Hi there. I've recently been reading through your forums and noticed your help section. I've looked through over many different so called ways to rid my computer of this WinAvXX.exe infection, using Combofix, Smitfraudfix etc. etc. Though I don't believe that I'm taking proper steps to aid in it's full removal. So more or less, I'm looking for a more indepth step by step if you will.

Your help would be muchly appreciated.

Hello Savagethorn

Welcome to G2Go.
============================
* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Here is the HJT log as asked for. Though there appears to be no abnormalities in it, my control panel random disappears from day to day. Along with other users being unable to change the time or open regedit regardless of computer administrator status. It's rather frustrating I must admit...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2007-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Jonathan\My Documents\My Apps\HiJackThis.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1194601416576
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://plato.sd28.bc.ca/Pathways/pway_iis....ab/pwlninst.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5125 bytes

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Here's the log dss.exe generated, though I never got an extra.txt as you said there would be.

Deckard's System Scanner v20071014.68
Run by Jonathan on 2007-12-23 18:05:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05, on 2007-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Desktop\dss.exe
C:\DOCUME~1\Jonathan\MYDOCU~1\MYAPPS~1\Jonathan.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1194601416576
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://plato.sd28.bc.ca/Pathways/pway_iis....ab/pwlninst.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5191 bytes

-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 13:59:40 0 d-------- C:\Program Files\Cleaning Programs
2007-12-23 13:32:49 7680 --a------ C:\WINDOWS\system32\WinAvXX.exe
2007-12-23 13:32:49 7680 --a------ C:\WINDOWS\system32\printer.exe
2007-12-22 20:45:19 0 d-------- C:\Documents and Settings\Jonathan\Application Data\acccore
2007-12-22 20:29:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-22 20:28:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-22 20:28:01 0 d-------- C:\Program Files\Viewpoint
2007-12-22 20:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-22 20:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-22 20:27:02 0 d-------- C:\Program Files\Common Files\AOL
2007-12-22 20:26:43 0 d-------- C:\Program Files\AIM6
2007-12-19 23:12:00 0 d-------- C:\!KillBox
2007-12-19 22:54:09 0 d--hs---- C:\WINDOWS\CSC
2007-12-19 21:08:26 0 d-------- C:\Documents and Settings\Jonathan\.housecall6.6
2007-12-19 17:40:40 0 d-------- C:\Program Files\SpywareBlaster
2007-12-19 17:12:17 0 d-------- C:\Program Files\SpywareGuard
2007-12-19 15:53:55 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-19 15:53:55 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-19 15:53:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-19 15:53:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-19 15:53:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-19 15:53:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-17 23:15:32 0 d-------- C:\Program Files\OTS Software
2007-12-17 21:42:47 0 d-------- C:\Program Files\VIA
2007-12-16 23:38:10 0 d-------- C:\Program Files\Pluto Client
2007-11-27 16:14:24 0 d-------- C:\Program Files\C-Media
2007-11-27 16:07:30 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-11-27 16:07:29 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-11-27 01:00:39 0 d-------- C:\Documents and Settings\All Users\Application Data\eurotalk
2007-11-27 00:58:39 0 d-------- C:\Documents and Settings\Jonathan\Application Data\EuroTalk
2007-11-27 00:58:35 0 d-------- C:\Program Files\EuroTalk
2007-11-27 00:34:55 0 d-------- C:\WINDOWS\PaltalkScene
2007-11-27 00:34:55 0 d-------- C:\Program Files\Paltalk Messenger


-- Find3M Report ---------------------------------------------------------------

2007-12-22 20:27:02 0 d-------- C:\Program Files\Common Files
2007-12-19 15:33:01 838 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 11:08:31 0 d-------- C:\Program Files\utorrent
2007-11-27 16:07:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 12:50:39 0 d-------- C:\Program Files\EphPod
2007-11-20 12:50:37 0 d-------- C:\Program Files\Diablo II
2007-11-19 19:23:15 0 d-------- C:\Program Files\MSXML 6.0
2007-11-18 14:21:23 0 d-------- C:\Program Files\Messenger
2007-11-17 16:13:24 243 --a------ C:\WINDOWS\system32\plutoreg.bat
2007-11-17 15:01:09 0 d-------- C:\Program Files\eGames
2007-11-14 12:45:32 1481063 --a------ C:\TriviaMachine.dat
2007-11-13 22:29:11 0 d-------- C:\Program Files\TuneUp Utilities 2004
2007-11-13 22:14:28 0 d-------- C:\Documents and Settings\Jonathan\Application Data\WinRAR
2007-11-11 22:24:55 0 d-------- C:\Program Files\GameHouse
2007-11-10 17:26:07 0 d-------- C:\Program Files\MSN Messenger
2007-11-10 17:10:02 0 d-------- C:\Program Files\Movie Maker
2007-11-10 17:01:38 0 d-------- C:\Program Files\Windows NT
2007-11-09 12:57:21 0 d-------- C:\Documents and Settings\Jonathan\Application Data\uTorrent
2007-11-09 12:29:47 0 d-------- C:\Program Files\Cablenut
2007-11-08 17:46:29 0 d-------- C:\Program Files\IMVU
2007-11-08 01:16:51 0 d-------- C:\Program Files\Chips Challange
2007-11-08 01:10:07 0 d-------- C:\Program Files\Common Files\NetIntellGames Shared
2007-11-07 09:36:31 0 d-------- C:\Program Files\Conquest Frontier Wars
2007-11-01 23:58:43 0 d-------- C:\Program Files\Team17
2007-11-01 23:53:54 47104 --a------ C:\WINDOWS\system32\KMVIDC32.DLL
2007-11-01 00:18:08 0 d-------- C:\Documents and Settings\Jonathan\Application Data\iWin
2007-10-17 20:44:20 32653 --a------ C:\WINDOWS\scunin.dat
2007-10-17 20:44:18 967 --a------ C:\WINDOWS\ScUnin.pif
2007-10-17 20:44:18 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-10-16 21:19:55 59 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-07-20 20:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-11 22:50 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-13 21:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" [2004-11-17 17:44]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CountrySelection]
pctptt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"




-- End of Deckard's System Scanner: finished at 2007-12-23 18:06:32 ------------

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\WinAvXX.exe
  C:\WINDOWS\system32\printer.exe
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
  Click "Exit" to close OTMoveIt.
  
  **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
  C:\_OTMoveIt\MovedFiles\********_******.log
  (where "********_******" is the "date_time")

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.

• It will ask if you want to update the program definitions, click Yes.
• Under Configuration and Preferences, click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked:
• Close browsers before scanning
• Scan for tracking cookies
• Scan for Alternate Data streams
• Terminate memory threats before quarantining.
• Please leave the others unchecked.
• Click the Close button to leave the control center screen.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then run Superantispyware.

• Double click on the icon to start Superantispyware.
• On the main screen, under Scan for Harmful Software click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right, under Complete Scan, choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.

1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log and the OTMove it log.

Well, that did it. Thanks.

There possibly may be more left can you please post those logs I asked for.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.