PDA

View Full Version : Virtumode help please!!!



Phanman
2008-08-06, 04:11
Hi,

Virtumode has pretty much messed up my computer... if you could please help that would be sooo much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:42 PM, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\Multimedia Control Center\MCC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD6jnrmkc3gR1iylhGpkc5/xm7sGXvbR7BBP6YKfUzu0xsjZjJi8IIZuvSg5oFiEPi5RA6T/G/+qln+v3VwsLxtQy8RN9IAWu8szspooOj1NVQklC8pXRKNRa6DDv95KANyZPI5jvIFBnaklKKL+n9VKv16f5hinup
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [BM573b37f3] Rundll32.exe "C:\WINDOWS.0\system32\ldhowhfk.dll",s
O4 - HKLM\..\Run: [5408046f] rundll32.exe "C:\WINDOWS.0\system32\yuvyotwp.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8142 bytes

Phanman
2008-08-07, 22:08
bump... please help if possible. This virtumonde virus is driving me crazy...

Blade81
2008-08-12, 10:30
Hi


Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Phanman
2008-08-14, 05:27
When Running Combo fix after the recovery console. My computer resets, and combo fix never finishes... It gets to the point where it says "Combofix has changed your clock settings. Do not change it back. It shall restore later." Once that happens, my computer screen flickers once and the computer automatically restarts itself.

I dont know if this matters but I got virtumonde installing an antivirus (Avast). I have tried to uninstall the antivirus through ADD/REMOVE programs in the control panel, but when i click on remove avast, nothing happens...
Also when i try to turn off avast by right clicking on the icon in the icon tray it says:

The instructions at 0x00000000 referenced memory at 0x00000000. The memory could not be read

Click on ok to terminate the program
Click on cancel to debug the program.

At this point i just hit ok to terminate the program, again I dont know if this matters but I thought I would add it in.

Thanks again for your help Blade

Phanman
2008-08-14, 06:03
ok so after trying to run combo fix several times, i guess lucky number 7 didnt reboot my computer. It continued along and finished, as well as created a log file.

During start up now, I do get 2 error messages in different pop up windows.
1. Error loading c:windows.0\system32\nnkketvk.dll
specified module could not be found
2. Error loading c:windows.0\system32\rybmqkxt.dll
specified module could not be found

I assume these are some kinda maleware that a different program is looking for. But ill let you decided that, hehe...

Here is the log file that was created by combofix:

ComboFix 08-08-13.02 - JOHN 2008-08-13 20:29:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.617 [GMT -6:00]
Running from: C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\FindIt.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\FindItHot.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\findithotxp.png
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\finditxp.png
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\Highlight.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\highlighthotxp.png
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\highlightxp.png
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\jokesearch.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\logo.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\logoxp.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons\pranks.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\contexts\error.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\contexts\related.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\contexts\travel.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\inst.exe
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\macromedia\Flash Player\#SharedObjects\6VTRVH3V\interclick.com
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\macromedia\Flash Player\#SharedObjects\6VTRVH3V\interclick.com\ud.sol
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Configurator\Configurator.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Layouts\PitchLayout.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Layouts\ToolbarLayout.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\Common Files\{54080~1
C:\WINDOWS.0\BM573b37f3.txt
C:\WINDOWS.0\BM573b37f3.xml
C:\WINDOWS.0\cookies.ini
C:\WINDOWS.0\pskt.ini
C:\WINDOWS.0\system32\afkyiqvd.dll
C:\WINDOWS.0\system32\awttqqpQ.dll
C:\WINDOWS.0\system32\beryoegb.dll
C:\WINDOWS.0\system32\cmtxga.dll
C:\WINDOWS.0\system32\comsa32.sys
C:\WINDOWS.0\system32\drmgs.sys
C:\WINDOWS.0\system32\emtmnfwl.ini
C:\WINDOWS.0\system32\fcccaxuR.dll
C:\WINDOWS.0\system32\gsryqrin.ini
C:\WINDOWS.0\system32\hmyawlix.dll
C:\WINDOWS.0\system32\hognbz.dll
C:\WINDOWS.0\system32\iefltr.dll
C:\WINDOWS.0\system32\intefl.dll
C:\WINDOWS.0\system32\ismxktco.dll
C:\WINDOWS.0\system32\ldhowhfk.dll
C:\WINDOWS.0\system32\ljJCrstu.dll
C:\WINDOWS.0\system32\lwfnmtme.dll
C:\WINDOWS.0\system32\mcrh.tmp
C:\WINDOWS.0\system32\mdhhjjka.dll
C:\WINDOWS.0\system32\nirqyrsg.dll
C:\WINDOWS.0\system32\nnkketvk.dll
C:\WINDOWS.0\system32\nvfgbfso.ini
C:\WINDOWS.0\system32\nwwlqlxy.dll
C:\WINDOWS.0\system32\oqgehjdr.dll
C:\WINDOWS.0\system32\osfbgfvn.dll
C:\WINDOWS.0\system32\pwtoyvuy.ini
C:\WINDOWS.0\system32\qoMeEWNd.dll
C:\WINDOWS.0\system32\qoMgfCvt.dll
C:\WINDOWS.0\system32\qxotsjcl.dll
C:\WINDOWS.0\system32\rybmqkxt.dll
C:\WINDOWS.0\system32\sfqluy.dll
C:\WINDOWS.0\system32\tvCfgMoq.ini
C:\WINDOWS.0\system32\tvCfgMoq.ini2
C:\WINDOWS.0\system32\txkqmbyr.ini
C:\WINDOWS.0\system32\vynftkmw.ini
C:\WINDOWS.0\system32\wmktfnyv.dll
C:\WINDOWS.0\system32\ykodeswv.dll
C:\WINDOWS.0\system32\zkpofq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING


