[Gingersnap21]

I also just tried to open IE and it isn't opening. I've been using Firefox instead and it seems to be fine

[Advertisements]

Please got to system restore and restore back to the DSS restore point and I will approach this a different way

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue that opens select the Deckard system scanner restore point and click OK

Please repost a new Hijackthis log on completion

[Essexboy]

Please got to system restore and restore back to the DSS restore point and I will approach this a different way

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue that opens select the Deckard system scanner restore point and click OK

Please repost a new Hijackthis log on completion

[Gingersnap21]

I left my computer on last night and it was able to run the complete scan of DrWeb Cure It. It found a couple of trojans and I deleted them and saved the report. I am using my laptop right now because the desktop doesn't seem to have internet access. I also haven't done the system restore. Do you still want me to do that?
Thanks!

[Essexboy]

If you are still having problems with IE then yes

Also could I have the dr webb log

[Gingersnap21]

Here is the Dr. Web log

A0060767.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060770.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060772.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060773.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060775.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;Tool.Prockill;Deleted.;
A0060777.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;Tool.ShutDown.11;Deleted.;
A0060800.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060802.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060803.exe;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP486;BackDoor.IRC.Chazz.38;Deleted.;
A0060892.dll;C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP489;Trojan.NtRootKit.103;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Deleted.;

[Essexboy]

The sysrestore is not a problem as we will remove that at the end, Proc kill is a tool used by us for killing processes but it can also be used by the bad boys.. What is your current status

[Gingersnap21]

IE was a little slow opening this morning but I didn't see the about:blank in the corner. I didn't have any pop ups get through either.

Can you recommend a good anti virus program and firewall? The one I'm using now obviously is lacking.

[Essexboy]

Unfortunately all antivirus programmes are vulnerable as they are playing catchup at all times. Untill the malware gets into the wild then it cannot be detected, except maybe by heuristics but that does cause a lot of false positives.. So I guess you can say that no AV is 100% good they will all let something through.

I use the Pro version of Avast but others swear by ESET or AVG or Norton, there is no good answer to this so it is really a matter of getting one that you feel comfortable with.

Lets now clear away my tools and clear the restore point and see how it goes. On completion of the cleaning I would recommend that you download and run Auslogics Disc Defragmenter (it is better than the windows version)

Now the best part of the day ----- Your log now appears clean

Double click OTScanIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Could you let me know how it is running now

[Gingersnap21]

I took care of everything (I hope) from your last post. IE was a little slow inloading this morning and I thought that I saw the about:blank flash in the cornern when it was loading. The only other problem that keeps showing up is a SVR.host error that says The instructions at Oxc4e9b825 referenced in memory at Oxc4e9b825 could not be read. Click OK to terminate program. Otherwise things seems to be running faster. Thanks

[Gingersnap21]

After I posted the last reply and logged out of here, I did see it flash for a split second 'Waiting for about:blank' Does this mean that it hasn't been completely removed? Also all of the IE pages now say, 'Done, but with errors on page.'

[Essexboy]

Could you type into your address bar on IE about:blank and let me know the result as IE has that page for when navigation has been cancelled or it cannot find the required page

[Gingersnap21]

It comes up as a Blank Page with the Restricted Sites symbol in the lower right hand corner

[Essexboy]

That checks out. But, to be absolutely sure I will run an old programme just to double check that you have not contracted a 3 year old infection

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

I will be interested to see if it finds anything

Also see this page http://googlesystem....r-homepage.html

[Gingersnap21]

When I checked for updates for CWShredder, it said it wasn't able to.

[Gingersnap21]

I ran the CW shredder even though it wouldn't do updates. It didn't find anything.