thank you very much indeed, Frank - i’m appending a fresh Highjack This log below; meanwhile, to try to answer your questions (and to add a couple of new ones of my own):
~ i did briefly install a trial version of Norton Personal Firewall, when all this trouble started, but [a] it caused my computer to run unbearably slow, and [b] my helpful friend who installed Avast instead of the Norton stuff told me Avast is a firewall. i take it that’s not quite right.
~ i’m not sure it’s the same infected file it found in itself before, but i just ran another Avast scan (thorough/safe mode) and it said it couldn’t quarantine one that it had found in its own “move” file:
C:\Program Files\Alwil Software\Avast4\DATA\moved\psexec.exe.vir
not knowing what else to do, i chose the “move/rename” option; after that the “scanner status” thing read: Infected. i didn’t like that, so i stopped the scan; the log said it had moved that psexec.exe.vir to the “move” file (where it was to begin with); and also noted:
C:\Documents and Settings\SSSOUL1.…\Flash9.ocx “unable to scan”
there seemed to be more to the entry, but it was beyond the “margins” of the log.
(is it normal that after i’ve had Avast move/rename something, there’s nothing in the “moved” folder? and is the “move/rename” option the right one to choose, when the quarantine fails? it’s not very clear from the interface what that accomplishes.)
~ since my previous post, i tried to download the Avast Virus Cleaner and some of the software recommended on that “general cleaning instructions” page, but all the links came up as “unable to load” or just blank. i’m hoping that was just a temporary fluke (or maybe because i’m using Firefox? i know a lot of pages require IE, which i try to avoid using) but it seems worth noting in case it means something ominous.
~ i will try to download those two tools you mention - or do they both do the same thing? that is: do i need them both, or will they conflict with one another, or … ? sorry if i’m being overcautious but it’s been that kind of week. :]
thank you thank you for taking an interest; now here’s that Highjack This log:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:35 PM, on 2006-10-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\csrss.exe
C:\WINNT\lsass.exe
c:\winnt\system32\microsoft\user\FireDaemon.EXE
c:\winnt\system32\microsoft\user\dll39.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\sistray.EXE
C:\WINNT\system32\khooker.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus - welcome to the Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINNT\system32\SHDOCVW.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160640790354
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160657231421
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip..{7B0406B9-DC57-4A74-BF16-DD91EC23D6CE}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip..{7B0406B9-DC57-4A74-BF16-DD91EC23D6CE}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Us3uga administracyjna Mened?era dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINNT\csrss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe