Browsing, Downloading Issues

[kota123]

Sorry for the delay in replying.

Ran OTC and removed Avast.

Avira Scan Log:

Avira AntiVir Personal
Report file date: Monday, October 26, 2009  13:29

Scanning for 1822519 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : AA-EC0D1346D3FA

Version information:
BUILD.DAT       : 9.0.0.407     17961 Bytes   7/29/2009 10:34:00
AVSCAN.EXE      : 9.0.3.7      466689 Bytes   7/21/2009 09:06:16
AVSCAN.DLL      : 9.0.3.0       40705 Bytes   2/27/2009 06:28:26
LUKE.DLL        : 9.0.3.2      209665 Bytes   2/20/2009 07:05:50
LUKERES.DLL     : 9.0.2.0       12033 Bytes   2/27/2009 06:28:54
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  10/27/2008 08:00:38
ANTIVIR1.VDF    : 7.1.4.132   5707264 Bytes   6/24/2009 04:51:44
ANTIVIR2.VDF    : 7.1.6.112   4833792 Bytes  10/15/2009 07:52:40
ANTIVIR3.VDF    : 7.1.6.146    323072 Bytes  10/25/2009 07:52:44
Engineversion   : 8.2.1.44
AEVDF.DLL       : 8.1.1.2      106867 Bytes  10/26/2009 07:53:22
AESCRIPT.DLL    : 8.1.2.40     487804 Bytes  10/26/2009 07:53:20
AESCN.DLL       : 8.1.2.5      127346 Bytes  10/26/2009 07:53:16
AERDL.DLL       : 8.1.3.2      479604 Bytes  10/26/2009 07:53:16
AEPACK.DLL      : 8.2.0.2      422263 Bytes  10/26/2009 07:53:12
AEOFFICE.DLL    : 8.1.0.38     196987 Bytes   7/23/2009 05:29:40
AEHEUR.DLL      : 8.1.0.167   2011511 Bytes  10/26/2009 07:53:08
AEHELP.DLL      : 8.1.7.0      237940 Bytes  10/26/2009 07:52:54
AEGEN.DLL       : 8.1.1.68     364918 Bytes  10/26/2009 07:52:52
AEEMU.DLL       : 8.1.1.0      393587 Bytes  10/26/2009 07:52:48
AECORE.DLL      : 8.1.8.1      184693 Bytes  10/26/2009 07:52:46
AEBB.DLL        : 8.1.0.3       53618 Bytes   10/9/2008 10:02:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12/12/2008 04:18:00
AVPREF.DLL      : 9.0.0.1       43777 Bytes   12/5/2008 06:02:16
AVREP.DLL       : 8.0.0.3      155905 Bytes   1/20/2009 10:04:30
AVREG.DLL       : 9.0.0.0       36609 Bytes   12/5/2008 06:02:10
AVARKT.DLL      : 9.0.0.3      292609 Bytes   3/24/2009 10:35:42
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes   1/30/2009 06:07:10
SQLITE3.DLL     : 3.6.1.0      326401 Bytes   1/28/2009 10:33:50
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes    2/2/2009 03:51:34
NETNT.DLL       : 9.0.0.0       11521 Bytes   12/5/2008 06:02:12
RCIMAGE.DLL     : 9.0.0.25    2438913 Bytes   5/15/2009 11:10:00
RCTEXT.DLL      : 9.0.37.0      86785 Bytes   4/17/2009 05:49:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, October 26, 2009  13:29

Starting search for hidden objects.
d:\windows\ï¿‹b913580.log
    [INFO]      The file is not visible.
    [WARNING]   The file could not be copied to the quarantine directory.
    [WARNING]   Error in ARK library
'28628' objects were checked, '1' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <NEW>
Begin scan in 'D:\' <NEW>
D:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
D:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
D:\Backup of old c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
D:\Backup of old c\data of c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper

Beginning disinfection:
D:\Backup of old c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
    [NOTE]      The file was moved to '4b465f1d.qua'!
D:\Backup of old c\data of c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
    [NOTE]      The file was moved to '4adf9496.qua'!


End of the scan: Monday, October 26, 2009  14:02
Used time: 32:23 Minute(s)

The scan has been done completely.

   4829 Scanned directories
 176668 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
 176664 Files not concerned
   1761 Archives were scanned
      3 Warnings
      4 Notes
  28628 Objects were scanned with rootkit scan
      1 Hidden objects were found

_______________________________________________________________

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:54 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202570621154
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202570594275
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3EDBC60-91DF-486C-9929-938433EAA145}: NameServer = 218.248.255.194 218.248.255.162
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5517 bytes
______________________________________________________
Thank you.

[guestolo]

Looks good,
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Java adds Java Quick Starter service to run on startup
It's really not needed and may save on system resources to disable it
Open the Windows Control Panel, Open the Java icon
Click the ADVANCED tab>>Expand (+) on Miscellaneous
Untick "Java Quick Starter"
Apply and Ok it then reboot your computer for the change to take effect

Back in Windows
I would add SpywareBlaster to your Protection software, it does not run in the background but helps to silently protect your system

SpywareBlaster  by JavaCool  
At the link you can read more about it if you like then continue with
Free Download on the right>>Continue Download at next page
Basically it

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

I would set a weekly scan with Avira
Double click on the Avira icon by the clock
When it opens, click on "Administration" >>"Scheduler"
Put a tick in "ENABLED" beside Complete System Scan
Then right click on Complete System scan and choose to "EDIT JOB"
You can set your preference to run once a week, just follow along the prompts
You can even have Avira shut down the computer after the scan is done

Take a look at the following link
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html
Tips on keeping your computer running a bit faster
Scroll to the section>Clean unused files from your system
You can manually clean temp files etc.. or I suggest download and installing CCleaner
from the above link
NOTE: During install UNTICK the Yahoo Toolbar and any other preference you may not want
Once installed simpy click on RUN CLEANER on the bottom right
OK the prompt
When done just close it out
Run it every couple weeks or so, or just before a scheduled AntiVirus scan

If you find that you have to keep logging into sites you normally didn't have to
CCleaner will remove Cookies also, simply open CCleaner
Click on OPTIONS>>COOKIES
Move any Cookie you don't want cleaned in the future to the KEEP SIDE

Run a Disk Defragment on the computer also after the above is done
That should do it  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[kota123]

Thank you very much for all your help and patience.  I know it was a long process, slowed further by our different time zones.

Just a couple of questions in the end.

1.  Avira takes a long time to load at startup.  Can I switch to AVG?

2.  Is ATF Cleaner as efficient as CCleaner?  I have ATF on my laptop and am more comfortable with it.

3.  I presume I can start downloading the Windows updates, which I was unable to do before.

Thank you once again.

[guestolo]

Here's the system requirements for AVG    

 

Code: [Select]

* Intel Pentium 1.8 GHz processor or faster
* 550 MB free hard drive space (for installation)
* 512 MB RAM
For Avira

Code: [Select]

At least 192 MB RAM (Windows XP)You still have barely enough to run either

NOTE the amount of minimal system RAM
You appear to have 256 MB RAM>>32 mb shared to Video

Is it possible for you to upgrade the amount of Ram installed?

ATF-Cleaner will be fine

Let me know if you can download and install Windows Updates

[kota123]

I will get the RAM upgraded and leave Avira on for the time being.  And yes, I was able to download and install Microsoft updates.

Thank you very much for all your help.