Dear Group,
I have two problems which I think are related but who knows...here's the first problem, my step-daughter downloaded a file from her boyfriend using trillian and then opened it trusting it was safe...a few days later the IE browser started slowing up. [We're on ADSL and the browser slowed to 12 bytes per second before coming to a dead stop]
She ran three anti-virus scans..AVG pro, Norton pro and Trend micro [on-line] and got rid of 4 infected files..all trojans. She thought one was called .junta and the other had the number 8 in it..that's what she remembers. Anyway..
the files were quarantined and deleted and she hoped that fixed the problem but it didn't. IE only connects to sites that were in her location bar [and very, very slowly..]..and if she tries any new site it takes an hour to load, if it loads at all.

So then we tried system restore [this is a brand new Dell we're on and it is less than three weeks on-line..was working brilliantly at that!]..trouble is when it restarts it comes up with a message saying system cannot be reset to a previous date [any previous date] BUT IT DOESN"T SAY WHY or how to fix the problem.
Please, oh, please..I forked out a lot of bread for this computer for her and now all it can do is play music and games..but surfing, mailing, downloading,etc. are just not possible.

Zohar
Amsterdam

here goto this site (if you can on your computer or another one with the internet)
http://www.spychecker.com/program/hijackthis.html
Download hijack this place on your c: drive then open up the program and hit scan. Then once the scan is complete save the log and place it here.

Logfile of HijackThis v1.97.7
Scan saved at 5:04:56 PM, on 8/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\winsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\docume~1\akaineko\locals~1\temp\msbb.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\taskmger.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] c:\docume~1\akaineko\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [Microsoft Task Monitor] taskmger.exe
O4 - HKLM\..\Run: [Windows Manager] winsrv.exe
O4 - HKLM\..\Run: [dmnmt] C:\WINDOWS\dmnmt.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Task Monitor] taskmger.exe
O4 - HKLM\..\RunServices: [Windows Manager] winsrv.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Microsoft Task Monitor] taskmger.exe
O4 - HKCU\..\Run: [Windows Manager] winsrv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Ok since you dont have system restore and i am a semi-newb to hijackthis (only know common spyware entries which you dont have). then i would wait for a mod or someone with more HJT experience tell you what to do I would hate to mess up your computer and not be able to restore back.

Not long ago a message on the computer said that a virus was detected called Trojan Horse downloader.alchemic.a. It advised to run AVG to get rid of the virus so we did that but AVG didn't find any virus at all when we ran the full test. We are trying our best to find way's to get rid of it now but if anyone has any other tips on our problem please tell us. Thanks.

have you run adaware from www.lavasoft.de and spybot from www.safer-networking.org? I can see a spyware entry, which either of those might clean up.

The msbb entry is the 180search assistant. If you did not intend to have this on your system you can uninstall it by following the instructions here: http://www.180searchassistant.com/uninstall.html

There are a few other entries in there but you'd have to get someone more experienced than me to tell you how to remove it 'just in case'.

btw can you create a restore point with your system restore? perhaps the problem is that there are no restore points to return to?

Yes we can create a restore point but shouldn't it just be able to return to a previous date? Either way the computer is so new that we hadn't even thought of making a rstore point yet. We have add aware pro and we run it daily (just did a full system scan an hour ago and it sais it removed all spyware)

Also moments ago Norton Antivirus came up with a virus warning telling us it couldn't repair the file. The virus is called Bloodhound.Packed We tried to follow the extension it gave us where the virus should be located but none of the folders it's talking about are actually there.

Likely the files/folders you need access to are hidden/system files/folders. Open up Windows Explorer, (not Internet Explorer), pick Tools from the top menu, pick Folder Options, pick View, and change Hidden Files and Folders to 'Show hidden files and folders', then while in there, I personally also clear the mark from 'Hide extensions for known file types', and for 'Hide protected operating system files'. (The last two are optional, I just don't like anything being able to hide in my system!). That should help you out a bit. Finding that file should be a cinch after you do this.

Good luck!

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

this file should be fixed also unless you want that extra searchbar it is a common spyware problem that i've had a lot.