Help!! Tried Everything

Help!! I have the virus on my computer that infects the screen and makes it pixilated with residue from each page that comes up. After I tried all the below the virus got worse so the screen is even more densely filled with streaks and pixillation.

Here’s what I’ve tried to get rid of it:

1. Ran Norton Anti-Virus 2004 Professional with all updates downloaded automatically and redownloaded manually and performed numerous full system scans including in safe mode. No detections.
2. Found 5 files in my Temp folder that won’t delete. One is Perfib_Perfdata. The others are numerical and change names each time I open Windows Explorer.
3. Tried deleting all of them but get an error message saying the file is being used by another person or program.
4. Tried deleting all of them using Move On Boot and tried in safe mode.
5. Tried to right click on properties and advanced to take ownership of the file, but that option is not available. Simple file archiving and compression are my only options.
6. Opened Task Manager, but cannot determine which of the processes running are tied to the virus, so don’t know which to shut down.

See below for everything else I’ve tried. Any suggestions would be greatly appreciated!Getting Prepared; Steps to be sure your system is ready to be scanned:

1: Disable System Restore temporarily
DONE
2: Network Security, Workstation Netlogon Services & Remote Procedure Call (RPC) Helper (Windows XP, 2K, NT);
DONE—No listed services found3: Enable viewing of hidden files and folders and extensions;
DONE
4: Downloading Tools; Download the following tools
Ad-Aware SE.......Install, click Check for Updates now and get any updates, then exit. DONEAd-Aware VX2 Cleaner Plug-In.....Install only DONE
CCleaner.............Install only, then exit DONE
Spybot................Install, do the search for updates now and get any updates, then exit. DONESpybot - Search and Destroy DSO Exploit Fix - Install this patch on top of Spybot to fix the DSO Exploit bug DONESpywareBlaster...Install, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. It does a great job of blocking known vulnerabilities as well as known malicious websites. DONE
McAfee AVERT Stinger.....No installation required! Ready to run as is. DONE
CWShredder......No installation required! Just unzip it to a folder. DONE
Kill2me..............No installation required! Just unzip it to a folder. DONE
about:Buster......No installation required! Just unzip it to a folder. Click Update & download any before scanning. DONE
HSRemove........No installation required! Ready to run as is. DONE
All of the above were run in safe mode—problem still not solved

Scanning And Cleaning Steps: (note steps 1 thru 4 are NOT optional!)

1: Virus And Trojan Scanning
DONE—No viruses found with Symantec or with Avert Stinger. Trend Micro found the following viruses:
TROJ_RVP.D (non-cleanable)
C:\programfiles\commonfiles\jav
C:\programfiles\commonfiles\xmc\xclean.exe
C:\programfiles\commonfiles\xmc\xcpyl_inst.exe
When the screen prompted, I clicked Delete.
2: Clean Your Hard Drive; Remove temporary internet and other files not needed with CCleaner. Run CCleaner DONE in normal mode and in safe mode
3: Main Spyware Scan And Removal; Scan your machine with Ad-Aware SE (remember to install the Ad-Aware VX2 Cleaner Plug-In for it) and Spybot. Look for the Immunize feature in Spybot and use it. Make sure you install the Spybot DSO Exploit patch before running a scan with Spybot. DONE—no threats found

4: Secondary Spyware Scan And Removal: Other Removal Tools; Run the other programs you downloaded; CWShredder (make sure you select Fix), Kill2me, about:Buster and HSRemove. They are free, standalone and easy to use. DONE in normal and in safe mode
These final 2 OPTIONAL steps require you reboot back to normal mode.

5: OPTIONAL: If you can not remove the stubborn "Only the Best" aka "HSA" HIJACKER please view this thread by Chaslang, an expert in removing these things, can be found here: http://forums.majorgeeks.com/showthread.php?t=38772

Did not do this. The tutorial was complicated, I wasn’t sure of what I was doing. I’m also not sure which viruses I have.

6: OPTIONAL: Scan With Hijack This; If you have gotten this far without success, you may need to download Hijack This!.
DONE see below for my log file.