((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 19:57 . 2008-08-13 19:57 2,048 --a------ C:\WINDOWS.0\system32\dqohxgcw.exe
2008-08-13 18:56 . 2008-08-13 18:56 2,048 --a------ C:\WINDOWS.0\system32\ebtpnrst.exe
2008-08-05 18:58 . 2008-08-05 18:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 18:53 . 2008-08-05 18:53 2,048 --a------ C:\WINDOWS.0\system32\mvnmtdrg.exe
2008-08-01 16:41 . 2008-08-01 16:41 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Teleca
2008-08-01 16:39 . 2008-08-01 16:39 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-29 23:16 . 2008-07-29 23:16 <DIR> d-------- C:\VundoFix Backups
2008-07-29 23:16 . 2008-07-29 23:16 <DIR> d-------- C:\Program Files\VundoFix (antivirus)
2008-07-27 18:51 . 2008-07-27 18:51 97 --a------ C:\WINDOWS.0\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 02:42 96,256 ----a-w C:\WINDOWS.0\system32\drivers\sptd0157.sys
2008-07-27 18:56 --------- d-----w C:\Program Files\Avast Antivirus
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS.0\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS.0\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS.0\system32\drivers\tcpip6.sys
2007-08-11 17:24 47,360 -c--a-w C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\pcouffin.sys
2007-03-18 04:16 37,860,928 -c--a-w C:\Program Files\Ipod.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:27 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45 98304]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-06-23 16:49 7626752]
"MCC"="C:\Program Files\Multimedia Control Center\MCC.exe" [2006-01-20 17:48 2019840]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57 133016]
"LVCOMSX"="C:\WINDOWS.0\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2006-06-23 16:49 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15504:TCP"= 15504:TCP:BitComet 15504 TCP
"15504:UDP"= 15504:UDP:BitComet 15504 UDP
"14254:TCP"= 14254:TCP:BitComet 14254 TCP
"14254:UDP"= 14254:UDP:BitComet 14254 UDP

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS.0\system32\drivers\MtxDma0.sys [2002-07-10 00:33]
R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 12:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
S0 si3114;si3114;C:\WINDOWS.0\system32\drivers\si3114.sys [2004-05-12 08:04]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS.0\system32\DRIVERS\SE31bus.sys [2006-05-01 05:56]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS.0\system32\DRIVERS\se31nd5.sys [2006-05-01 14:56]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS.0\system32\DRIVERS\se31unic.sys [2006-05-01 13:56]
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-5408046f - C:\WINDOWS.0\system32\rybmqkxt.dll
HKLM-Run-BM573b37f3 - C:\WINDOWS.0\system32\nnkketvk.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Mozilla\Firefox\Profiles\4meeuupi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 20:44:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2008-08-13 20:47:26 - machine was rebooted [JOHN]
ComboFix-quarantined-files.txt 2008-08-14 02:47:22

