problem--can't get onto recommended malware removal sites

[shag]

i browsed this forum and noticed my problem was similar to the one here:
http://www.computerhope.com/forum/index.php/topic,69573.0.html

so, my problem: i wasn't thinking and ran a downloaded a program that i shouldn't have.  all of a sudden i had window open up that made itself look like a windows protection program of some sort.  i've also got a red circle with a white "x" on my toolbar which was not there before.

since then i've rebooted my computer, and at first i was worried that it wouldn't reboot.  it mostly got stuck at the "welcome" screen before the windows desktop appears.  finally windows booted fully--i'm not sure what, if anything, i did to make it work.

i've managed to get on this forum, but internet explorer cannot bring up a different forum i used for this type problem once in the past, nor can it get me to many of the downloads you recommend on the "before you post" page.  other than this, internet explorer seems to be working normally.

i tried to do what i could there, but since i've downloaded and installed avast! antivirus, the next step would normally be to reboot my computer.  i'm going to wait for an expert to give me the go-ahead on that, since i had so much trouble last time.

i do already have HJT, so here's a log i ran tonight:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:35 PM, on 11/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\dell\E-center\gtb2.exe
c:\dell\E-center\gtb.exe
c:\dell\E-center\gtb2.exe
C:\Documents and Settings\Chris\Desktop\New Folder\Scorpion.exe
c:\dell\E-center\gtb.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [XP Protection Center] "C:\Program Files\XPProtectionCenter\xpprotectioncenter.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: McAfee Application Installer Cleanup (0295681227241466) (0295681227241466mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Chris\LOCALS~1\Temp\029568~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[CBMatt]

We've been seeing a lot of this type of infection this week.  Lucky for you, we're not on the hit list of these infections, despite being one of the more dedicated forums.  Considering that the malware team currently consists of myself and one other person, the volume of infections we fight against is fairly high.  Anyway, enough about that, let's get to work on your problem...

If you change the filenames of MBAM and SAS, will they work then?  If so, install them and scan.  If not, move on to these instructions...

Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here, along with a new HijackThis log.  Note: Don't click on the window while it's running; this may cause stalls.

[shag]

okay, i think we've made a lot of progress here.

I downloaded SAS and MBAM (had to use another computer and a flash drive).  SAS worked when I renamed it, MBAM didn't.  SAS found some things, but the big problems (windows not booting, internet explorer not opening malware removal sites) were still there.

At this point MBAM still wouldn't work, so I moved on to combofix (i was only able to go to the download site after using a proxy server), so I did that.  I think combofix did the trick on whatever was causing my big problems.

After combofix did its thing, i was able to run MBAM and download its updates normally (no tricks needed any more) and it found one item.

Lastly, I ran HJT.

All the logs are attached in the order i mentioned them.

My computer seems to be running normally again, so thank you for the help.  If we've got this thing fixed then that's like the first good thing that has happened to me this week.

[Saving space - attachment deleted by admin]

[CBMatt]

Nice work!  In all honesty, your one of the best kinds of visitors we get around here.  You followed all of my steps and when you had trouble, you found a way around it.  And you got all of the logs posted in chronicle order.  Very nice.  Normally, I would get on your case for using game cracks (which are illegal and a very good way to get infected), but I'll let it slide this time because you've been so easy to work with so far.  You've still got a few infections, but we seem to have disinfected the worst of it, so it should be all downhill from here.

The first thing you need to do is open HijackThis and perform a scan without saving a log.  Place a checkmark next to this entry:
O4 - HKLM\..\Run: [ShowLOMControl]


Close all other windows and click on Fix Checked.  Verify that the entry has been removed.  If not, try it in Safe Mode.  Once you've done that, we're going to need to use ComboFix to remove a few more files.


Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\program files\XPProtectionCenter

File::
c:\windows\QTFont.qfn
c:\windows\QTFont.for
c:\windows\system32\olaqexuj.dat
c:\windows\system32\yqyrutaxuq.scr
c:\documents and settings\Chris\Application Data\ceto.dll
c:\windows\ypex.db
c:\windows\daledoza.ban
c:\windows\system32\ukuwaz.db
c:\windows\fefucewan.dat
c:\windows\system32\cunowoxub.lib
c:\program files\Common Files\eromuximi._sy
c:\program files\Common Files\qetalygag.ban
c:\windows\system32\drivers\jhyedcun.sys
c:\program files\XPProtectionCenter\xpprotectioncenter.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



Follow these below steps as well so I can ensure that your troublesome rootkit has been fully removed...

Please print these instructions as they will be needed later when Internet access is not available.
 
Download SDFix by AndyManchesta and save it to your desktop. http://www.bleepingcomputer.com/files/sdfix.php

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
 
Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply.

[shag]

i followed your directions with combofix--no issues.

sdfix was another story.  it did its thing and when i rebooted, it went on to the "finishing malware removal".  (actually, it didn't reboot correctly the first time, so i had to reboot again, and then type in "f" in that first command prompt.)  it said it could take "several minutes", but i gave it like 15 or 20 minutes and nothing seemed to be happening (my hard drive light was hardly flickering).  i tried running the "finish" thinger twice more, but with the same result.  so, no sdfix log for now.

when sdfix was running, it gave me constant error messages about a .dll file that must have been part of Avast! AV.  The story here is that I tried downloading Avast, but i could never get its license key to work, so i uninstalled it.   I decided i'd try again, maybe with a different antivirus program.  I haven't gotten to that yet (of the three you guys recommend, is there one you like the best?).  But I'm wondering if those errors (i told sdfix to ignore that file, i think) are causing the "finishing malware removal" problem.

Should I just wait longer?  And if I should, should I run the whole sdfix process again, or just the "finishing" part?  Does the finisher need to be run in safe mode?

Sorry for not describing the problem very well.  let me know what you want me to do.

[CBMatt]

Sorry for the delay; I had to deal with a power outage.

I haven't encountered a problem like this with SDFix, so we may need to try a couple of things to figure it out.  It's possible that the Avast installation is causing problems, but I can't be certain at this point.  Safe Mode might be a good idea.  Try running running the scan again in Safe Mode.  First try the finishing part, and if that still doesn't work, then try the entire scan.  If you receive error messages again, let me know exactly what they say.

[shag]

well, i got the sdfix finisher to work--in safe mode.  the report is attached.

was that last reply of yours directed to me?  didn't seem to follow in our line of conversation...but if you need to know, right now i'm running windows firewall.

[Saving space - attachment deleted by admin]

[CBMatt]

was that last reply of yours directed to me?  didn't seem to follow in our line of conversation...but if you need to know, right now i'm running windows firewall.

Sorry...no, that post wasn't directed at you.  In fact, I'm not entirely sure who it was meant for.  It's either a weird glitch or I managed to post it in the wrong spot (I sometimes have multiple threads open at once).  In any case, I've removed it to avoid confusion, and now I'll figure out where it belongs.  Heh.


Anyway, your SDFix log looks okay.  Just so I can see if we need to remove anything else, go ahead and post a new HijackThis log.  Also, if you're still having problems with Avast, perhaps this will help:
http://www.avast.com/eng/avast-uninstall-utility.html

[shag]

here's the hjt log.

[Saving space - attachment deleted by admin]

[CBMatt]

Alrighty, it looks clean.  Go ahead and remove ComboFix; go to Start > Run and type in combofix /u (note the space) and click OK.

How is your computer running now?  Did you try the removal tool above to see if it helps with your Avast issues?

[shag]

My computer is running normally again--THANKS!

I'm wondering if my Avast issue came from not running the uninstaller in safe mode (can't remember if i did or didn't).  I ran the uninstaller you linked me to (in safe mode, for sure this time), so I'll bet that's taken care of itself.

Once again, thanks for all your help.

[CBMatt]

I doubt it was because you didn't enter Safe Mode.  It was most likely a corrupt file or some missed registry entries.  Avast is usually pretty good, but there are times when the program doesn't uninstall itself properly, which is why they provide this special tool.  In any case, I'm glad to hear that things are running normally again.