Active All system tray icons gone!

[Active] All system tray icons gone!

Hi,

Last night I downloaded a program called (or at least I thought it was) "style XP" from the "emule" file sharing program. (yes I know, I probably should've been more careful).

But after it downloaded, I did scan it with my AV program before opening it and it didn't detect anything wrong, so I tried installing it.

I clicked on what was an icon that resembled a key, and a prompt came up that said something (to my best recollection since I closed the prompt fast) about it being called "black box" and mentioned something about it being used for aircraft. (obviously meaning something about the black boxes planes use to record flights in case of crashes and the like).

After this came up, I rebooted right away. and when windows came back up, the first thing that happened was that my AV program (Avast) tried coming on, but something came up near the system tray icon saying that "something" was preventing Avast from starting, loading, or activating (it came up pretty fast so I don't remember everything it said before the avast icon disappeared).

Not only did my AV program fail to boot up, but everything else that booted in the system tray before was no longer there. One of which is the sound icon. And now without that, my computer's sound is not working and according to the sound and audio properties, it's saying I have no audio device. But the sound does come on briefly at the log on screen, but when it gets to the desktop, the sound stops functioning.

IE7 is also having problems now where I can't go to any sites. When I try going somewhere using my favorites folder, another browser window comes up and just goes to my default start page "google ". (I'm currently using firefox since it seems to be working normally).

When I tried to start up Avast, a prompt comes up saying that "Avast is not a valid win32 application ". The same is said when I try to start superantispyware. Other prgrams seem to be running normally though.

I also tried using system restore, but it couldn't restore the computer.

Any idea if this could be a virus or spyware/malware that avast just didn't detect and if so, what can I do, if anything?

I'm running windows XP with SP3 installed.

Any help would be appreciated as I'm at my wits end and very angry with myself for downloading this program from emule especially if it indeed is a virus of somekind and caused this problem. A definite lesson to be learned.

 

I was just able to start up my security center by restarting it in services. Then I turned on my filewall, and to my dismay, it asked me if I wanted to allow a file called flec006 to be allowed by the firewall. I of course said no. And quickly did a search on google for flec006 and found out is is a virus/spyware. I'm currently searching high and low for a way to get rid of this. While I am doing this, if anyone here knows of a solution please let me know! Thanks.

 

Ok Arie. Here is the first log file from DDS.txt:





DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Owner at 21:15:42.89 on Thu 02/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.126 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Desktop Architect] "c:\program files\desktop architect\datray.exe" -S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mPolicies-system: EnableLUA = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_12.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
Trusted Zone: drivecleaner.com
Trusted Zone: errorprotector.com
Trusted Zone: imageservr.com
Trusted Zone: systemdoctor.com
Trusted Zone: drivecleaner.com
Trusted Zone: errorprotector.com
Trusted Zone: imageservr.com
Trusted Zone: systemdoctor.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1233963438359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233081266718
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
LSA: Notification Packages =