Make sure that you tell us in your post that you've already followed the instructions on this page so we don't waste your and our time by posting a link to it in your thread. Also, it would be helpful to indicate what kind of problems the above steps have found and fixed (or failed to fix).

I’ve already followed the instructions on this page.

Alternative Scans - If still having problems

If you are still having problems after performing all the above, these alternative scans below may prove to be useful. As mentioned above, it would be good to perform these in safe mode since it may assist in the ability to remove an infection. However, there are cases where a problem does not show itself completely until you boot in normal mode. So first run these scans in normal boot mode, and if they have problems cleaning any particular items repeat the scan in safe mode to see if it helps. Always keep track of what these scans find (save logs or take notes), and report them back in your thread to anyone helping you.

Bitdefender online scan DONERavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

a-squared (a²) Free edition free but requires an email address to register
avast! Virus Cleaner Tool
ADS SPY - Alternate Data Streams Spy from Merijn

Recent browser hijackers started using ADS to hide their files, and very few anti-malware scanners detect this. Use ADS Spy to find and remove these streams. Note: this app also displays legitimate ADS streams. Don't delete streams if you are not completely sure they are malicious! You should consult with an expert before deleting any files with this tool.

I have not done this. I’m not an expert.


Edit by chaslang: Inline log changed to an attachment.

 

hi i cannot help with the virus solution.but it might be worth trying to reinstall your graphics card drivers

 

Dr C.

Thanks a lot for your help and for your patience. I really appreciate it! Still I haven’t had any success. See below>>
Are the below entries for Proxy Servers required by your ISP:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.direcwaysupport.com;192....waysupport.com: 192.168.0.1;<local>

Yes, the two entries listed are required by my ISP.
Please make sure you have correct the issue with running HJT out of the ZIP file and have installed as requested before continuing. DONE
Verify you have system restore disabled and viewing of hidden files enabled. DONE

First download and run this: Adware T.V. Media Removal Tool
Let me know if it finds anything.

It gave me an error message saying my system was missing 1 or more critical updates. However, I had installed all updates when I first started working on this virus problem. Now when I got to get the updates, Internet Explorer becomes non-responsive and won’t load the page. I tried this several times though IE is working for accessing other sites.
Run HijackThis VERSION 1.99.1 and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {7CD20E91-1F31-41da-8379-479EA31DF969} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if still there):
C:\Program Files\TV Media <--- the whole folder
C:\WINDOWS\Remove_spyware.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Let me know if you have any problems finding or deleting any of these files.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Did all of the above. Put HJT 1.99.1 in its own folder on the D drive, fixed the items listed above, deleted the files listed above without a problem. I’m attaching the new HJT log. Still No improvements found.

Two questions:

Do you have any suggestions or insights about the temp files that won’t delete including the perfib-perfdata?

Also, is my last resort uninstalling and reinstalling Windows? If I had to do this, how would I assure the virus wasn’t transferred back in when I reconstruct everything and load my programs and data?

Thanks again for your help!

 

Thanks. Here's my log.

Yes, I tried deleting those temp files in safe mode.

There are 10 of them now. C:/WINDOWS/Temp/perfib_perfdata_2d0.dat

This one says it has 16 kb in the file. Also the numerical extension changes each time I try to delete the file.

The other 9 are
C:/WINDOWS/Temp/JETC8E8.tmp

and other similar names starting with JET that each show 0 kb in the file but that change the file name every time I try to delete them.

Thanks!

 

Hi Dr. C,

Thanks for your suggestions. I followed your instructions exactly and ran Hjack This in safe mode. I didn't kill any processes because the processes that came up were not on the list you posted. Here are the 8 processes that came up when I ran HijackThis

C:\WINDOWS\System32\winlongon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\9programdownloads\virusremoval\hijackthis.exe

Let me know if you want me to kill any of the above processes and then try to delete the files. Thanks again for your help!

 

Dr. C,

I've tried all of that. The files do not delete in safe mode even when I run Move on Boot, Ccleaner, and all the other removal programs. There's only 1 account on the computer. When I run Norton Anti-Virus in safe mode it doesn't detect anything.

Any other suggestions??

Thanks!

 

Ok, the temp files are not a problem. Any more suggestions then for getting rid of the virus that pixillates and puts streaks across my screen?