[Solved] Multiple Trojan infections
Hey guys. I have run several spyware cleaners and one virus scanner, but the spyware programs keep coming up with the same trojans and a few spyware/malware infections. This is greatly slowing down my already sub-par system, obviously becomming quite frustrating. If it helps, I am running windows XP on a PIII 450 MHz, with 128 MB of RAM. One infection has hijacked my browser, and brings up a random search engine(e.g. Lycos) 8/10 times I click a link in google. It also takes around 3 minutes to open an Internet Explorer browser window, sometimes even causing my computer to freeze. The programs I have used to try to stop these infections are--Spybot, Adaware, Spysweeper, Ewido, Microsoft's Anti-spyware beta, Spydoctor, and AVG antivirus. two of these programs I have paid for(spydoctor and spysweeper) and I still haven't removed these infections. I will greatly appreciate any help I can recieve. Here is a list of the trojans and spyware the programs have been finding.
__________________________________________________
alcan.a
trojanclicker
trojan.downloader.ruins
trojan.pakes
search toolbar
quicklink search toolbar
unspypc
trojan-backdoor-us15info
trojan-secdrop
trojan-downloader-wareout
__________________________________________________
I am not sure If hijack this would be able to help against trojans, but here is my log.
One other thing that I forgot to mantion is that Ctrl-Alt-Delete is not responding.It would be helpful to have this back, because I often kill processes to free upwhat little RAM I have.
__________________________________________________
alcan.a
trojanclicker
trojan.downloader.ruins
trojan.pakes
search toolbar
quicklink search toolbar
unspypc
trojan-backdoor-us15info
trojan-secdrop
trojan-downloader-wareout
__________________________________________________
I am not sure If hijack this would be able to help against trojans, but here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 11:15:38 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmitl.exe] C:\WINDOWS\system32\dmitl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144548909508
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144549227456
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{5483FFAC-E579-40F2-9A0A-47E2FD41807A}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DE790B-D2FB-4235-8972-F7DF89183C06}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
One other thing that I forgot to mantion is that Ctrl-Alt-Delete is not responding.It would be helpful to have this back, because I often kill processes to free upwhat little RAM I have.
0
This discussion has been closed.
Comments
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt. No need to wrap the HJT log in quotes!
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
_________________________________
Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ltimd
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmitl.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMDQB.EXE 62,018 2004-08-04
C:\WINDOWS\SYSTEM32\DMITL.EXE 44,069 2004-08-04
C:\WINDOWS\SYSTEM32\DMMEH.EXE 44,069 2004-08-04
C:\WINDOWS\SYSTEM32\DMUUG.EXE 62,018 2004-08-04
_________________________________
_________________________________
Logfile of HijackThis v1.99.1
Scan saved at 12:49:40 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\virus stuff\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144548909508
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144549227456
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{5483FFAC-E579-40F2-9A0A-47E2FD41807A}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DE790B-D2FB-4235-8972-F7DF89183C06}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
_________________________________
Good news so far--Ctrl-Alt-Delete is now working!
As far as the DNS portion of your post, I did everything up untill the ipconfig portion. This is the error message I recieved.
_________________________________
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\David>ipconfig /flushdns
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\David>
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{5483FFAC-E579-40F2-9A0A-47E2FD41807A}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DE790B-D2FB-4235-8972-F7DF89183C06}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E514725-66CD-4D40-A51B-EAF2816F6C30}: NameServer = 85.255.115.60,85.255.112.87
- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked
Reboot your computer!!!
Could you update Ewido and do another scan please. Save a log so I can see it.
Reboot once more and post a new HJT log, along with the Ewido results.
Let me know how things are.
Ctrl-Alt-Delete is again working for me, my computer has regained its speed, and the browser hijack problems are no longer there. I'm happy, but how do I know if I still have some traces of this malware on my computer?
ewido anti-malware - Scan report
+ Created on: 2:20:24 PM, 5/30/2006
+ Report-Checksum: D8C56963
+ Scan result:
C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\WINDOWS\system32\pheozyit.rgc -> Hijacker.Small.js : Cleaned with backup
C:\WINDOWS\system32\pushow10.dll -> Adware.AdvertMen : Cleaned with backup
::Report End
_____________________________
And my hijackthis log
_____________________________
Logfile of HijackThis v1.99.1
Scan saved at 3:02:29 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David\Desktop\virus stuff\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144548909508
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144549227456
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
With that said, your HJT log is clean.
I know your computer isn't the best and you like to keep software etc at a mimimum, but here is a list of things you can do to stay more secure.
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here
Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here
Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster and SpywareGuard
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK
Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
- Temporary Files
- Temporary Internet Files
- Recycle Bin
Also, go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.Empty/delete the entire contents from the following folders:
C:\Windows\temp
C:\temp <-- if you have one.
Note: Empty contents but don't delete the folder(s) itself.
Clear out temp files from the following location. Change "username" to whatever you have on your computer.
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin!
Hide system files
It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...
Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run | type msconfig | Press Enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created automatically.
Note that all previous restore points will be lost.
Let me know if you have any other problems. If not, can we mark this resolved?
As far as the tips you mentioned, I do most of those regularily. I will try those anti-spyware programs out, provided they have free versions of their software(Like I mentioned, I have already bought two of the apparently best anti-spyware programs, and they did nothing to stop the malware)
I did try firefox on this computer once. I liked it, but it used too much system resources and took a bit too long to start up for something I use so often. I will definately give opera a try tho.
Here is my ad-aware log If it helps.
____________________________________
ArchiveData(auto-quarantine- 2006-05-30 16-05-10.bckp)
Referencefile : SE1R109 22.05.2006
======================================================
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[20]=IECache Entry : Cookie:david@statcounter.com/
obj[21]=IECache Entry : Cookie:david@live365.com/
obj[22]=IECache Entry : Cookie:david@casalemedia.com/
obj[23]=IECache Entry : Cookie:david@adrevolver.com/
obj[24]=IECache Entry : Cookie:david@media.adrevolver.com/adrevolver/
ADWARE.TOOLBAND
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[25]=File : C:\System Volume Information\_restore{25310719-AB9E-4C3E-8AF4-29ED6C76CBFE}\RP20\A0038926.dll
obj[29]=File : C:\System Volume Information\_restore{25310719-AB9E-4C3E-8AF4-29ED6C76CBFE}\RP20\A0038930.dll
WIN32.P2P-WORM.ALCAN.A
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[26]=File : C:\System Volume Information\_restore{25310719-AB9E-4C3E-8AF4-29ED6C76CBFE}\RP20\A0038927.dll
COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[27]=File : C:\System Volume Information\_restore{25310719-AB9E-4C3E-8AF4-29ED6C76CBFE}\RP20\A0038928.exe
obj[30]=File : C:\WINDOWS\system32\wbem\logs\wbemess.log
WIN32.TROJANCLICKER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[28]=File : C:\System Volume Information\_restore{25310719-AB9E-4C3E-8AF4-29ED6C76CBFE}\RP20\A0038929.exe
Let me know how it goes.
I greatly appreciate your help and time. Keep up the great work
I'l mark this resolved. If you need help again, start a new thread.