CSW and about: blank

My system has CWS and ie hijackers. I have been trying to get rid of it since yesterday. I have following all the suggestions/recommendation posted in various links in Bugs and Alerts. Here is what i have done so far:

Run -- Adaware(latest)
          Spybot(latest)
          Hijackthis.exe(latest)  analyzed at http://hijackthis.de/index.php 
          Reboot in safe mode
         Deleted cookies and history
         Deleted all temporary internet files fromC:\Document and Settings\username\Local Settings\Temp, for each user(currently 4) , EXCEPT for one user, there is a folder called Temporary Internet Files inside Temp which refused to be deleted. There are some .tmp files. Any attempt to delete any file results in message that This cannot be found/check the path etc etc. (I am for sure know this is account where the problem started from.)
         Rebooted in Normal Mode
         Followed the same drill.
I have also installed Giant AntiSpyware, which seems to have stopped my home page from being hijacked, but my hijack log still show the R1s files hanging around. I am in an infinite LOOP here.

Any help will be greatly appreciated.

Thnx in advance

         
kushpawAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SheharyaarSaahilCommented:
Hello kushpaw =)

Are you disabling the System Restore before cleaning the system if its WinXP >> http://www.pchell.com/virus/systemrestore.shtml

Are you running CWSHredder v2.0 >> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

>> but my hijack log still show the R1s files hanging around.
are they somehting like res:// thingies ??
0
kushpawAuthor Commented:
Yes, all the enteries have res://thingies and also there some suspicious entries in windows\system32. I also ran CSWHredder. I found some DSO and CWS enteries.

My home page was set to about:blank again although page was blank but my browser showed about:blank.

0
SheharyaarSaahilCommented:
Then plzz follow the instructions here to remove that res:// hijacker

Homepage set to res://random.dll/index.html#randomnumber Removal Instructions and Help
http://www.pchell.com/support/onlythebest.shtml

About:Blank Homepage Hijacker Removal Instructions and Help
http://www.pchell.com/support/aboutblank.shtml
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kushpawAuthor Commented:
Thanks for prompt response.
I followed instructions from pchell.com. I don't see "only the best" and "about: blank" anymore. However when I started my computer in selective mode, CSWHredder did not catch anything but Spybot caught DSO exploit and couple other.
I have BHOdemon.exe, Antispyware, Mcfee running and still my system in not clean enough.
Is there something else I have to do?
0
SheharyaarSaahilCommented:
>> Spybot caught DSO exploit and couple other
DSO Exploit is a bug in Spybot.... plzz update it to the lates version, or try some possibel solutions from here,

Spybot keeps finding DSO exploit
http://www.computing.net/windowsxp/wwwboard/forum/104837.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.