Hi, I’m a very new user to my computer and He internet also.Actually Ive only been connected for the last 3mths. I have now managed to get my system infected, and with no success with all the anti virus programs. I found yours recognised the infections and i tried your cleaner with success. If my computer isn’t freezing its crashing. Or otherwise my internet explorer home page is opening in multiples and then freezes. Can someone help me please.
Hi honeyk,
Here are some free scanners you can try (starting with avast!, of course!)
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.
Try a scan with DrWeb CureIT!
Try the usual free adware/spyware scanners.
AVG Anti-Spyware Free (Requires Win2k/XP)
Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
Try some online scans. (Disable avast! while scanning.)
If still having problems, post a HijackThis! log.
What is your firewall, that is an essential part of your system security ?
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
It is fine trying other AVs to try and clean your system but it is important to only have one resident AV on your system at a time.
Hi honeyk,
Study this cleansing routine (use google translating tools to translate to english) for trojan 1165 removal:
http://www.sosordi.net/Depannage/129858-85-win-trojan-
polonus
Hi
How are you making out?
Post a hijackthis log and maybe we can help once we see what’s going on.
Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Hi Oldman, I’ve tried a no. of times with no success, to forward a reply to you with a attachment of the log you requested i send you. Can you please explain to me how to send this to you.Thanks Honeyk :-*
You post the contents of the log here in the topic, a new post, copy and paste the details from the log.
You may need to split it into two or more posts if it is a big log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:32 AM, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.com/customize/ycomp/defaults/sp/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&client_id=224DDAB001C8185A0044F726&install_time=27-10-2007:14:57&src_id=11003&tb_version=1.0.1.0&q=&url=http://au.yahoo.com (obfuscated)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.ex
e /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [cctray] “C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe”
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM..\Run: [eTrustPPAP] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [88441475] rundll32.exe “C:\WINDOWS\system32\uqqrgoyl.dll”,b
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32__c00A7359.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gmubbuyy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 11280 bytes
Thanks DavidR, Very appreciated.Honeyk :-*
First you don’t appear to have an active firewall, what is your firewall ?
FIX: using HJT (re run a HJT scan, close other windows apart from HJT)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM..\Run: [88441475] rundll32.exe “C:\WINDOWS\system32\uqqrgoyl.dll”,b
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU mywebsearch.com has some adverse comments. see http://www.siteadvisor.com/sites/mywebsearch.com.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFW BInitialSetup1.0.0.15-3.cab funwebproducts and imgfarm.com also get some adverse comments see http://www.siteadvisor.com/sites/imgfarm.com
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gmubbuyy.exe (file missing)
Unknown: Do you know what they are and did you install it.
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKCU..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
Unknown
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
Are you still using windows live messenger as this seems associated (but missing file) ?
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
Do you still have Norton Ghost ?
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
Hi again DavidR,
(Im not sure if I’ve given the answers you need to help me, but im still struggling to understand whats to be done to correct my PC. Can you tell me is this repairable at home or am i wasting your time and mine? Thaks again Honeyk :-*
Hi honeyk
I’m suspecting vundo. This should be very fixable, just follow the steps one at a time and you will be fine. If you have questions, just ask. ;D We’ll even get you fixed up with a real firewall. 8)
A couple of thing for you to do. We’ll start with the funweb, then the SAS (superantispyware) scan. It should gobble up a lot of the vundo.
Okay let’s start.
Click start, select control panel, double click on add/remove programs. Look for the following programs and if found please uninstall them
My Web Search Bar
My Web Search (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Web Search
My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way
Open windows explorer and navigate to the following folder
c:\program files
click the + beside program files and delete the following folder by right clicking on them and selecting delete
FunWebProducts
MyWebSearch
If the folders aren’t there that’s ok
Download superantispyware
First update SAS Then
Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.
Under Scanner Options make sure the following are checked
- Ignore files larger than 4MB
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantine.
leave the others unchecked.
Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.
When the scan is done, quarentine everything found . Reboot if asked. You can post/attach the log in your next reply if you wish.
To attach the log, use the additional options on the reply page.
note: this scan could take a while, to help speed it up, either boot into safe mode and run the scan there(avast won’t be running in safe mode) or physicaly disconnect from the internet and pause avast’s standard shield and any other scanners you have running. Don’t forget to resume avast after the scan.
Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
You can also attach these logs instead of copy and pasting them.
If you have a shortcut to hijackthis on your desktop, please delete it.
