Hi ladygreenwitch!

II figured out that my free trial had ended and that's why it wouldn't let me use most of the processes. I reinstalled it to a new email adress and got a new free trial(yes, i know this is cheating ). I did an absolutely total scan(checked everything in custom options). It turned up with some bad cookies which it quarantined and then i deleted them. Alas, my problem persists. Here is the log file.

Hey Leo,

Thanks for getting me the log, let's try doing it without breaking the rules next time, OK? Also, you may find that the cost of SpySweeper is worth the peace of mind, it is one of only two programs that I personally am willing to pay for, (all the rest of my anti-malware arsenal is freeware). If I am not mistaken, near the end of your Free Trial, you will get an offer to purchase for $19.99, and it really does an excellent job.

Let's start by disabling your Hibernation, unless you are particularly attached, this article on hyberfil.sys will explain the space that it may be taking up on your PC.

It appears that you have some items holding up in your Temporary Internet Files folder. Please download CCleaner from my signature. Make sure that all options are selected, including Advanced, answer OK or Yes to all warnings. Click on Analyze, then Run Cleaner. Repeat the process until either no further files need to be cleaned, or the same files keep returning and the utility is unable to clean them. If you have files that CCleaner cannot clean, note their locations and navigate there, right-click on them and uncheck Read Only, then manually delete the files. If you cannot manually delete the files, please note their locations to post back here.

It would also be useful to purge your recovery folder in Spybot S&D. Open Spybot, click on Recovery, Select All, Purge Selected Items.

Once you've completed all of that, let's see where you are. Looking forward to your reply,

TTFN

LGW

hi ladygreenwitch!

I disabled hibernation and purged the spybot folder. I had a few interesting findings with the CCleaner. After deleting a large amount of files after the first scan, the second scan showed only IE Temporary Internet Files (2 files), and
C:\Documents and Settings\MARK\Local Settings\History\History.IE5\desktop.ini, which i figured were normal. I still went to find and manually delete them, but i could not find the specified folder, even showing system and hidden folders. However, during my search, i found a dircetory C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012006082920060 830. Is that normal? Anyway, after rebooting my computer, i used the scanner again and it located

IE Temporary Internet Files (36 files) 0.28MB
C:\Documents and Settings\MARK\Cookies\mark@aim[1].txt 65 bytes
C:\Documents and Settings\MARK\Cookies\mark@aol[1].txt 108 bytes
C:\Documents and Settings\MARK\Cookies\mark@atwola[1].txt 103 bytes
C:\Documents and Settings\MARK\Cookies\mark@revsci[2].txt 263 bytes
C:\Documents and Settings\MARK\Cookies\mark@www.aim[1].txt 77 bytes
C:\Documents and Settings\MARK\Local Settings\History\History.IE5\desktop.ini 145 bytes
C:\Documents and Settings\MARK\Local Settings\History\History.IE5\MSHist012007020520070 206\index.dat 32.00KB
Marked for deletion: C:\Documents and Settings\MARK\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\MARK\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\MARK\Local Settings\History\History.IE5\index.dat
C:\WINDOWS\TEMP\WGAErrLog.txt 43 bytes
C:\WINDOWS\TEMP\WGANotify.settings 409 bytes
C:\DOCUME~1\MARK\LOCALS~1\Temp\jusched.log 170 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 259 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 7.47KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 67 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 504 bytes
C:\Documents and Settings\MARK\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\sett ings.sol 348 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 0 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 160 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{208812A0-1DC0-420B-9E16-DF05669F0051} 5.32KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{7424F9A5-D898-45A2-9D1B-C2C807E79E87} 5.25KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BE07EC16-7161-40D2-9260-CC87A3CD1151} 5.26KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C19F0BBD-E0BA-413E-8AE3-7114D9754324} 5.32KB



I deleted all of these files, and immediately after opening internet explorer, i took another scan, and found

IE Temporary Internet Files (290 files) 1.53MB
C:\Documents and Settings\MARK\Cookies\mark@burstnet[2].txt 158 bytes
C:\Documents and Settings\MARK\Cookies\mark@c.msn[1].txt 68 bytes
C:\Documents and Settings\MARK\Cookies\mark@msnportal.112.2o7[1].txt 124 bytes
C:\Documents and Settings\MARK\Cookies\mark@msn[1].txt 695 bytes
C:\Documents and Settings\MARK\Cookies\mark@pchelpforum[1].txt 438 bytes
C:\Documents and Settings\MARK\Cookies\mark@rad.msn[2].txt 680 bytes
C:\Documents and Settings\MARK\Cookies\mark@tacoda[1].txt 443 bytes
C:\Documents and Settings\MARK\Cookies\mark@www.burstnet[1].txt 75 bytes
C:\Documents and Settings\MARK\Cookies\mark@www.pchelpforum[1].txt 451 bytes
C:\Documents and Settings\MARK\Cookies\mark@yahoo[2].txt 160 bytes
C:\Documents and Settings\MARK\Local Settings\History\History.IE5\desktop.ini 145 bytes
C:\Documents and Settings\MARK\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\sett ings.sol 348 bytes





