Popups have seized my computer

[skinsfan87]

tried it again and hit ignore instead of close and got this daemon:

<NO NAME> REG_SZ {0df53cfc-6c7b-41d1-aee6-f3435e2d66b7}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fk sfttkt
<NO NAME> REG_SZ {8889e363-a75c-4462-b7df-bbaccb444328}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{C FC7205E-2792-4378-9591-3879CC6C9022}

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»

"Find activesetup", version1, launched at: 21:49
Operating System: Windows XP SP2


HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»

Global Startup:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup

User Startup:
C:\Documents and Settings\Owner.HOME-HUE1X2N8VG\Start Menu\Programs\Startup

[skinsfan87]

mobo, can you decifer what the qoologic scan means?

[Mobo]

I dont see anything but im not familiar with those logs.

[skinsfan87]

ok, ill wait till tomorrow when daemon will reply, thanks. and i havent experienced anything funny at all today. the comp looks like its in great shape.

[Daemon]

Go here, download and install the fix relevant to your Operating System (either XP Home or Professional):

[Only Registered and Activated Users Can See Links. Click Here To Register...]

See if the file now runs without an error and post the log.

Do this also. Download and run Silent Runners.vbs from [Only Registered and Activated Users Can See Links. Click Here To Register...]

It generates a log, please post the information back in this thread

[skinsfan87]

no error this time. heres the new findqoologic log.


HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fk sftt
<NO NAME> REG_SZ {0df53cfc-6c7b-41d1-aee6-f3435e2d66b7}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fk sfttkt
<NO NAME> REG_SZ {8889e363-a75c-4462-b7df-bbaccb444328}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{C FC7205E-2792-4378-9591-3879CC6C9022}

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»

"Find activesetup", version1, launched at: 15:02
Operating System: Windows XP SP2


HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»

Global Startup:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup

User Startup:
C:\Documents and Settings\Owner.HOME-HUE1X2N8VG\Start Menu\Programs\Startup

[Daemon]

Good, post the silent runners log and a fresh HJT log.

[skinsfan87]

here is the silent runners log:

"Silent Runners.vbs", revision 33, [Only Registered and Activated Users Can See Links. Click Here To Register...]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.e xe" ["Motive Communications, Inc."]
"DeadAIM" = "rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs" [MS]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe /auto" [MS]
"KavSvc" = "C:\WINDOWS\system32\vlavmm.exe" [null data]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once\ {++}
"MicrosoftAntiSpywareCleaner" = "C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.d ll" ["Texas Instruments Incorporated"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{4C6E3C22-A573-4EC4-9325-92BAA8F23570}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\pjapi.dll" [file not found]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sspipes.scr" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner.HOME-HUE1X2N8VG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Verizon Online Dialer" -> shortcut to: "C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe /S" [empty string]
"Verizon Online Support Center" -> shortcut to: "C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Scan for Viruses - My Computer (HOME-HUE1X2N8VG-Owner)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["Networks Associates Technology, Inc"]
"McAfee.com Update Check (HOME-HUE1X2N8VG-Owner)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[skinsfan87]

and heres the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:23 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\vlavmm.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.ex e /auto
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vlavmm.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: RaptisoftGameLoader - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: Yahoo! Graffiti - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: Yahoo! Word Racer - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F0648E8-D53B-478A-91DC-9725A4A8F600}: NameServer = 199.45.32.43 199.45.32.38
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

[Daemon]

Hmmm...OK. Do this for me.

Open Killbox. Select the Delete on reboot option.

In the 'Full Path of File to Delete' box, copy and paste the following, clicking the 'Delete File' button (red circle with a white X) after pasting:

C:\WINDOWS\system32\vlavmm.exe

It will prompt you to reboot, press the YES button.

After restarting, with only HijackThis running, scan and when complete, remove the following entry by checking the box to the left and clicking 'fixed checked':

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vlavmm.exe

Reboot again when done, rescan with HJT and post a new log here.