Each time i turn the computer on I get this Black pop up thing.... and it happens so fast i cant read it but i think it says windows. then script So I did a scan with AVG and it showed 121 infections. Here is the log from Highjack this which I do not know how to work either. If anyone can tell me what to do ... thank you thank you!!! Even after I scan it happens again!!!!
Logfile of HijackThis v1.99.1
Scan saved at 3:54:49 PM, on 3/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Logfile of HijackThis v1.99.1
Scan saved at 4:20:16 PM, on 3/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\hijack\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DelTIF] cscript "C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\GLQB8PQN\purgecache[1].vbs" //b //nologo DeleteCache "C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files"
O17 - HKLM\System\CCS\Services\Tcpip\..\{337BD12E-D66E-4382-8A6A-A0DE9A5A1C76}: NameServer = 64.132.16.223 64.132.16.224
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

:sick: My computer said that is file is not there to start in safe mode.. what do i do?

Created at: 3:16:01 PM 3/3/2007

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549510.dll -> Adware.Hotbot : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549511.dll -> Adware.Hotbot : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549512.dll -> Adware.Hotbot : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549513.dll -> Adware.Hotbot : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:qahdxa -> Adware.SearchPage : No action taken.
C:\WINDOWS\_DEFAULT.PIF:qahdxa -> Adware.SearchPage : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:lqsqi -> Downloader.Agent.bc : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:lqsqi -> Downloader.Agent.bc : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:nmyxn -> Downloader.Agent.bc : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kdjrg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kdtxwn -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:khfdds -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kifalo -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:klwskt -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kpxxtb -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:ksbjph -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:ktqbss -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kwihpj -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kzcebv -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:lccfsf -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:lclxhw -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:lorqxm -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:lvkmss -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kdjrg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kdtxwn -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:khfdds -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kifalo -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:klwskt -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kpxxtb -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:ksbjph -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:ktqbss -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kwihpj -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:kzcebv -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:lccfsf -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:lclxhw -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:lorqxm -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:lvkmss -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:nnnshe -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:nyvlbu -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:obdsvg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:oggvey -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:okihdh -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:okujgl -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:omxqbg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:onxioj -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:optaez -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:oqzbgy -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:osngzw -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:otkqjg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:ovwbdj -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:owmwvm -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pbgrps -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pkfych -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pkuhgy -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:plrxww -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pthseg -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pvanub -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:qbamci -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:qbtuej -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:qdrxce -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:obdsvg -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:oggvey -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:okihdh -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:okujgl -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:omxqbg -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:onxioj -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:optaez -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:oqzbgy -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:osngzw -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:otkqjg -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:ovwbdj -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:owmwvm -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pbgrps -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pkfych -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pkuhgy -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:plrxww -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pthseg -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pvanub -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:qbamci -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:qbtuej -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:qdrxce -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:rbbuji -> Downloader.Agent.bq : No action taken.
C:\WINDOWS\_DEFAULT.PIF:reneno -> Downloader.Agent.bq : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:liksdd -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:loluve -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:liksdd -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0546505.PIF:loluve -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:pccwxe -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:puqwxa -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0548938.PIF:qevgfi -> Downloader.WinShow.ak : No action taken.
C:\WINDOWS\_DEFAULT.PIF:pccwxe -> Downloader.WinShow.ak : No action taken.
C:\WINDOWS\_DEFAULT.PIF:puqwxa -> Downloader.WinShow.ak : No action taken.
C:\WINDOWS\_DEFAULT.PIF:qevgfi -> Downloader.WinShow.ak : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549502.dll -> Proxy.Agent.ll : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549503.dll -> Proxy.Agent.ll : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549504.dll -> Proxy.Agent.ll : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549505.dll -> Proxy.Agent.ll : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP317\A0549506.dll -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\SYSTEM32\__delete_on_reboot__w_i_n_4_1_3_._d_l_l_ -> Proxy.Agent.ll : No action taken.
C:\WINDOWS\Temp\16708266.tmp -> Proxy.Small : No action taken.
C:\WINDOWS\Temp\__delete_on_reboot__1_0_5_8_4_4_1_5_8_._t_m_p_ -> Proxy.Small : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kdxqfb -> Trojan.Agent.bi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:khudbf -> Trojan.Agent.bi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kmsyjo -> Trojan.Agent.bi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:ktqnpo -> Trojan.Agent.bi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kubtsc -> Trojan.Agent.bi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0542616.PIF:kuijly -> Trojan.Agent.bi : No action taken.:mad:

hi ranchlady1949,

most of those are in your system restore points and can be cleaned out by turning off system restore, reboot computer, then turn system restore back on and reboot again. But before thats done its a good idea to make sure all malware is gone first.
a hjt log can be used as a starting point:
see link about posting a hjt log:

http://forums.spybot.info/showthread.php?t=288

shelf life

hi ranchlady1949



I get this Black pop up thing.... and it happens so fast i cant read it but i think it says windows. then script

its probably this vbs: which is attempting to dump your IE cache

O4 - HKCU\..\Run: [DelTIF] cscript "C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\GLQB8PQN\purgecache[1].vbs"

where did you get that thing?
-----------------------
please respond in this thread.

shelf life

Due to lack of a response, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.