These are all things i thought i had taken care of with spysweeper(atwola, tacoda, burstnet). Is this the root of the problem?

Looks like they're trying to be stubborn. That's OK, we'll get them.

Do me a favor, and download RegSupremePro from my signature, then boot into Safe Mode,

This time, follow the instructions for CCleaner that I gave you before, if any of the files cannot be cleaned, you will do as before, locating them manually, only this time, when you click on Properties, you will click on the Security tab, and then Advanced, giving yourself ownership of the file. Then delete it. Once they are all deleted, click on Issues, then Scan for Issues, and Fix Selected Issues. Let it fix everything that it finds, name the backup todays date. Repeat this until no further issues are located.

Next run SpySweeper again, letting it quarantine everything that it finds. Save the log to post back here.

Run Spybot S&D, letting it fix anything that it finds, save that log as well.

Now run RegSupremePro, (this is the other one that I actually pay for, ), it will want to make a backup of your cache, let it. Click on the Registry Cleaning tab, and select Aggressive. When it has finished, click on Select, and choose All. Click on Fix, and let it fix everything that it finds. You can also name this backup with todays date.

Boot back into Regular Mode, and post the two logs back here.

Looking forward to your reply,

TTFN

LGW

hi ladygreenwitch!

CCleaner found the same things it did before and seemed to have deleted all of them. he only thing that was left was desktop.ini. Spysweeper did a 3 hour sweep and found nothing. Spybot found errors with firewall and automatic updates (this is a seperate problem i have had for the past year-my firewall settings are locked by "group policy" and everytime i boot my computer, automatic updates is off). Spybot deleted these entries, but i still had the same troubles at reboot. RegSupremePro found 300 errors and fixed them. Upon reboot, the ran Ccleaner after opening internet explorer and found the same bad cookies...... grrrr. When i tried to look for them manually, i can't find them in the cookies folder it specifies. Here are my logs.


(I had to edit my spybot log because it was too big. I deleted all of the log that i was sure wasn't malicious like AVG registry and uninstall list, etc......)

Hey Leo,

Can you please post the urls of the files that keep coming back? Also, just checking, you did do this in Safe Mode, correct?

Looking forward to your reply,

TTFN

LGW

Hi ladygreenwitch,

Yes, i did all of those things in safe mode.

these are the files that keep reappearing

C:\Documents and Settings\MARK\Cookies\mark@atwola[1].txt 103 bytes
C:\Documents and Settings\MARK\Cookies\mark@burstnet[2].txt 158 bytes
C:\Documents and Settings\MARK\Cookies\mark@c.msn[1].txt 68 bytes
C:\Documents and Settings\MARK\Cookies\mark@rad.msn[2].txt 690 bytes
C:\Documents and Settings\MARK\Cookies\mark@tacoda[1].txt 444 bytes
C:\Documents and Settings\MARK\Cookies\mark@www.burstnet[2].txt 76 bytes
C:\Documents and Settings\MARK\Local Settings\History\History.IE5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\MpCmdRun.log 808 bytes
C:\DOCUME~1\MARK\LOCALS~1\Temp\aolbartcache\1\0364 BCBA9566B93BA3B92641053D42FE.jpeg 1.34KB
C:\DOCUME~1\MARK\LOCALS~1\Temp\aolbartcache\1\0629 53F052CCCB61CD3FE948800A34E4.gif 4.49KB
C:\DOCUME~1\MARK\LOCALS~1\Temp\aolbartcache\1\0AE7 4C5B4BBAFF73E22C92F7242F1A69.jpeg 2.60KB
C:\DOCUME~1\MARK\LOCALS~1\Temp\aolbartcache\1\4F7F F5BE0921A1E4198AAB1F66C0CA28.jpeg 1.90KB
C:\DOCUME~1\MARK\LOCALS~1\Temp\toasterWrite1.html 177 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 260 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 0.52MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 57.94KB