Hi,

here’s an Analysis:
http://hijackthis.de/logfiles/54c09632ff7c9a6c63b52185c3a3ec0f.html


Read the link “VirusRemoval” below in my sig and:

  • disable system restore
  • reboot to safeMode
  • check & fix the items in Hijackthis that are marked RED in above analysis

reboot again in safeMode and scan these files with avast:
O4 - HKLM..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM..\RunServices: [blah service] winupdate.exe

if uptodate avast doesn’t recognize them, please move them to a password-protected ZIP- or RAR-archive, and email them to avast with short explanation; and Archive-password in the mailtxt of course…

otherwise just move them to avast chest, or delete them

reboot normally,
do a full thorough scan with avast with archive scanning enabled
also do Onlinescans with Trend & RAV
post a new hijackthis-Log

P.S.: test the file
D:\Resources\IntraLaunch.CAB
Online with Trend, RAV & KAV
→ if they detect anything, but avast with archive scannign doesn’t → submit it to avast and delete it, else keep it…

Read in “VirusRemoval” on how to secure your system better !!!
:wink: