IE8 is suppose to be a big memory user and bloated. Try uninstalling IE8 and dropping back to IE7- see how much difference it makes.

The basic security should be:
One antivirus program: AVG
One firewall: Comodo
2 or more syware/adware programs: Superantispyware..

Of the above, consider changing the antivirus to Avira or Avast. We notice that AVG misses some malware that other AV programs find. Suggest you take SAS off of Startup. That will slow you down. Add Spywarebaslter:

Recommended Free Anti Virus:
Avast Free:http://www.avast.com/eng/download-avast-home.html
Avira Free:http://www.free-av.com/en/products/1...antivirus.html

Spyware/Adware Programs:
Spybot Search & Destroy: http://www.techspot.com/downloads/14...on-update.html

SpywareBlaster: http://www.techspot.com/downloads/56...reblaster.html

You can apply all the "pruning" I did to your current system to the new one- some, maybe not all will be on that one also.

The following is one of the best written for how you got infected and what to do to prevent malware in the future:
I'd like to make sure all the malware was found and removed:

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please rescan with HijackThis and post fresh log in next reply. We'll go from there.
Report any current system problems.

OK, I've uninstalled IE8 and rolled back to IE7 with all current security updates. I'm running AVIRA instead of AVG and downloaded Spyware Blaster (Spybot download did not work). i disabled the AVIRA and tried several times to run the Eset Scanner, but it kept hanging up at around 14%. IE7 seems to work better than IE8 and but I have made Firefox my default brower. I've attached an updated Hijackthis log.

Attached Files

hijackthis.log (5.7 KB, 1 views)

No problem. But I'd like you to run a full system scan with Avira> save the log> attach to next reply.

No malware in HijackThis>

Open HJT> 'do system scan only'> check the entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276}
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

Close all but HJT> click on Fix Checked

Open IE> Tools> Manage Add-ons> locate the following two entries> highlight> Disable:
Eset online scanner
yucsetreg or yucconfig.dll.

Empty the Recycle Bin.

IF you are not having the original problems and the AV scan is clean, I'll have you remove cleaning tools.

This was for >> (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

OK the AV scan found a few items that I had it "repair" and have attached the log. Could not find Eset online scanner and yucsetreg or yucconfig.dll in IE Add-ons. While scanning with AV Comodo picked up something. I have attach a Comodo log as well. IE is working far better (I used it to reply here) and the system is fairly stable in most respects. The Comodo find was a little troubling but no ill effects yet.

Attached Files

	AVSCAN-20090630-175925-44087686.LOG (23.1 KB, 1 views)
	comodo log.txt (4.9 KB, 1 views)

AV found and quarantined many Trojans. Some remain in the restore points. Do NOT use System Restore or you will reinfect the system.

Please delete the quarantined items, then Empty the Recycle Bin.

One of the Trojans is a backdoor password stealer. I advise you to change all your passwords, check internet banking carefully.

I might have missed this, but it appears that you are using the Comodo Internet Security program that contains both a firewall AND an antivirus program, thus the log. Basically the 2 AV found the same thing, but you need to remove one of the AV programs. You should only run one AV, Please delete anything left in quarantine by the Comodo AV>

I want you to remove the infected restore points:

The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Do a Disc Cleanup, either with one of the cleaner programs like CCleaner or through through OS disc cleanup.
Empty the Recycle Bin.

After you do this, run the antivirus scan again and attach log.

Are you deleting what the AV programs find and quarantine, then emptying the Recycle Bin> IF you are not, please do that, then run another scan with Avira.

OK I disabled the anti virus protection on Comodo, scanned with Avira deleted all quarantined items did a system restore and disc clean up and rescanned. When I delete the quarantined items in Avira, there is nothing in the recycle bin. The second Avira scan came up clean, I have attached the log. During the whole process Windows installed an update, I think. I've attached another Hijackthis log as well, just in case.

Attached Files

	AVSCAN-20090701-205046-1FD19454.LOG (13.5 KB, 1 views)
	hijackthis.log (5.5 KB, 1 views)

There are 2 entries in the HJ log:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

First, one showed up in the HJ log in Reply #22. I had you remove that. Now there are 2 of the entries!
Please do the 'system scan only' in HJ and check these 2 entries. Then click on Fix Checked.

We'll see if they stay gone. 'Naked' entries like this shouldn't show up. Run one more scan and see if they stay gone.

Are you having any system at all with the computer? I'm concerned about Trojans continuing to be showing up.

If fixed the two entries in the Hijackthis log and ran a new one attached. I also ran another AV scan and it was clean. No system problems yet.

Attached Files

hijackthis.log (5.3 KB, 1 views)

Okay. If the original problem has been resolved and there are no new problems, you can remove the cleaning tools:

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTCleanIt by OldTimer:
Save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

Clean up the restore points since I had you remove them earlier:

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Be sure to empty the Recycle Bin.
Let me know if you need more help. You should be moving faster if you followed what I set up in Reply #18.

Thanks for all your help. Will do what you suggested in the last post. One last question, how do you stop the pop-up ad that come with Avira anti virus. It's very annoying and kills my network connection when it pops up. Would Avast be a better choice?

Actually I think Avira is the better of the two. But can you explain what the pop-up ad is? Could it just be the splash screen. That can be disabled.

It's a pop up trying to get me to buy the full version, a big red screen with the price that stays up until I close it.

The popup is easy to dismiss:

Windows XP Home (and Media Center)

• [1] Boot into Safe Mode (repeatedly press F8 after boot)
  [2] Login under the Administrator account
  [3] Navigate to C:\Program File\AntiVir PersonalEdition Classic\avnotify.exe
  [4] Right-click “avnotify”> Properties> Security> Advanced
  [5] Permissions folder for a listing of all the system users. Do the following for all the users:
  [o] Edit - Traverse Folder / Execute File - Deny > OK
  [6] Reboot (into Normal mode) when finished

Thank you. This process has been a great learning experience. Techspot.com is now the number one site on my favorites list and you have been terrific. Thank you again.

You're welcome. Glad to help It can be a learning experience for all of us!