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\2ov2z8v2.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\2ov2z8v2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 sK9Ou0s;sK9Ou0s;c:\documents and settings\compaq_owner\application data\drivers\srosa2.sys [2009-2-12 7168]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1c9862c67c9220c;Google Update Service (gupdate1c9862c67c9220c);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-2-12 29584]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-12 19:52 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-02-12 19:49 <DIR> --d----- c:\program files\Greatis
2009-02-12 19:13 <DIR> --d----- C:\VundoFix Backups
2009-02-12 12:57 <DIR> --d----- c:\program files\Panda Security
2009-02-12 06:07 <DIR> --d----- c:\documents and settings\compaq_owner\.housecall6.6
2009-02-12 05:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-12 04:41 17,857 a------- c:\windows\system32\drivers\SGuard.sys
2009-02-12 04:17 <DIR> --d----- c:\docume~1\compaq~1\applic~1\iolo
2009-02-12 04:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-02-12 04:16 <DIR> --d----- c:\program files\CCleaner
2009-02-12 03:54 406 a------- c:\windows\system32\ioloBootDefrag.cfg
2009-02-12 03:34 <DIR> --d----- c:\program files\Yahoo!
2009-02-12 02:14 <DIR> --d-h--- c:\docume~1\compaq~1\applic~1\m
2009-02-12 02:10 <DIR> --d----- c:\windows\system32\drivers\down
2009-02-12 02:04 <DIR> --d-h--- c:\docume~1\compaq~1\applic~1\drivers
2009-02-12 01:29 0 a------- c:\windows\windowfx3.ini
2009-02-12 01:28 0 a------- c:\windows\windowfx2.ini
2009-02-12 01:27 10 a------- c:\windows\system32\wfxhelp22.dll
2009-02-11 23:39 0 -------- c:\windows\WB.ini
2009-02-11 23:37 42,672 -------- c:\windows\system32\wbsys.dll
2009-02-11 23:17 24 a------- c:\windows\LogonStudio.ini
2009-02-11 23:16 187,392 a------- c:\windows\system32\JPGUtils.dll
2009-02-11 23:16 <DIR> --d----- c:\program files\WinCustomize
2009-02-11 20:46 266,360 a------- c:\windows\system32\TweakUI.exe
2009-02-11 20:46 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-02-11 19:52 <DIR> --d----- c:\windows\Icons
2009-02-11 19:52 <DIR> --d----- c:\program files\FileSubmit
2009-02-11 19:37 <DIR> --d----- c:\program files\OneRiot
2009-02-11 19:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Stardock
2009-02-11 19:10 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{4D84A86B-BFC2-4B9B-B3C4-207F5860E952}
2009-02-11 19:10 <DIR> --d----- c:\program files\Stardock
2009-02-11 17:12 <DIR> --d----- c:\program files\PicLensIE
2009-02-10 13:49 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-02-10 13:49 <DIR> --dsh--- C:\INCINERATE
2009-02-09 16:46 <DIR> --d----- c:\windows\system32\CatRoot2
2009-02-08 21:07 <DIR> --d----- c:\docume~1\compaq~1\applic~1\WinBatch
2009-02-08 20:45 <DIR> --d----- c:\program files\VIA
2009-02-08 20:45 <DIR> --d----- C:\softpaq
2009-02-08 20:30 156,672 -------- c:\windows\system32\RtlCPAPI.dll
2009-02-08 20:30 69,632 -------- c:\windows\soundman.exe
2009-02-08 20:30 40,448 -------- c:\windows\system32\ChCfg.exe
2009-02-08 20:30 9,196,032 -------- c:\windows\system32\RTLCPL.exe
2009-02-08 20:30 141,016 -------- c:\windows\system32\alsndmgr.wav
2009-02-08 20:30 208,896 -------- c:\windows\alcupd.exe
2009-02-08 20:30 139,264 -------- c:\windows\alcrmv.exe
2009-02-08 16:24 <DIR> --d----- c:\program files\Ares
2009-02-07 23:10 <DIR> --d----- c:\docume~1\compaq~1\applic~1\ieSpell
2009-02-07 23:09 <DIR> --d----- c:\program files\ieSpell
2009-02-06 21:27 <DIR> --d----- c:\documents and settings\compaq_owner\Tracing
2009-02-06 21:20 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-05 16:53 <DIR> --d----- c:\program files\common files\xing shared