Open windows explorer and set the folder options to these
At the top of windows explorer click tools, select folder options. On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files and hide known extentions are not checked. Click OK.
Still in windows explorer, navigate to this folder
[b]C:\Program Files\Trend Micro\HijackThis[/b]
-click on the hijackthis folder, then find hijackthis.exe in the right hand panel
-right click that file and select rename
-rename the file hjhoneyk.exe by typing in the box
-click anywhere on the page and make sure the rename stayed.
Now make a new shortcut
right click hjhoneyk.exe, select send to, select desktop(create shortcut)
I know this sounds like a lot, but it isn’t, just do things one step at a time. Remember to resume avast standard shield when the scan is done. 
After you post the logs we can finish it off.
Hi ya Oldman, Just had chance to see if you had left me any tasks. I’ve been on and off all day. As you can see I’ve also had some mostly grateful help from DavidR. I’ts just I am sorry to say i just cant understand his talk. Im not a computer freak, and this is mostly all new to me. As my son has just started school I’ve got some free time for myself. I’ve printed off what you sent, and will give it a go straight after tea. Let you know how i go!Thank you Honeyk :-* ;D
Hi, please note that I’ve added a wee bit. You may not have seen it, but no matter. Fly at it, the SAS scan may take a while, so go for a stroll, have a nap.
It’s 10:40pm here, so I’ll check in when i get up and see how you are doing.
I should have mentioned the link for the programs I asked you to download are the names of the programs in my post. so you may want to download them now. TIP download them to your desktop, easy to find there. 8)
glad to hear you printed out the instructions, smart.
@ honeyk
I was using CAinternet security 2007, which iwas advised to buy when i got my system.But since ive had all these dramas, and with everyone who i spoke to about my computer seem to think they know what their doing, one girl turned it off saying i didnt need it. Something to do with having service pack 2.
I don’t want to complicate things for you as oldman having seen your HJT log suspects Vundo and has suggested tools to try and resolve this, so all I will mention is the firewall issue.
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- There are many freeware firewalls such as, Comodo Firewall, PCTools Firewall Plus, Jetico, etc.
With XP SP2 you have the windows XP firewall by default I don’t know if you have that enabled, if not that should be your minimum level of protection. When you start to see results in the cleaning of your system that would be a good time to look at a better firewall.
Hi
I’ve seen you pop in and out a couple of times. Are you having problems or have any questions? Don’t hesitate to ask.
Hi Oldman, To be honest with you, yes and no in response to if I’m having problems. But as for in and out,I’ve started my response to you a few times and have been interrupted and when returning to my PC, it has either lost It’s screen and i cant recover it, or while trying to hurry my PC into responding to my request, I’ve closed this screen and lost my post. And yes I’ve had a few problems with your instructions, but only caused by my impatientness.
I ran the SAS scan, but after about 2hrs, i done a really Dumb thing and opened something else and froze my PC and lost my results. So all i can tell you about it is, last i saw there was 278 viruses detected. I did ran the scan again, twice. With the results being nothing detected.
I also ran the DSS scan, with the results attached. I hope you might be able to tell me good news, and not bad. 
I have to say with the few problems with freezing etc., my daughter came over today, and while we were looking something up on the net, she said “This is the best I’ve seen your PC running in ages!” And it is true, it hasn’t been crashing as much, but its still slow.
I am still having a alert coming up all the time for a Trojan horse. When I try to delete it, or do anything with it, it keeps coming back. I comes up Can not process c1\windows\system321qdfissjjdll(Morphine)'file.I am having trouble with my notepad attachments so I’m sending this part first. So expect my notepad results yet. Just so I don’t lose what I’ve already written again. Thanks Honeyk :-*
HI
It sound like SAS removed some of it.
It sounds like you have a plan for attaching notepads to your posts. Good. Make your post ahead of time in note pad and save them to your desktop, again easy to find there.
If the post fails, you will at least have your original copy to try again.
I’m not sure if the DSS logs where supposed to be attached to this post or not
also ran the DSS scan, with the results attached. I hope you might be able to tell me good news, and not bad
There is nothing attached. Or where you attaching them later?
I am having trouble with my notepad attachments so I'm sending this part first. So expect my notepad results yet. Just so I don't lose what I've already written again.
Once you get the DSS logs posted we can start removing the rest.
The SAS logs are under stats and logs.
Open SAS, click prefences, click on the stats and logs tab. I don’t know if one would have been created but you can check.
I’ll check in during the day when I can. {work)