Trojan-Spy.HTML.Smitfraud.c Win Min (http://w-find.com/sp.htm)

Unknown

Hi All, I have problem with Win Min & Trojan-Spy.HTML. Below is the HijakThis;


Logfile of HijackThis v1.98.2
Scan saved at 10:26:58 PM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\windows\dboqesv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\Downloads\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ACU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [taomece] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [ytvsbkc] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [sounxnk] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [splwyuu] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [pdwemya] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [hfniwwt] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [vsefkkx] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [iqqibjj] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [ijxppvo] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [rqtpkyn] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [wunxery] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [hajnkhm] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [qoaxrtn] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [tanpfld] c:\windows\dboqesv.exe
O4 - HKCU\..\Run: [fcmqijm] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [ntygaih] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [njpatlk] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [wryomra] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [xccjwwy] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [bidbpgx] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [xvywtil] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [fluajfu] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [jtsdgrp] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [prgwohx] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [tllraxs] c:\windows\djflubq.exe
O4 - HKCU\..\Run: [fwkyqum] c:\windows\mpqwcql.exe
O4 - HKCU\..\Run: [aftsjaa] c:\windows\mpqwcql.exe
O4 - HKCU\..\Run: [tywbnvj] c:\windows\mpqwcql.exe
O4 - HKCU\..\Run: [kghwhrq] c:\windows\rwtlefi.exe
O4 - HKCU\..\Run: [gulalup] c:\windows\rwtlefi.exe
O4 - HKCU\..\Run: [qpevvtf] c:\windows\rwtlefi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117113345358

Can someone help me to solve this problem? thanks a lot...

Buckeye_Sam

You are using an outdated version of Hijackthis.
Please download the current version of Hijackthis.

http://www.short-media.com/download.php?d=245




Please download, install, update and scan your system with the free version of Ewido trojan scanner:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

Matahari

Hi Buckeye_Sam,

Have done what you suggested. Here is the HijackThis log & the Ewido report;

Logfile of HijackThis v1.99.1
Scan saved at 2:29:00 PM, on 6/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\TVR\RecSche.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Downloads\Hijack\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ACU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117113345358
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Ewido report;

---

ewido security suite - Scan report

---

+ Created on: 2:07:14 PM, 6/18/2005
+ Report-Checksum: DC517A82

+ Date of database: 6/18/2005
+ Version of scan engine: v3.0

+ Duration: 83 min
+ Scanned Files: 40600
+ Speed: 8.13 Files/Second
+ Infected files: 3
+ Removed files: 3
+ Files put in quarantine: 3
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
F:\
G:\

+ Scan result:
C:\WINDOWS\uninstIU.exe -> Trojan.Agent.eo -> Cleaned with backup
C:\Documents and Settings\Matahari\Cookies\matahari@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matahari\Cookies\matahari@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

My computer is still very slow, however, the Win Min & the desktop already restored.

Appreciate your further input to imporve the condition. thx,

Cheers,

Buckeye_Sam

Your log looks clean to me!

You can fix these lines with hijackthis to remove some of the resource hogs from running at startup.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE



Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

Matahari

Have run the scan;

Active Scan:
Incident Status Location
Adware:Adware/Adsmart No disinfected C:\DOCUME~1\Matahari\LOCALS~1\Temp\pi.sys
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\oleadm.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp

Can I delete the files manually?

2nd scan by Def;

C:\WINDOWS\system32\stvcpvdc.exe
Deleted

C:\WINDOWS\dboqesv.exe
Deleted

C:\WINDOWS\djflubq.exe
Deleted

C:\WINDOWS\mpqwcql.exe
Deleted

C:\WINDOWS\rwtlefi.exe
Deleted

C:\WINDOWS\vltyrsg.exe
Deleted

C:\WINDOWS\yxakwrk.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016034.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016058.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016059.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016060.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016061.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016062.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016063.exe
Deleted

C:\System Volume Information\_restore{6AB040CB-B738-4EA0-B582-7EAE927CD9AD}\RP114\A0016064.exe
Deleted

Latest HijectThis log;
Logfile of HijackThis v1.99.1
Scan saved at 1:21:45 PM, on 6/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\TVR\RecSche.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\Downloads\Hijack\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ACU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117113345358
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Are those OK?

Thanks....

Buckeye_Sam

Delete any of these files/folders that are found.

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\oleadm.dll
C:\Windows\System32\Log Files
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
C:\Program Files\PSGuard



Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.



Let me know how things are running now. Are you having any problems?

Matahari

Hi Buckeye,

My computer is running OK now.

The case is closed. Thx for your help.

Cheers...