Ha, yet -another- msdirectx invasion

[3R1C]

Pretty run of the mill.

Collected.5.L pops up on startup from AVG AntiVirus.
Already tried to delete it, doesnt help.
Noticed there was a problem when taskmgr.exe failed to remain open.

Included is my HJT log.  Thanks in advance:

Logfile of HijackThis v1.99.1
Scan saved at 12:14:41 AM, on 6/1/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Xoblite\Blackbox.exe
D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\AVGFRE~1\avgcc.exe
D:\PROGRA~1\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\AVGFRE~1\avgemc.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\msconfig32.exe
d:\program files\valve\steam\steam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Gaim\gaim.exe
D:\Documents and Settings\eric\Desktop\egsfdgs.exe (hijackthis application, had to be renamed, trojan was blocking hijackthis.exe from being executed)

F2 - REG:system.ini: Shell=D:\Xoblite\Blackbox.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gaim] D:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgupsvc.exe

---

nevermind, i think i might have found the file responsible, msconfig32  its definitely the program blocking taskmgr.  if you see anything else, please reply with your thoughts.

[Guest_Catzmagee_*]

Do you have service pack 2 installed?  I got the virus and i was close to wiping my hard drive to get rid of it because it just kept reappearing on boot up. I posted my problem here to and guestolo gave me way to deleteing it so on reboot it wasnt there but next timei restarted it came up again, i kept having to repeat it, i eventually did it one more time then tried to install service pack 2 but i couldnt download it by windows update i had to to it manually and then it took 2 hrs to install because my computer was so slow. but since ive installed it, the virus hasnt been able to get back into my computer. My post is under W32 spybot worm (msdirectx.sys) - worm won't delete if you want to see what kinda stuff i had to go through, your computer if you havent gotten rid of it will probably be slightly different things to delete and get rid of.

Don't know if this helps at all...

Catz