Pre-Run: 114,569,166,848 bytes free
Post-Run: 114,735,742,976 bytes free

250 --- E O F --- 2008-07-25 06:16:58

Phanman
2008-08-14, 06:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Multimedia Control Center\MCC.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5408046f] rundll32.exe "C:\WINDOWS.0\system32\rybmqkxt.dll",b
O4 - HKLM\..\Run: [BM573b37f3] Rundll32.exe "C:\WINDOWS.0\system32\nnkketvk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS.0\PSEXESVC.EXE (file missing)

--
End of file - 7540 bytes



One other thing, I am still unable to remove avast from the add/remove program...

Thanks in advance Blade!!!

Blade81
2008-08-14, 08:23
Hi


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Start hjt, do a system scan, check (if found):
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O4 - HKLM\..\Run: [5408046f] rundll32.exe "C:\WINDOWS.0\system32\rybmqkxt.dll",b
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS.0\system32\nnkketvk.dll",s

Close browsers and fix checked.


Open notepad and copy/paste the text in the quotebox below into it:



Driver::
PSEXESVC

File::
C:\WINDOWS.0\system32\dqohxgcw.exe
C:\WINDOWS.0\system32\ebtpnrst.exe
C:\WINDOWS.0\system32\mvnmtdrg.exe
C:\WINDOWS.0\PSEXESVC.EXE

Folder::
C:\VundoFix Backups

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15504:TCP"=-
"15504:UDP"=-
"14254:TCP"=-
"14254:UDP"=-



Save this as
CFScript

[B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner). Post back its report, a fresh hjt log and above meantioned ComboFix resultant log.

Phanman
2008-08-15, 17:33
ComboFix 08-08-14.02 - JOHN 2008-08-14 23:33:39.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.650 [GMT -6:00]
Running from: C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS.0\PSEXESVC.EXE
C:\WINDOWS.0\system32\dqohxgcw.exe
C:\WINDOWS.0\system32\ebtpnrst.exe
C:\WINDOWS.0\system32\mvnmtdrg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@adultfriendfinder[1].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@futureshop[1].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@hb.autodesk[1].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@metacafe[1].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@revsci[2].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@shopzilla[2].txt
C:\Documents and Settings\JOHN.V-A03C621E02B44\Cookies\john@youtube[2].txt
C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[2].txt
C:\WINDOWS.0\system32\dllcache\npptools.dll
C:\WINDOWS.0\system32\npptools.dll
.
---- Previous Run -------
.
C:\VundoFix Backups
C:\WINDOWS.0\system32\dqohxgcw.exe
C:\WINDOWS.0\system32\ebtpnrst.exe
C:\WINDOWS.0\system32\mvnmtdrg.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-05 18:58 . 2008-08-05 18:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 16:41 . 2008-08-01 16:41 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Teleca
2008-08-01 16:39 . 2008-08-01 16:39 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-29 23:16 . 2008-07-29 23:16 <DIR> d-------- C:\Program Files\VundoFix (antivirus)
2008-07-27 18:51 . 2008-07-27 18:51 97 --a------ C:\WINDOWS.0\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 02:42 96,256 ----a-w C:\WINDOWS.0\system32\drivers\sptd0157.sys
2008-07-27 18:56 --------- d-----w C:\Program Files\Avast Antivirus
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS.0\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS.0\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS.0\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS.0\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS.0\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS.0\system32\drivers\tcpip6.sys
2007-08-11 17:24 47,360 -c--a-w C:\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\pcouffin.sys
2007-03-18 04:16 37,860,928 -c--a-w C:\Program Files\Ipod.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:27 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45 98304]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-06-23 16:49 7626752]
"MCC"="C:\Program Files\Multimedia Control Center\MCC.exe" [2006-01-20 17:48 2019840]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57 133016]
"LVCOMSX"="C:\WINDOWS.0\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2006-06-23 16:49 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS.0\system32\drivers\MtxDma0.sys [2002-07-10 00:33]
R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 12:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
S0 si3114;si3114;C:\WINDOWS.0\system32\drivers\si3114.sys [2004-05-12 08:04]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS.0\system32\DRIVERS\SE31bus.sys [2006-05-01 05:56]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS.0\system32\DRIVERS\se31nd5.sys [2006-05-01 14:56]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS.0\system32\DRIVERS\se31unic.sys [2006-05-01 13:56]
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 23:35:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 23:36:34
ComboFix-quarantined-files.txt 2008-08-15 05:36:22
ComboFix2.txt 2008-08-14 02:47:27

