Is my HJT log OK?

[SuperDave]

P2P - I see you have P2P software installed on your machine. (uTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

===============================

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DDS::
  FF - prefs.js: browser.search.selectedEngine - MyWebSearch
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I do not need to see the log from this action.
  

=================================

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[ImnoGuru]

Hi SuperDave, I'm back.
I had to go away for a little while but I managed to get most of the work done for you.
I hope it all turned out OK. 

I saw lots of little things in there that looked like viruses that nothing else captured. So these programs and the sequence that is set out, is just the thing to clean up a computer.

There was only the last one that I didn't get a chance to get done before I had to leave.
I'll set that up to run later tonight (AUS time) OK.

So far the slowness has definitely disappeared and my computer is running fine.

Can't thank you enough for your patience SuperDave.

Do you want me to post any log from the last online check that you suggested?
Thanks ImnoGuru.

[SuperDave]

Do you want me to post any log from the last online check that you suggested?
Thanks ImnoGuru.

Yes please. ESET will produce a log. Please post it.

[ImnoGuru]

Thank you for all your help SuperDave.

Sorry I took so long to finish with this, a substantial piece of life took up some of my time.

I ran the last of these scans tonight, and this last scan caught another potential.

Here is the log of the scan from ESET.

I must say at this point, that the computer did speed up during this whole process and appeared to be cured, but for anyone else following the sequence of scans, it is important to COMPLETE ALL THE SCANS.

Just because it seemed to "be fixed" doesn't mean that you should stop doing all the other parts of the process. It is in your best interests to complete the process.

SuperDave , maybe when you get the chance, would you take the time to explain the contents of some of the scans results to me?

Doing these scans blindly is OK, knowing they will most likely be successful in removing the threats on the computer, but for myself I would like to know a little something about the results of the scans, like what to look for in the logs.

Thank you ImnoGuru.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

but for anyone else following the sequence of scans, it is important to COMPLETE ALL THE SCANS.

Negative on that. No two computers are the same. If anyone has problems, it's important to get help for their computer only.

maybe when you get the chance, would you take the time to explain the contents of some of the scans results to me?

All I will tell you is that all these scans are to detect malware on the computer. I won't go into this any deeper on an open forum because a lot of the people reading these forums are the very people who are making up these malicious programs.

but for myself I would like to know a little something about the results of the scans, like what to look for in the logs.

The only way you will learn more is to take courses in malware removal. Almost every forum has a link where you can go to get information about training.  Here's our link.

If there are no other issues, it's time for some clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

==============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

==============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

=============================

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

=============================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[ImnoGuru]

OOPS!! Sorry SuperDave . I didnt think of individual computers like that.
 I thought that the sequence would have been a typical routine. I am wrong. I see.

My bad..
 Listen to your administrator and follow instructions then.