Picked this up somehow and have had serious trouble trying to get rid of it. It doesn't appear now in my Avast or AVG scans but it changed my C: drive to E: and I cannot change the drive letter back through Disk Management tool. I'm not 100% sure it's fully removed either since it prevents me from downloading some tools I might be able to use to disinfect.

Here is my HJT log (I think) ( I Hope)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:07 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\Canon\MyPrinter\BJMyPrt.exe
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\COMODO\SafeSurf\cssurf.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\COMODO\Firewall\cmdagent.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\COMODO\Firewall\cfp.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F5D9050] E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "E:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ccleaner] "E:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I need to know more about this trojan, like which one of the antivirus programs you are running is finding it, what is the complete name and location of this item. It is very possible this is a false positive caused by the conflictions that occur when antivirus programs compete with each other.

You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

AVG8
Avast4

Uninstall one of those, post a new HJT log at that point with the information I requested.

Thanks

Thanks for replying pskelly.

I'll remove AVG and use Avast as my sole AV scanner.

Avast originally picked up the alleged virus and then supposedly quarantined it. Since then I've also scanned using Spybot S&D as well as Ad-Aware and nothing shows up on either.
Upon visiting almost any web site I get a plethora of activity from Peer Guardian which is attempting to block many sites at once which I've not experienced before.

At this point I'll remove the AVG and then wait for instructions from you to be sure everything is safe. Then hopefully I'll be able to get the appropriate drive letters back.

http://phoenixlabs.org/pg2/ <<< this is what you are running? You would have to ask them about their activity, I have never run the program and only seen it running a few times in ten years of looking at HJT log.

Understand that so many things can be the fault of conflictions occuring as two antivirus programs try to do the same thing. How long have they both been on the computer? It may even be the reason for the activity in the other program. What I need from you is as much information as you can provide, any error messages you receive word for word, and a new HJT log running one antivirus program. At that point I will concentrate on that information and the HJT log to decide if we should do more and with what tools.

Thanks

Here is the new HJT log.

Avast was used 2x to scan the system. Upon 1st scan 3 instances of the XIT Trojan were discovered and quarantined. Upon a 3rd scan two files out of 5 that were found could not be removed, quarantined or renamed and quarantined or renamed and removed.
Here is the new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:04 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\COMODO\Firewall\cmdagent.exe
E:\Program Files\COMODO\SafeSurf\cssurf.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\COMODO\Firewall\cfp.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F5D9050] E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "E:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ccleaner] "E:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe


I'll try to copy or type in the latest results from the Avast AV scan in the am.

The drive letters appear as such in the disk management program through windows:

LOCAL DISK C:(E:) - This is and should be just plain C:

Try to left click it to change drive letter and I get the following error message from windows:

windows cannot modify the drive letter of your system volume or boot volume
with an OK button.


The two AV programs have only been on for about 2 weeks, normally I only run one (I knew about the conflict warning already) but because I've used Avast before to remove boot viruses I tried to also allow AVG to remain operational in the event the download of Avast was corrupted.

Results of last scan using Avast, numerous errors and problems listed on Drive E: first one included "Decompression Bomb" so I used the repair option in Avast, result said repairs were succesful but I'm not sure. Each scan seems to reveal different problems. This last scan showed over 25 problems. I'll try again in the morning and if they or more are displayed I'll copy and paste or list them here somehow.

Thanks for returning your information, you have a lot of minor issues that are not malware related, like I will have to assume (from my limited knowledge about Operating System installations) that E:\ was assigned when the OS was installed? If you keep a list so we don't miss them, once the malware (which is what I do) is removed, I'll see what I can help with or at least direction you to help.

I'll try to copy or type in the latest results from the Avast AV scan in the am.
Not being an Avast user, I am not familiar with the log and it will be a waste of time and space to post it. All I need is the information about malware Avast has located, the exact name of any malware and the exact location.
"This last scan showed over 25 problems" <<< what happens when you ask Avast to remove the problems? They might be data minors or tracking cooking. I have the feeling if you had 25 trojans, your computer would not be running. I would be interestd in seeing that information, and perhaps the MBAM scan might provide more information?

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:04 PM, on 6/23/2008

This log is showing no malware, you do have a slightly out of date Java Program:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

I would prefer you wait until we are finished to do so, I suggest you consider installing Internet Ecplorer 7 if only for the additional security it will provide you with:
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

Let's try a good malware scan for a second opinion:
Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Add any comments you think will help.

Thanks...Phil

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.