Pre-Run: 118,545,891,328 bytes free
Post-Run: 118,544,654,336 bytes free

124 --- E O F --- 2008-08-14 03:24:02


Kasperksy online scanner is still runnning after 7hrs. I didnt know if you wanted the scan for just the critical areas, or my computer. So I ran it from my computer. Once this finishes I will post the results as well as HJT.

Blade81
2008-08-15, 20:18
I didnt know if you wanted the scan for just the critical areas, or my computer. So I ran it from my computer.That's what I wanted to be scanned :)

Phanman
2008-08-16, 10:45
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 15, 2008 07:11:49
Records in database: 1094474
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 87862
Threat name: 20
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 14:41:09


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS.0\system32\awttqqpQ.dll.vir Infected: Trojan-Downloader.Win32.Agent.xxa 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\beryoegb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aegv 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\cmtxga.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cdy 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\fcccaxuR.dll.vir Infected: Trojan-Downloader.Win32.Agent.xxa 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\hmyawlix.dll.vir Infected: Trojan.Win32.Monder.awh 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\hognbz.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aegv 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\iefltr.dll.vir Infected: Trojan.Win32.BHO.eya 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\intefl.dll.vir Infected: Trojan.Win32.BHO.eya 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\ismxktco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\ldhowhfk.dll.vir Infected: Trojan.Win32.Monder.dlr 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\ljJCrstu.dll.vir Infected: Trojan-Downloader.Win32.Agent.xxa 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\lwfnmtme.dll.vir Infected: Trojan.Win32.Monder.dkd 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\mdhhjjka.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\nirqyrsg.dll.vir Infected: Trojan.Win32.Monder.bis 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\nnkketvk.dll.vir Infected: Trojan.Win32.Monder.fky 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\nwwlqlxy.dll.vir Infected: Trojan.Win32.Monder.bmc 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\oqgehjdr.dll.vir Infected: Trojan.Win32.Monder.awh 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\osfbgfvn.dll.vir Infected: Trojan.Win32.Monder.ctz 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\qoMgfCvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.adrb 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\qxotsjcl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cdy 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\rybmqkxt.dll.vir Infected: Trojan.Win32.Monder.fkm 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\wmktfnyv.dll.vir Infected: Trojan.Win32.Monder.bde 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\ykodeswv.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\QooBox\Quarantine\C\WINDOWS.0\system32\zkpofq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\QooBox\Quarantine\catchme2008-08-13_204037.84.zip Infected: Trojan-Downloader.Win32.Agent.xxa 1
C:\WINDOWS\system32\drivers\etc\yes16\OS32.ini Infected: Backdoor.IRC.Cloner.p 1
C:\WINDOWS\system32\drivers\etc\yes16\pnc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat 1
C:\WINDOWS\system32\drivers\etc\yes16\spsexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 1
C:\WINDOWS.0\system32\asck.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.y 1

The selected area was scanned.







++++++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:43 AM, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Multimedia Control Center\MCC.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8068 bytes

Blade81
2008-08-16, 19:28
Hi

Delete following files:
C:\WINDOWS.0\system32\asck.exe

and folders if found:
C:\WINDOWS\system32\drivers\etc\yes16

Post a fresh hjt log. How's the system running?

Phanman
2008-08-17, 01:59
The system is running great now thx! But just wondering how I would be able to remove Avast antivirus from the list in Add/Remove programs from the control panel? When I click on it, it doesnt do anything.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:25 PM, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Multimedia Control Center\MCC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-343818398-1078081533-725345543-501\..\Run: [BM573b37f3] Rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\nshchfex.dll",s (User 'Guest')
O4 - HKUS\S-1-5-21-343818398-1078081533-725345543-501\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-343818398-1078081533-725345543-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8619 bytes


Just wanted to say thanks alot for your help, I really appreciate your advise and saving my computer and alot of headache. :present:

John

Blade81
2008-08-17, 14:47
Hi

Start hjt, do a system scan, check:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe

Close browsers and fix checked.

