Newbie: Desperately need help.

[mkis]

Hi 4frustrated

Sorry I was out working yesterday and didn't read your first reply. You checked your virus chest so that was good and it came up empty of infected files which was even better. The three files in the System Files section of the chest are needed by default so that is all good as well.
See here:  http://forum.avast.com/index.php?topic=43668.0

Learning how to run a boot scan is essential knowledge to using the avast on demand scanner.
In the steps I outlined above you were offered various options under Schedule Boot-Time scan.
But firstly you need to find the actual option to Schedule - important to find how to get to this option for anyone who is new to avast. I have outlined above how to find the option in the menu list of the avast (radio) scanner, found in Start avast! Antivirus. If the scanner is skinless (that is, no radio body), the Schedule option is found under Tools.

Everyone needs to know how to run a boot scan
I cleaned out off hard disk a mass of common viruses yesterday using only avast boot scan and mbam. The disk is okay now. Once clean, then I did some work tidying up the drives.
Luckily this disk had not got to the point where it was infested.

When running a bootscan I usually choose to check the Archive box and to run a Thorough scan.
I also usually set Advanced Options.
My advanced options are usually Move infected files to chest / Allow delete or move.
I did this yesterday and all files sent to the chest were malware and were infected.
But as has been pointed out, it may be possible that a needed file could be accidently sent to the chest by allowing these Advanced Options to be automated. For this reason, you may wish to watch the process through and make your own decisions if and when prompted by the boot scan,
You set these choices under the Advanced Options selection.

Everyone should also learn how to select options available through the Schedule boot-time scan.
It doesn't take too much time to look these options over, and work out a procedure for yourself.
Once all choices under Schedule boot-time scan have been made, you need to Restart the computer (or at the next time the computer starts), then the boot scan will run.

If I can find a good link outlining usage of avast on demand scanner, I will post it here under an Edit.

[mkis]

Hi 4frustrated

Your post came through just before mine so I didn't see it until now.

You did well! That was the boot scan that ran and you came up clean. I am guessing that your computer is running much better now as you are very likely virus free.

I will return here in a minute with an Edit on how to run a HJT scan.  

Edit --
It might help if you went to HiJackThis and run a scan of your computer
Click here – http://www.filehippo.com/download_hijackthis/download/8571e06e5eb8ab03c649f3b5d647c599/

Download and run - do scan and save a log file.
Post the log file to this thread. If it is too large you may have to post in two parts.

I will look at you HjT log 4frustrated but probably leave it for someone more expert at these logs to make comments and offer advice. 

[Confused Computer User]

Can someone please give me a link to HJT to scan my comp?

mkis provided the link.
For my part I'll just mention that once you install the program you should open it (and if in vista I would suggest to run it as administrator... right click on its shortcut icon and click on Run as Administrator) and select "Do a system scan and save to log file".
When the scan is done a notepad will appear. Select its contents and copy paste them in your post. They might be a bit large so you will have to brake it down in two or three posts.
Hope this helps.

[4frustrated]

HI, here is the HJT scan report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:52 PM, on 7/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vanguard.com/VGApp/hnw/PersonalHome
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WeatherMate] "C:\Program Files\WeatherMate\WeatherMate.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4415 bytes

Thanks for checking this.

[YoKenny]

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) <== IE8 is available and much more secure
http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <== Acrobat 7.0 is vulnerable and 9.1 is avalable

O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan <== ParetoLogic is not very well respected:
http://hosts-file.net/default.asp?s=ParetoLogic <== FSA - sites engaged in the selling or distribution of bogus or fraudulent applications

Run Secunia Online Software Inspector to scan your PC for the most common programs and vulnerabilities:
http://secunia.com/vulnerability_scanning/online

[4frustrated]

Hi Yokenny,

Thanks for looking at my HJT scan report.  Are you telling me I should remove those things....from the scan & do something with them?  If so what do I do with them?
I'm sorry to sound dumb but when I was looking at the scan report & I copied it to send here.  Then I wanted to shut down my comp. because  we were getting some heavy duty thunderstorms & lightening.  I didn't know what to do with the scan report that had the check boxes in front of them.  I clicked on Home but then I wasn't able to get back to the check box page.  Can you tell me how to get back to that page if I need it to make any changes you guys tell me to do, right?  If there are things to do could you explain it explicitly...step by step.  I don't know what I'm doing & I don't want to mess my comp up because I make a mistake or guess what the next step should be.  Thanks so much.  I really appreciate all your help

I really need to get this PC straightened out because I use a pda & I use this comp. to sync it to & I'm having some problems with it & need to use this pc to get it working right.  I haven't been able to sync it for almost 2 months & I need to do it soon.

[YoKenny]

Go to Add/Remove Programs in Control Panel and un-install all Adobe applications then un-install DriveCure then reboot.

Go to Microsoft IE8 install site and install IE8:
http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

[4frustrated]

Hi Yokenny,

Thanks for your help.

I uninstalled all the Adobe programs.  I would like to understand why I uninstalled them?  Are there virus's in them?  Or are they not good programs to have on your comp.?  I recently went on a website-I can't remember which-but to use it I had to have it on my comp.

I could not find Drive Cure in the list of programs to uninstall.  Same question about this prog.?  I found that on Microsoft's website & I ran it & it seemed to help some things like my printer.

I did install IE8 but I wondered why?  I use Firefox.  The only time I use IE is when I go on Microsoft's website because you have to.

Thanks again for your help.

[4frustrated]

Hi All,

I'm wondering can someone tell me if there is a program to substitute
for Adobe Flash?  There are so many things I can't use because they won't work without it.

No one answered my question about why I had to remove all Adobe products.  Can someone tell me?  Would it be OK to just use Adobe Flash & not the others?

Thank so much for your help.

[4frustrated]

Hi All,

 I have one more question.  When I login to this site it asks me how long I want to stay logged in & I always click on Always but every time I come back I still have to log in anyway.  Why is that?

Thanks again.

[4frustrated]

Hi,

Sorry One more question.  When I got on here this message was there.

Warning - while you were reading 44 new replies have been posted. You may wish to review your post.

I don't see even one reply in my post.  Are they located in a different place or were none of those 44 replies in my post?

Again thanks.

[YoKenny]

@4frustrated

  Would it be OK to just use Adobe Flash & not the others?

I use Adobe Flash but I make sure it is up to date and all old versions are removed.

Run Secunia Online Software Inspector to see what applications have vulnerabilities:
http://secunia.com/vulnerability_scanning/online

Always but every time I come back I still have to log in anyway.  Why is that?

Something is removing avast!'s cookie. 
CCleaner or ATF cleaner?
Bug in Firefox? 

I have no idea why you saw the message about 44 replies.

[mkis]

Hi 4frustrated

YoKenny is telling you to do is bring your computer up to standard so that you can keep it safe and use it on the internet. To operate the computer safely over a period of time in that state you need be an expert

You can do it. It is possible. I think.

But too much a handful for a newbie desperately needing help

You are better off with up to date versions of Adobe. If you want Adobe then IE8 is a good option. The HjT scan is needless. I didn't know the state of your programs. You don't seem to know what you do are doing but you dont appear to have messed up your computer. I can't imagine that Firefox would run troublefree with IE6 but I could be wrong. You could try it out and reply post a report here.

I've used Adobe Flash and not the others. It's okay. Flash does what its supposed to do. If you've got kids and they play games, you need Shockwave as well. Students use Reader.


Lost on your final post. You really should take a screenshot of these kinds of interruptions. I use MWSnap, whic is a great little program for capturing what you see on your screen, and saving that view as a graphic image like a GIF or JPEG file.

http://www.mirekw.com/winfreeware/mwsnap.html


Edit - Sorry, cross-posted with YoKenny.

[4frustrated]

Hi,

Thanks for your reply.  I  don't use either of the cleaner programs you mentioned.  Is there a setting on the computer that tells it not to save the cookies when you get on a website. If there is can you tell me how to change it?

I know when I ran the Avast scan I told it to remove the cookies but I don't know if I might have set something to not save them-I don't understand the tech words & maybe I said to do that-not knowing what it meant.   

Whenever I get on here it tells me in red the msg about there being so many posts while I was reading...it's actually while I am not on this website.

I don't know how to do a screen shot & save it to jpg etc.

I appreciate your help.  Thanks.

[YoKenny]

I don't use Firefox. 

I did not know avast! will remove cookies during a scan?

mkis told you about MWSnap so you need to learn how to use it.

Look at Additional Options... then Attach: when you post.