[amm007]

========== FILES ==========
C:\Documents and Settings\Adrian\Searched moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Adrian\LOCALS~1\Temp\etilqs_qUi0LJcUwEfc8pcch5DC scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrian\LOCALS~1\Temp\Perflib_Perfdata_664.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrian\LOCALS~1\Temp\~DF46A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrian\LOCALS~1\Temp\~DFA4D8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_15c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\1227850Ad01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\60B13B04d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01222009_171826


Still, task manager is disabled. But I noticed this: immediately after the welcome screen, i tried ctrl alt del and it opens. after startup programs start to open, task mgr is now disabled and from the run command, it says that another program is running it. Maybe we have missed something from the start up programs.Still, AVG update continues to prompt for restart unnecessarily.

[Advertisements]

OK then some progress albeit small

We will now do a deep search of your processes and files

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[Essexboy]

OK then some progress albeit small

We will now do a deep search of your processes and files

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[amm007]

first log here. G2G upload doesn't work well. i'll post the second log, hopefully, by tomorrow.

[amm007]

2nd log uploaded here.

[Essexboy]

I am removing the Nvidia file as it is running from the wrong location and is suspect



AVZ FIX

• Double click on AVZ.exe
  
• Click File > Custom scripts
  
• Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
  

  begin
   TerminateProcessByName('c:\documents and settings\adrian\nview.exe');
   DeleteFile('c:\documents and settings\adrian\nview.exe');
   BC_DeleteFile('c:\documents and settings\adrian\nview.exe');
   DeleteFile('C:\Documents and Settings\Adrian\nview.exe');
   BC_DeleteFile('C:\Documents and Settings\Adrian\nview.exe');
  end.

• Note: When you run the script, your PC will be restarted
  
• Click Run
  
• Restart your PC if it doesn't do it automatically.

ON COMPLETION

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach the zip file to your next post


Apart from that I can see no apparent malware so it looks like it may be a system problem. I will check that out next

I believe we can find this in either the startup or the services.
Ok, so lets see if we can find the culprit!
Note: This process might take a while and requires multiple reboots.

• Go to start and hit run
• In the white box type msconfig
• A window will pop up, go to the Startup Tab.
• In the bottom right, select Disable All
• Please reboot the computer.
• Follow steps 1 to 3 again.
• Now turn on 1 or 2 startups and reboot again.
• Keep doing this until your problem comes back.
• Once the problem comes back it should be the program you turned on Last.
• Please tell me which program this was and how the whole process went.

(It is also possible of course that it still keeps giving the problem. Report back and we'll move on to the services.)

[amm007]

log here

i found the culprit. it is nview.exe. i am very familiar with my system startups and found it unusual hence when i disabled it the task mgr went well.still avg update functionality has the problems.

Edited by amm007, 26 January 2009 - 06:07 AM.

[Essexboy]

That looks OK now. What sort of problems are you having with AVG?

[amm007]

it keeps on prompting me that i have to restart my computer to update. however i think this is not necessary as this happens every startup and every time i click on update. as for the nview.exe, wouldn't we remove it from its location?

[Essexboy]

Ref AVG I would recommend a total uninstal and then re-install a fresh copy as it appears to have a glitch

The Nview file should not be in a temp file there is probably a copy in the sys32 folder which the programme iuuses.

Try that and let me know your progress

[amm007]

I cannot find the nview in the system32 folder nor when I searched my hard disks. what antivirus do you recommend? can you recommend an antivirus that is free and better than AVG in the aspect of taking up memory space. avg seems to lag my computer memory too much.

[Essexboy]

This is the one I use and it is light, after you download the programme disconnect from the net and uninstall AVG first. If you could post the boot log on completion

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the @ in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

• Scan all local disks
• scan archive files
• click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

[amm007]

02/01/2009 10:37
Scan of all local drives

File C:\System Volume Information\_restore{1BA8D36B-CC91-4A33-9DB5-65899FB9C55E}\RP4\A0009192.exe is infected by Win32:VB-FXE [Trj], Moved to chest
Number of searched folders: 4852
Number of tested files: 133347
Number of infected files: 1

[Essexboy]

Well that looks clean - are you experiencing any further problems ?

[amm007]

we haven't deleted nview yet. along the process, i have glimpsed that the "searched" folder where trojan downloaded mp3's are scanned via the avast boot scan. can we check it? i am not certain though if the one I saw was the one we previously contained with otmoveit.

[Essexboy]

Sure go to explorer and right click the folder and select @ scan (folder name) Avast will then scan all files within that folder

Nview in the temp folder was deleted by AVZ