Need help deleting VXGAME6.EXE3584.EXE

You have not completed the steps in the READ & RUN ME until you have run all the steps and completed the instructions. Run all step 0 thru 7 and attach the logs that are requested in steps 6 (two logs from online scanners) and step 7 (the HijackThis log).

 

Are you sure it found nothing? Panda seems to ALWAYS find something even if it is only reporting cookies.

Is Spy Sweeper a paid version or a free trial version?


Download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


Run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

D:\Data\All Users\Documents\Settings\2014.dll
D:\Data\All Users\Documents\Settings\36273642.dll
C:\WINDOWS\system32\gdwxp3.dllwxp3.dll



If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!

Disable (shut down) both Spy Sweeper and MS Antispyware before doing the below steps.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: 2014reg - D:\Data\All Users\Documents\Settings\2014.dll
O20 - Winlogon Notify: 36273642reg - D:\Data\All Users\Documents\Settings\36273642.dll
O20 - Winlogon Notify: gdwxp3 - gdwxp3.dll (file missing)



Now exit HJT
Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox):
D:\Data\All Users\Documents\Settings\2014.dll
D:\Data\All Users\Documents\Settings\36273642.dll
C:\WINDOWS\system32\gdwxp3.dllwxp3.dll


Now reboot into normal mode and after reboot double check the same HJT entries I had you fix above and if any still remain, fix them again a second time.

Now attach a new HJT log.

Also tell me how things are working!

 

Not likely. Panda does not fix most of what it finds. It only fixes a few nasty trojans. Everything else it just reports (like cookies) but it never fixes them.

Sorry about that. I forgot to paste in the registry patch. Here is what that was supposed to say.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

What is drive D? Is it a second hard disk, a network disk, a CD ROM....etc?

More than likely not a malware issue. I will discuss this only a little in this message but will not continue to discuss it in this forum since it is not a topic we have time to discuss in the Malware Forum. Your problem may be due to a something that has corrupted your OS or system files, or due to all the stuff you are running (I cannot tell you which stuff you need and do not need, but there is a load of stuff running I question why you need it. Some may be due to company requirements but that does not mean they don't cause issues.) First you should uninstall Spy Sweeper since it is only a trial and also since you already have MS Antispyware running. You should then try killing some of the other stuff you have running (like Altiris, McAfee, flexlm, Ultramon, AT&T Global Network Client stuff - one of which is a service).

Also none of the below are required to load at startup and can waste large amounts of system resources and ineffect slow your PC down:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

And the below is probably not needed by you either. It is not needed by most people using Photoshop or other Adobe tools. You could disable it and then see if it actually causes you any problems and reenable it if necessary.
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Then do not run CCleaner at startup. Also don't allow CCleaner to empty Windows Prefetch data. What version of CCleaner are you running?

You may want to try running a System File Check at a command prompt. Click Start, Run, and enter sfc /scannow and click OK. This may ask for your WinXP CD if it finds problems.

You may also want to run CounterSpy and fix what it finds. CounterSpy is mention in the READ & RUN ME. See what it has to say about your VXGAME infection: http://research.sunbelt-software.com/threat_display.cfm?name=Trojan.Vxgame&threatid=39597

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!