need some experts on this!!

HijackThis log

To fix an entry in HjT, put a check in the box next to the entry
go to left bottom corner and click Fix Checked

Here is yr trojan downloader - Fix checked
O4 - HKCU..\Run: [EWABQAF7KL] C:\Users\John\AppData\Local\Temp\Ujx.exe

This one will slow down yr computer - fix checked
O13 - Gopher Prefix:

browser online games - you should know the program
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

OTL log

the following entry directs to the virus -

========== Processes (SafeList) ==========

PRC - [2010/07/06 17:53:23 | 000,163,840 | ---- | M] () – C:\Users\John\AppData\Local\Temp\Ujx.exe

also in memory properties, the page file entry - not that familiar with OTL, someone else
Paging file location(s): ?:\pagefile.sys [binary data]
Edit - okay I been to OTL to look now and this entry is normal running

Thank you mkis and and SafeSurf, and others you guys are very helpful in showing step by step of removing viruses. ;D ;D;

avast forums is the best in helping others… :wink: :wink:

Follow these destructions

http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[
] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
[] IAT/EAT
[
] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select Scan all users
[*]Under the Custom Scan box paste this in


netsvcs
drivers32 /all
%SYSTEMDRIVE%*.*
%systemroot%\system32*.wt
%systemroot%\system32*.ruy
%systemroot%\Fonts*.com
%systemroot%\Fonts*.dll
%systemroot%\Fonts*.ini
%systemroot%\Fonts*.ini2
%systemroot%\system32\spool\prtprocs\w32x86*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86*.dll
%systemroot%\REPAIR*.bak1
%systemroot%\REPAIR*.ini
%systemroot%\system32*.jpg
%systemroot%*.scr
%systemroot%*._sy
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach all logs

jpmartin,

Thank you for letting us fix your problem. :slight_smile: Would you like to give Avast another try since we fixed your problem?

Here are the links to the downloads for the latest versions of Avast 5.0.594:

Freehttp://files.avast.com/iavs5x/setup_av_free.exe
Prohttp://files.avast.com/iavs5x/setup_av_pro.exe
AIShttp://files.avast.com/iavs5x/setup_ais.exe

Thank you to the other Evangelists who assisted in this situation as well.

McAfee Could be conflicting with Avast also you need to get rid of all old left over crap that security programmes leave behind.

SHARKY7SHARKY,

mcaffee has already been addressed with the OP. However the priority is for the OP to remove the virus first, which he understands how to do. Thank you for your input. :wink: