navigating to your HijackThis folder and double clicking on HijackThis.exe. Select the second button entitled "Do a system scan only".
Now select the followng entries by placing a tick in the left hand check box


O4 - HKLM\..\Run: [BM1792d2e6] Rundll32.exe "C:\WINDOWS\system32\vhksylgp.dll",s
O20 - Winlogon Notify: iifcYSLd - iifcYSLd.dll (file missing)


Once you have selected all entries, close all running programs then click once on the "fix checked" button to clear the entries from your log.
----------------------------------------------------------------------------------------------

Download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\system32\vhksylgp.dll
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

 

Once your PC has rebooted, try to re-download Combofix and see if it will run. 

This is probably silly but the combo fix icon is different from the tutorial. This is just a newer version right?