Go to main menu in hjt and select "Open the Misc Tools section". Open uninstall manager, highlight Avast entry and click delete this entry. Close hjt.


Creating & executing batch file
-------------------------------

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File))
@echo off
sc stop aswUpdSv
sc delete aswUpdSv
sc stop "avast! Antivirus"
sc delete "avast! Antivirus"
sc stop "avast! Mail Scanner"
sc delete "avast! Mail Scanner"
sc stop "avast! Web Scanner"
sc delete "avast! Web Scanner"

Double-click on fixes.bat file to execute it.

Delete following folder:
C:\Program Files\Avast Antivirus

Post a fresh hjt log.


Note: You need to install some other antivirus program to replace removed Avast.

Phanman
2008-08-18, 04:39
Hi Blade,

New HKT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:35 PM, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Multimedia Control Center\MCC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8863 bytes


[B]Note:

I am unable to remove the following within HJT after check marking clicking and clicking on fix.

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe

Also when trying to delete C:\Program Files\Avast Antivirus Im unable to, as it states:

Error Deleting File or Folder
Cannot delete Aaum4h.dll: Access is denied.
Make sure that the disk is not full or write=protected and that the file is not in use.
Im currently running AVG antivirus.

Thanks,
John

Blade81
2008-08-18, 07:51
Hi John,

Click start -> run & write services.msc. Click ok.

Find Avast related services on the list then do following steps for each of those three services:
1. Right click on service name and select properties.
2. Click stop and select startup type disabled. Click apply & ok.

Reboot and try deleting C:\Program Files\Avast Antivirus folder. Post a fresh hjt log.

Phanman
2008-08-19, 08:39
Hey Blade,

Im able to stop the avast programs, but unable to disable them.. says access is denied.

Also still unable to delete C:\Program Files\Avast Antivirus folder, it still states:

Error Deleting File or Folder
Cannot delete Aaum4h.dll: Access is denied.
Make sure that the disk is not full or write=protected and that the file is not in use.


Fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:40 PM, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Multimedia Control Center\MCC.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8794 bytes

Blade81
2008-08-19, 08:44
Hi

Let's see if this works.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Program Files\Avast Antivirus


Return to OTMoveIt2, right click in the
Paste Standard List of Files/Folders to Move
window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Phanman
2008-08-19, 18:32
Hi Blade,

Here are the results... did everything including the reboot to no avail. Quite the little bugger.


Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08192008_092523

Files moved on Reboot...
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avast Antivirus scheduled to be moved on reboot.

Blade81
2008-08-19, 21:20
Hi

In that case maybe try following steps:
1. Uninstall AVG 7
2. Reinstall Avast
3. Uninstall Avast
4. Reinstall AVG 7

Phanman
2008-08-20, 08:55
Hi Blade,

Are you sure about that? I was unable to uninstall avast when it was up and running. Also when I installed avast I got the virtumonde virus.

If your sure then I will try that, but ill wait for your response.

Cheers,
John

Blade81
2008-08-20, 09:04
Hi

Yes, I think reinstalling is worth trying since the infection probably harmed something earlier causing uninstall failure. You won't get vundo if you use official source for Avast! (http://www.avast.com/eng/download-avast-home.html).

Phanman
2008-08-20, 09:09
I just tried to cleaning the folder using OTMoveIt2 and I believe it says it was successfully deleted, but the C:\Program Files\Avast Antivirus file still exists and still wont delete :sad:

Anyways here is the log file that was created. Hope this helps if nothing else....


