Hi, the virus/trojan on my computer seems to have similar symptoms to others on this forum. I have the red "X" label on my C Drive and several hundred pos.tmp files. To fix this problem, I ran Vundofix.exe, HijackThis, and ComboFix as suggested in other posts. I have both the HijackThis and ComboFix logs saved if they are needed. Please let me know the next steps! Thanks for all your help!

you might want to try http://housecall.trendmicro.com. I'm not sure which virus it is. You might want to post your logs too just so we can have a look. Tech Alpha Computer Forums

Download the "HijackThis" Installer from this link: http://www.trendsecure.com/portal/e... 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Post Hijackthis Log in your next reply. *Do Safe Computing*

@Adii He already said he ran Hijack this and has the logs. Tech Alpha Computer Forums

Dear TheNerd, Logs result may changed randomly, So i need fresh Hijackthis log at the time when i require. Because Fresh Hijackthis log may be different than already saved log. *Do Safe Computing*

HIJACKTHIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:33:58 PM, on 3/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe D:\PROGRA~1\TRENDM~1\PcCtlCom.exe C:\WINDOWS\System32\svchost.exe D:\PROGRA~1\TRENDM~1\Tmntsrv.exe D:\PROGRA~1\TRENDM~1\TmPfw.exe D:\PROGRA~1\TRENDM~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\vVX3000.exe D:\Program Files\Trend Micro PC-cillin\pccguide.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Program Files\Trend Micro PC-cillin\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\PROGRA~1\TRENDM~1\PCCMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\User1\My Documents\My Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file) R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\USER1\Application Data\Mozilla\Profiles\default\34nlw33n.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\USER1\Application Data\Mozilla\Profiles\default\34nlw33n.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0DEEC962-E958-4796-84E5-4168BC28EB86} - (no file) O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll O2 - BHO: (no name) - {19F56DD8-9D24-469B-80F8-32F43621E573} - (no file) O2 - BHO: (no name) - {1B63B5CD-21B5-4347-B8EC-738A46C72355} - C:\Program Files\Internet Explorer\conav777444.dll O2 - BHO: (no name) - {20024841-EF95-46C0-B930-71C8DAA41CE4} - (no file) O2 - BHO: (no name) - {36c46ed3-78ba-4c90-aaa6-e2ab7d2e0e9f} - (no file) O2 - BHO: (no name) - {4032395E-3467-4AB2-BB8C-884C898FDA4F} - (no file) O2 - BHO: (no name) - {6706B1F3-F2C8-4EF7-BF3B-0657F8C18304} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {934DA88A-5276-4A35-BCE9-2103BE0A9E33} - (no file) O2 - BHO: (no name) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: (no name) - {BFAF14A8-834A-4B65-BD8C-3722C5ABBE8D} - (no file) O2 - BHO: (no name) - {C8612878-AB0D-4F72-AF9E-F7A058226118} - (no file) O2 - BHO: TChkBHO Class - {E8B9F80E-C8C1-4D52-A229-2F1F4F75084A} - C:\WINDOWS\system32\agske.dll O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro PC-cillin\pccguide.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [OE_OEM] "D:\Program Files\Trend Micro PC-cillin\TMAS_OE\TMAS_OEMon.exe" O4 - HKUS\S-1-5-19\..\Run: [CRACK] \WINDOWS\system32\config\crack.lnk (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CRACK] \WINDOWS\system32\config\crack.lnk (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CRACK] \WINDOWS\system32\config\crack.lnk (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CRACK] \WINDOWS\system32\config\crack.lnk (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:{document.location='http://neosexvideo.com/webmasters/df044/access.htm';} O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search &Dictionary - D:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - D:\Program files\Lexico\Toolbar\thesaurus.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (file missing) O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52... O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - http://sp.ask.com/docs/teoma/toolba... O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/too... O18 - Filter: text/plain - {9EA3D557-CB5B-4643-B532-8F92861BAF57} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\ctlllhb.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing) O23 - Service: Multimedia_Interface - Prism Microsystems, Inc. - C:\WINDOWS\system32\mm\aysshell.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\dicowu.html -- End of file - 11991 bytes

Please Disable Trend Micro PC-cillin and other Security Related softwares to avoid confliction. STEP: 1 Please run HijackThis again! and click "Scan." Place checks next to the following entries: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MicrosoftInternet Explorer R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (nofile) R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file) R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {0DEEC962-E958-4796-84E5-4168BC28EB86} - (no file) O2 - BHO: (no name) - {19F56DD8-9D24-469B-80F8-32F43621E573} - (no file) O2 - BHO: (no name) - {1B63B5CD-21B5-4347-B8EC-738A46C72355} - C:\ProgramFiles\Internet Explorer\conav777444.dll O2 - BHO: (no name) - {20024841-EF95-46C0-B930-71C8DAA41CE4} - (no file) O2 - BHO: (no name) - {36c46ed3-78ba-4c90-aaa6-e2ab7d2e0e9f} - (no file) O2 - BHO: (no name) - {4032395E-3467-4AB2-BB8C-884C898FDA4F} - (no file) O2 - BHO: (no name) - {6706B1F3-F2C8-4EF7-BF3B-0657F8C18304} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {934DA88A-5276-4A35-BCE9-2103BE0A9E33} - (no file) O2 - BHO: (no name) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - (no file) O2 - BHO: (no name) - {BFAF14A8-834A-4B65-BD8C-3722C5ABBE8D} - (no file) O2 - BHO: (no name) - {C8612878-AB0D-4F72-AF9E-F7A058226118} - (no file) O2 - BHO: TChkBHO Class - {E8B9F80E-C8C1-4D52-A229-2F1F4F75084A} -C:\WINDOWS\system32\agske.dll O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKUS\.DEFAULT\..\Run: [CRACK] \WINDOWS\system32\config\crack.lnk (User 'Defaultuser') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: >>> HARDCORE MOVIES <<< -javascript:{document.location='http://neosexvideo.com/webmasters/df044/access.htm';} O18 - Filter: text/plain - {9EA3D557-CB5B-4643-B532-8F92861BAF57} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\ctlllhb.dll O23 - Service: Microsoft cache control (MSControlService) - Unknown owner -C:\WINDOWS\system32\windows (file missing) O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\dicowu.html Close all browsers and other windows except for HijackThis!, and click "Fix checked". STEP: 2 Show all hidden files and folders to remove following file:: Remove these files: C:\WINDOWS\system32\agske.dll C:\WINDOWS\System32\ctlllhb.dll C:\WINDOWS\system32\config\crack.lnk C:\Program Files\Common Files\dicowu.html C:\ProgramFiles\Internet Explorer\conav777444.dll STEP: 3 Please run Notepad and copy the following text between dotted lines into a new file: ------------------ sc config MSControlService start= disabled sc stop MSControlService sc delete MSControlService ------------------ Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered. Restart the computer normally to complete the fix. THEN: Download Combofix by sUBs and save to your desktop. (If you have previously downloaded ComboFix,please delete that version now.) download link HERE: http://download.bleepingcomputer.co... http://www.forospyware.com/sUBs/Com... Note It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Note In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. Also post a new Hijackthis log. *Do Safe Computing*