2009-02-05 12:14 <DIR> --d----- c:\program files\filehippo.com
2009-02-03 12:23 126,656 a------- c:\windows\system\CardView.dll
2009-02-01 22:07 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-02-01 13:38 <DIR> --d----- c:\program files\common files\Stardock
2009-01-30 19:44 <DIR> --d----- c:\program files\Unity
2009-01-29 14:50 <DIR> --d----- c:\program files\eMule
2009-01-28 16:08 <DIR> --d----- c:\program files\WS_FTP
2009-01-28 13:38 12 a------- c:\windows\dirsaver.ini
2009-01-28 13:38 569,588 a------- c:\windows\DateTime.scr
2009-01-28 13:38 0 a------- c:\windows\FlashForge.ini
2009-01-28 13:35 <DIR> --d----- c:\program files\Goldshell
2009-01-28 12:40 146,321 a------- c:\windows\system32\plus!.hlp
2009-01-28 12:40 1,300 a------- c:\windows\system32\cool.dll
2009-01-28 12:40 32,768 a------- c:\windows\system32\dapanel.cpl
2009-01-28 12:40 <DIR> --d----- c:\program files\Desktop Architect
2009-01-27 21:46 <DIR> --d----- c:\program files\HP
2009-01-27 21:27 <DIR> --d----- c:\program files\kSolo
2009-01-27 17:56 <DIR> --d----- c:\program files\Flash MX
2009-01-27 15:44 <DIR> --d----- c:\windows\ShellNew
2009-01-27 14:54 <DIR> --d----- c:\docume~1\compaq~1\applic~1\XnView
2009-01-27 14:37 <DIR> --d----- c:\program files\XnView
2009-01-27 14:24 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-01-27 14:22 <DIR> --d----- c:\windows\Logs
2009-01-27 13:44 <DIR> --d----- c:\program files\Atomic Clock
2009-01-27 13:38 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-27 11:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-27 11:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-27 11:55 <DIR> --d----- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2009-01-27 11:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-27 11:46 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-27 10:35 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-27 03:25 <DIR> --d----- c:\windows\system32\Adobe
2009-01-27 02:54 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-27 02:54 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-27 02:54 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-27 02:54 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-27 02:54 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-27 02:54 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-27 02:54 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-27 02:54 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-27 02:54 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-27 02:20 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-27 02:08 616,960 a------- c:\windows\system32\advapi32.dll
2009-01-27 02:07 <DIR> --d----- c:\windows\EHome
2009-01-27 00:04 705,536 a------- c:\windows\system32\Incinerator.dll
2009-01-27 00:04 30,942 a------- c:\windows\system32\iolobtdfg.exe
2009-01-27 00:04 25,264 a------- c:\windows\system32\smrgdf.exe
2009-01-27 00:04 <DIR> --d----- c:\program files\iolo
2009-01-26 23:39 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-26 23:39 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-01-26 23:39 352,256 a------- c:\windows\system32\LXBKUTIL.DLL
2009-01-26 23:39 69,632 a------- c:\windows\system32\lxbkscin.dll
2009-01-26 23:39 983,101 a------- c:\windows\system32\LXBKGF.DLL
2009-01-26 23:39 57,344 a------- c:\windows\system32\lxbkcinf.dll
2009-01-26 23:39 49,152 a------- c:\windows\system32\lxbkcoin.dll
2009-01-26 23:39 266 a------- c:\windows\system32\lxbkcoin.ini
2009-01-26 23:39 454,656 a------- c:\windows\system32\LXBKJSWR.DLL
2009-01-26 23:39 <DIR> --d----- c:\program files\Lexmark X1100 Series
2009-01-26 23:39 <DIR> --d----- c:\documents and settings\compaq_owner\WINDOWS
2009-01-19 14:08 524,288 a------- c:\windows\opuc.dll

