Howard & rahul thanks for staying with me.
like i said i went through all of the steps and here are most of the logs. for some reason i couldn't get to the Nod32 log in safe mode and now i can't seem to find it. but as far as i remember there were no special findings exept for a list of files which are considered by the av as 'locked'.
so you can check out the logs while i do what Howard wrote.
it wouldn't let me attach more than 5.
the root kit didn't find a thing.
the 3 tools didn't either.
deleted all the quarintined files in avg anti-spyware.
didn't find the service.
the processes weren't there.
found and fixed these two:
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
didn't find the files in the system32 folder but i did find C:\WINDOWS\System32\wbem\scrcons.exe - i renamed it. is that ok? should i leave it that way?
i deleted all the entries in the registry.
bty this file: avgas.exe (which is also seen on the HJT log) keeps asking for permission to connect to the web everytime i start windows. should i allow it?
there are 2 HJT logs - one from during the steps you asked and the 2nd from after.
i'll give you the AVG log later 'cause i'm dead tired and going to hit the sack.
i've been trying to do some windows upgrading and for some reason the application can't connect to the net. just now i tried again and i was asked by comodo to allow some file to connect. i allowed it but then i was asked again and i realize that the file dvdupgrd.exe was involved. so i tried committing the file for analysis (do i get the results ?) and something wouldn't let the file get through.
i don't know if this is of any importance but i'm letting you know anyway.
good night
like i said i went through all of the steps and here are most of the logs. for some reason i couldn't get to the Nod32 log in safe mode and now i can't seem to find it. but as far as i remember there were no special findings exept for a list of files which are considered by the av as 'locked'.
so you can check out the logs while i do what Howard wrote.
it wouldn't let me attach more than 5.
the root kit didn't find a thing.
the 3 tools didn't either.
deleted all the quarintined files in avg anti-spyware.
didn't find the service.
the processes weren't there.
found and fixed these two:
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
didn't find the files in the system32 folder but i did find C:\WINDOWS\System32\wbem\scrcons.exe - i renamed it. is that ok? should i leave it that way?
i deleted all the entries in the registry.
bty this file: avgas.exe (which is also seen on the HJT log) keeps asking for permission to connect to the web everytime i start windows. should i allow it?
there are 2 HJT logs - one from during the steps you asked and the 2nd from after.
i'll give you the AVG log later 'cause i'm dead tired and going to hit the sack.
i've been trying to do some windows upgrading and for some reason the application can't connect to the net. just now i tried again and i was asked by comodo to allow some file to connect. i allowed it but then i was asked again and i realize that the file dvdupgrd.exe was involved. so i tried committing the file for analysis (do i get the results ?) and something wouldn't let the file get through.
i don't know if this is of any importance but i'm letting you know anyway.
good night