Mitch,

All that is supposed to be there. Are you currently having issues with your PC?

Crush:
I was...I had gotten error messages after running a service called Driver Checker and it apparently deleted some Window files while updating drivers. I had gotten some dll error messages. One was 04: HKLM/../Run: [RtHDVCpl] RtHDVCpl.exe:
RtHDVCpl.exe –Entry Point Not Found:
The procedure entry point Set Process DPIAware could not be located in the dynamic link library user32.dll
This application has failed to start because propsys.dll was not found

But I downloaded a propsys.dll file and saved it in the system 32 file which appears to have resolved the issue.

Mitch,

Let's make sure there are no nasties on your PC

Some things to keep in mind before we begin

1. This could turn out to be a long process if your system is very infected so please be patient with me
2. These instructions have been specifically custom tailored for your PC and your PC alone. Anyone else following these instructions risks damaging their PC.

There are a few steps we must complete before we can begin running some programs to get these nasty viruses off your PC.

Please do the following to begin with your disinfection:

Read this before moving on:
http://www.pchelpforum.com/new-hijac...tructions.html

After that:

Please note: It is common for a computer to appear free from malware even when the malware has not been completely removed. Even if your computer appears to be clean after following the PreWork, to avoid further problems, or even reinfection, please post the requested logs in order to have a Security Staff member verify that all traces are removed. Thank you for your cooperation.

First: read the following article, and follow suggestions/instructions if required

Warnings Regarding P2P Sharing Sites

Next Please Do the Following:


1. Set System and Hidden files and folders to show:

For Vista:

• Click the (Vista Icon) and click on Computer.
• Click Organize and click on Folder and Search Options.
• Click on the View tab.
• Un-check the Hide Protected Operating System Files (Recommended) box.
• Under Hidden files and folders, click Show hidden files and folders.
• If you see a warning message, click Yes.
• Click Apply.
• Click OK.

For XP:

• Right-Click My Computer choose Explore, click on Tools, Folder Options.
• Click the View tab.
• Place a tick next to Display content of System folders, (answer OK to warnings)
• Under Hidden files and folders, click Show hidden files and folders.
• If you see a warning message, click Yes.
• Click Apply.
• Click OK.

For 98/2000/ME:

• Double-click the My Computer icon
• Click on the View menu, click Folder Options
• Advanced Settings box, under the "Hidden files" folder, click Show all files.
• If you see a warning message, click Yes.
• Click Apply.
• Click OK.

2. Disable System Restore to prevent re-infection.
(If you have/use it.)

Vista:

• Click the (Vista Icon) and right click on Computer and select Properties.
• Click on System Protection (click OK if you are prompted with a warning).
• Un-check all of the boxes in the list of Available Disks for Automatic Restore Points.
• Click Apply.
• Click OK.

WinXP.

• Click the Start button.
• Right-click My Computer, and then click Properties.
• On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

WinME.

• Click Start > Settings > Control Panel.
• Double-click the System icon.
• If the System icon is not visible, click View all Control Panel options to display it.
• On the Performance tab, click File System.
• On the Troubleshooting tab check Disable System Restore.
• Click OK. Click Yes when you are prompted to restart Windows.

Please do not follow any instructions from any user or staff member other than those listed in the Please Read Before Following Advice thread.
Also note as stated above, that we do not support the use of illegal software. If you have any type of illegal or cracked software installed, please un-install them as soon as possible. In the case of your operating system, please obtain a valid licensed copy. Read more here.

We have an excellent Security Team, and will take the time and effort to assist you according to your technical abilities. Please feel free to ask for any clarification, guidance or information that you may need. That's what we're here for.

After all that is done please follow up with the following:
Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.31

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you
* Now navigate back to the Scan tab
* Select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

================================================== ===================================


Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the MBAM log, C:\ComboFix.txt, and HJT log after running everything in your next reply.

After reading all that should you have any questions feel free to post back.

Crush:
Thank you.
Do you folks ever use Cross Loop? So as to view the system live on line?
The system in question is a different one from the one I am using at the moment to reply to your messages and I will set up the system and run the various details as you have outlined here in a short bit.
Some additional back ground on the computer:

I had installed XP Home Edition w SP 2 version 2002 – on a new computer from on a system built in April 2007 for me as a back up system. The system has never been used up to this point. The OS software had not been installed, and came with the components of the system. I have run all MS updates and now have SP3 on the system. I am setting this computer up to give to my in laws.

The components consist of:
Antec tower
Intel Pentium D Processor 945 800 MHz FSB 3.4 GHz 2x2
Asus Motherboard P5LD2-VM <Green>
W. Digital 320 GB SATA II 16MB Hard Drive
I have 4 GB of Ram

I did research to learn how to install the OS software since the instructions enclosed with the CD from MS are very vague and found this:

http://pcsupport.about.com/od/operatingsystems/ss/instxpclean1.htm

Mitch,

I have indeed used Cross Loop to disinfect systems before. However, it is forum policy that everything must be done on the forum.

I think it would be beneficial, since you have access to a clean system, to download the files to a USB drive and run them from there on your infected system.

Crush:
I'm not sure what you mean by "download the files to a USB drive and run them from there on your infected system"

Do you mean when prompted for me to save the files to a USB drive? Please explain how this is done...