File/Folder avenger.zip not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
C:\WINDOWS.0\erdnt\subs folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000006 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000005 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000004 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000003 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000002 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users\00000001 folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup\Users folder deleted successfully.
C:\WINDOWS.0\erdnt\Hiv-backup folder deleted successfully.
C:\WINDOWS.0\erdnt folder deleted successfully.
C:\QooBox\Quarantine\Registry_backups folder deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.0\system32\dllcache folder deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.0\system32 folder deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.0 folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Cookies folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\TravelSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ToolbarLogo folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Toolbar folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchMatch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\SearchAssistPlus folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ScreensaversMarketingSitePager folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\RelatedSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Pranks folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Movies folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Manager folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Layouts folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\JokeSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Games folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\ErrorSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\EntertainmentMarketingSP folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\Configurator folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347\BrowserSearch folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Starware347 folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\macromedia.com\support folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\macromedia.com folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\#SharedObjects\6VTRVH3V\interclick.com folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\#SharedObjects\6VTRVH3V folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player\#SharedObjects folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia\Flash Player folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data\Macromedia folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44\Application Data folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\JOHN.V-A03C621E02B44 folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\John\Cookies folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\John folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\SimpleUpdate folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\ScreensaversMarketingSitePager\images\active folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\ScreensaversMarketingSitePager\images folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\ScreensaversMarketingSitePager folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Movies\images\active folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Movies\images folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Movies folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Games\images\active folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Games\images folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\Games folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\EntertainmentMarketingSP\images\active folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\EntertainmentMarketingSP\images folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\EntertainmentMarketingSP folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\contexts folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347\buttons folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data\Starware347 folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0\Application Data folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS.0 folder deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings folder deleted successfully.
C:\QooBox\Quarantine\C folder deleted successfully.
C:\QooBox\Quarantine folder deleted successfully.
C:\QooBox\BackEnv folder deleted successfully.
C:\QooBox folder deleted successfully.
Service not present: catchme.
Service not present: gmer.
File delete failed. C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\Setup\INF\IA64 folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\Setup\INF\AMD64 folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\Setup\INF folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\Setup folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\images folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\HtmlData folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\ENGLISH\HtmlData folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\ENGLISH\HELP folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\ENGLISH folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\Skin folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\report folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\moved folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\log folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\journal folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\integ folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\chest folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA\backup folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus\DATA folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files\Avast Antivirus folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058\Program Files folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_093058 folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\Setup\INF\IA64 folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\Setup\INF\AMD64 folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\Setup\INF folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\Setup folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\images folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\HtmlData folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\ENGLISH\HtmlData folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\ENGLISH\HELP folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\ENGLISH folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\Skin folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\report folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\moved folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\log folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\journal folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\integ folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\chest folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA\backup folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus\DATA folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files\Avast Antivirus folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523\Program Files folder deleted successfully.
C:\_OTMoveIt\MovedFiles\08192008_092523 folder deleted successfully.
C:\_OTMoveIt\MovedFiles folder deleted successfully.
C:\_OTMoveIt folder deleted successfully.
File delete failed. C:\Documents and Settings\JOHN.V-A03C621E02B44\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.


Cheers,
John

Blade81
2008-08-20, 09:46
Hi

Please see my reply above in case you missed it.

Phanman
2008-08-22, 10:05
Hey Blade,

Sorry for the delay...
Well I uninstalled AVG and reinstalled Avast from the link you provided and well Im now unable to uninstall Avast again from Add/Remove programs. When i try to click on the uninstall button, nothing happens like before. Also my internet explore has slowed down again.

Here is a fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:34 AM, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Multimedia Control Center\MCC.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast Antivirus\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8005 bytes

Blade81
2008-08-22, 10:41
Hi

Please try official Avast! uninstall utility (http://www.avast.com/eng/avast-uninstall-utility.html).

Phanman
2008-08-24, 01:00
Hey Blade,

when i try to run that software I get this message:

The avast! self protection module is enabled. For this reason, the operation cannot be completed.

To complete the operation, either run this program in safe mode, or disable the avast! self protection (via settings -> Troubleshooting page).


I disabled the avast self protection, but I still get this message. Not to sure how to run in safe mode.

Thanks,
John

Blade81
2008-08-24, 11:02
Hi

Instructions to get into safe mode can be found here (http://www.computerhope.com/issues/chsafe.htm#02).

Phanman
2008-08-24, 12:41
Thx for all the help Blade, again I really appreciate it. Looks like everything is working great now and I was finally able to uninstall that Avast folder.

Here is a final HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:17 AM, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Multimedia Control Center\MCC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCC] C:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS.0\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1218779176_c5cc5e20d145251a4dcfa8589ff3da31&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8430 bytes


Cheers!!!!

Blade81
2008-08-24, 12:48
You're welcome :)

Log looks indeed good now. Guess we're ready for archiving the topic?

Blade81
2008-08-31, 12:32
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.