Win32/heur sims 2

and now, the registration key for the older version is not working.

methinks i should switch back to AVG till they sort out version 6, not to sure it's a good idea to have an AV program that won't register.

ok, installed AVG.

avast version 5 was acting funny (would remove from add or remove, had to end the process and manually go in to the program files to deleate it... shoud i worry, i got it from here.

http://www.filehippo.com/download_avast_antivirus/

gonna run some scans tomorow, if everything looks ok, then it's been cured. i can't half thank you enouth for the ammount of time you've helped me on this, i'm sorry that it was my own anger at AVG that started it. but thanks, without all those scans, i would have still thought it a virus. thankyou. i'll give you the heads up on tomorows scans, if you want me to do any other scans before i start the system restore again give me a heads up.

I had previously read in the Avast forum about many going back from v6 to v5.xxx. If you can resolve that one, suggest use free and good Avira-AntiVir-Personal-Free-Antivirus

When the security program upgrade their engines- not updates> such as v5 to v6, I've seen many go downhill. The engine is a major upgrade while an update is usually done for security purposes on the same engine. In my opinion, when AVG upgraded from v7 or v7.5 to v8, they ruined what had been a good AV program. And now they are up to AVG 2011 and still having massive problems. I don't recommend AVG to anyone any more.

But basic security should be layered: one AV, one Firewall and two or more antimalware programs, combining Real Time security with one that runs in the background such as Spywareblaster.
======================================
Are you able to boot into Normal Mode now?
Can you use Firefox to surf? If not, what happens? Did you try Internet Explorer.
Leaving you only in Safe Mode is not the way to finish> if you slow down drastically in either browser, try removing the addons through Tools. You can then put them back on one at a time until you determine if one of them is causing the slowdowns. By the number, I don't see an excess, but one ot more could be resource intensive.
=====================================
You need to run an online virus scan> either of the following:

Eset:
Run Eset NOD32 Online AntiVirus scan HERE

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Kaspersky:
Run Kaspersky Online Scanner in Internet Explorer

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
  [o] Scan Options: Scan Archives> Scan Mail Bases
• Click OK
• Now under select a target to scan:
  [o] Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
===========================================
Then please run this Security Check

Download Security Check by screen317 from HERE or HERE .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========================
I'll have you remove all of the cleaning tools and logs when we're through.

ok, i'll do that once i'm home, my grilfriend rang me up and said AVG found a currupted file, i'll post the file name and logs once i get home and run the online scans (it's good to get my PC back.) on the plus side, i also just aced a resit with 100% so my scoure could mostlikly be 90% for the 10% penalty.

Consider replacing AVG.

with, can't use avast, anything else?

corrupted file was a system restore that avast made when it was installed.

here's the up to date malware bytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6297

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/04/2011 15:44:30
mbam-log-2011-04-07 (15-44-30).txt

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 439194
Time elapsed: 4 hour(s), 16 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------------------------

eset scan

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1881e47de419ae47a4b8d9db00e7b121
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-07 11:49:58
# local_time=2011-04-08 12:49:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 95 12282 45500926 0 0
# compatibility_mode=8192 67108863 100 0 182 182 0 0
# compatibility_mode=9217 16776893 100 77 2258526 19161812 0 0
# scanned=264591
# found=0
# cleaned=0
# scan_time=9665

----------------------------------------------------------------------------------------------------------------------------------------------------

ok, that's 2 running the other two now, (not at the same time)

ok, my connections crap so i can't run the kasperskie online scan since it takes to long to update. i know this to be my connection. sorry about that, running security check now.

what normally happens is that it starts updating the scan but by 50% the licance and connection time out due to my connection. my current speed is
2.3 mbps and i know i'm a good distace away from the exchange.

ok, security check done, here's the log

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
ZoneAlarm Extreme Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
Zone Labs ZoneAlarm MailFrontier mantispm.exe
``````````End of Log````````````

what's the java update again, i couldn't run it last time.

Please uninstall: Java(TM) 6 Update 7
Please update: Mozilla Firefox (3.6.16)

If only using Firewall for ZoneAlarm, okay. Keep the Windows Firewall disabled.

Is all the problem you have now due to the slow connection? You'll have to refresh me on why you couldn't run the Eset scan.

i couldn't run the kasperskie online scan due to low connection.

ok, i'll uninstall java 6 tonight.

how do you update firefox while still keeping your tabs.

Open Firefox> Click on Help> Check for updates.
The most current for v3.6 is v3.6.19. Going to that shouldn't affect the tabs at all- I've been either doing that or going to Mozilla site for updates> never lost anything..

A NOTE: Firefox is a big memory eater! I've used it since the first full version came out. I had hoped it would get better with each update> it did not. My homepage use to open with 7 tabs, but now I just have the main homepage, no other tabs.

If your connection time is so critical, I suggest you close the tabs. To open a new tab> click on the + sign over a folder in the toolbar. Begin typing the URL in the address bar and the Firefox location feature will show and you click on that URL.

Was the connection the problem originally with the Eset scan?

Good practice before doing any update, download or install is to set a System Restore point first.

no, i founfd out that one of avasts new functions isn't built for XP, once i removed avast everything's back to normal.

the feature scans apps before loading silently in the background, this would cause XP to hang or frize, (exactly like mine)

upgraded to firefox version 4.

i have a redirect blocker and popup blocker, i'm in controll of the number of tabs.

connections been like that since october.

??????

it's the none beta version 6 i had installed, avast dosn't offer any of it's older versions.

version 6 of avast has compatability issues with XP.

i'm gonna stick with avg for a while. i need to clarify that my PC is clean and i can start system restore again.

ah, what i mean is, when i had the problem with avast i turned my sustem restore off, when it was being unistalled it forcably turned it back on, i've turned it off cince then.

ok, just noting but i think my hotmail account might have been hacked.

my mum just told me she recived spam e-mail from me and that it went out to sevral of my contacts. at 4 AM in the morning.

i have changed the password so it should be ok.

I can't do anything about your slow internet connection. The email problem is something else. When you have web-based email like Hotmail, it can be hacked from the internet. It doesn't have to be anything on your system.

Have we resolved the original problem?

yes, thanksfor all your help and advice.

is my PC clean. can i restart system restore?

i changed my e-mail password so it should be ok. when i chenged it i checked to find no sent e-mail so nothing was sent out to inform the hacker of the password change. i've got everyone on standby to tell me if anything else pops up just in case.

You're welcome. I have been unable to find any mention of Avast conflict with Windows XP. I don't know how or why installing Avast would corrupt System Restore. System Restore should not be turned off. There can be times when the only way into a system is to use System Restore. When you turn it off, it drops all the restore points.
=======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
SecCenter:: 
{EDC10449-64D1-46c7-A59A-EC20D662F26D}
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Extra::
File::
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-: - Profile -c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6ndptuax.default\

Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
=============================================
Be sure the following have the most current updates:
Java Updates
Adobe Reader .
Uninstall any earlier updates as they are vulnerabilities.
============================================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have anymore questions,