==================== Find3M ====================

2009-02-12 05:53 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-12 00:43 2,830,848 a------- c:\windows\system32\logonuiX.exe
2009-02-03 10:36 5,058 a------- c:\windows\help\hhcolreg.dat
2006-08-30 13:43 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 21:16:48.67 ===============

 

And here's the log listing from attach.txt:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2007 12:18:10 PM
System Uptime: 2/12/2009 8:35:02 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Sempron(tm) 3000+ | Socket A | 1999/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 32 GiB total, 17.839 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.908 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_9360\9205291
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_9360\9205291
Service: USBSTOR

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
Apple Software Update
Ares 2.1.1
CCleaner (remove only)
Cooliris for Internet Explorer
DateTime ScreenSaver
Desktop Architect
eMule
Eusing Free Registry Cleaner
filehippo.com Update Checker
FlashForge
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
HP Product Detection
HpSdpAppCoreApp
ieSpell
InterVideo WinDVD Player
iolo technologies' System Mechanic 5
Ipswitch WS_FTP LE
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 12
Java(TM) SE Runtime Environment 6 Update 1
kSolo Recorder
Lexmark X1100 Series
LimeWire 4.18.8
LogonStudio
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.0.6)
MSXML 4.0
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB927977)
Nero
QuickTime
RealPlayer
Realtek AC'97 Audio
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3GSetup
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Sonic Update Manager
SoundPackager
SUPERAntiSpyware Free Edition
Tweak UI
Unity Web Player
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XnView 1.95.4

==== Event Viewer Messages From Past Week ========

2/12/2009 8:14:26 PM, error: Rasman [20132] - Remote Access Connection Manager failed to start because the RAS RPC module failed to initialize. The specified procedure could not be found.
2/12/2009 8:14:26 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified procedure could not be found.
2/12/2009 8:12:58 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
2/12/2009 8:12:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan
2/12/2009 8:12:58 PM, error: Service Control Manager [7000] - The ASCTRM service failed to start due to the following error: The system cannot find the file specified.
2/12/2009 8:12:58 PM, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/12/2009 8:12:34 PM, error: PlugPlayManager [12] - The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002) disappeared from the system without first being prepared for removal.
2/12/2009 8:12:34 PM, error: PlugPlayManager [12] - The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared from the system without first being prepared for removal.
2/12/2009 8:12:34 PM, error: PlugPlayManager [12] - The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000) disappeared from the system without first being prepared for removal.
2/12/2009 8:11:40 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
2/12/2009 8:08:52 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/12/2009 6:52:01 PM, error: Service Control Manager [7000] - The Distributed Transaction Coordinator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/12/2009 6:52:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Transaction Coordinator service to connect.
2/12/2009 6:50:52 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
2/12/2009 6:50:52 PM, error: Service Control Manager [7034] - The Google Update Service (gupdate1c9862c67c9220c) service terminated unexpectedly. It has done this 1 time(s).
2/12/2009 8:33:44 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
2/12/2009 8:33:44 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
2/12/2009 8:33:44 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
2/12/2009 8:33:47 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
2/12/2009 8:33:50 PM, error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/12/2009 8:49:52 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

 

Hi poetink,

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thanks noahdfear, but unfortunately I already tried combofix. It wouldn't even run. All I got was that "combofix is not a valid win32 application" error prompt, which I understand is part of this virus' function.

What I need (if possible and if one exists) is somekind of manual removal of this thing. I've read from searching around about it that they say you have to try removing it in safe mode and deleting registry entries. I haven't tried this myself yet, but people who have tried, some say that the virus won't even allow them to go into safe mode.

This is a major problem for me, because if I can't get rid of this thing, I'm stuck. Because I have no operating system disc to even reformat the drive for a reinstall if all else fails.

 

Problem solved!

After an extensive search, I finally found an old thread from another forum where a person was experiencing this virus and several others. The person resolved the problem himself by downloading and running a program called prevxcsi there is a free version of it, but it only uninstalls 2 found problems for free, you have to pay for a license to remove the rest. I scanned the computer with it, and it indeed found the flec006.exe virus (along with 19 other viruses I didn't know where on the computer!)

I went to the program's site http://www.prevx.com And paid for a month license for $15.95 and rescanned, removed everything, and now it's as if there was no virus! At first my sound didn't come back up, but I checked the services area of windows, and saw that the "windows audio" service was turned off and set on manual, I started it, put on automatic, and my sound returned on my next reboot. So all I can say is whew! I thought I was dead in the water there for a while. So thanks to everyone that posted replies here to try and help me. I really appreciate it. And I strongly suggest anyone to try the prevx program, it was well worth the money, believe me!

 

Happy to hear of your success. Suggest you run an online scan to be sure there's nothing else remaining. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.