Windows XP - Hacker/Virus/Trojan/HELP!! 1

[kafmil]

I was surfing recently without my firewall(zonealarm pro) turned on and i picked up the trickler trojan. Since then i have got the speech recognition software somehow installed on my PC and i've got these icons on the taskbar for handwriting and microphone which i did not put there myself. Now IIS seems to have corrupted all of my local websites in mmc and it has also corupted all of the information on the directories so i have lost all of my websites. I have been getting alot of ICMP requests which zonealarm has been blocking but it sounds like something is already in my computer. Does anyone have any tips on how to find out whats on my PC and how to get rid of it. I ran adaware and used the online symantec virus scan and found cydoor, O97M.Tristate.C and welchia which i have since gotten rid of. i also ran sfc /scannow to reinstall my system files. Also does anyone know of any good recovery software which i may be able to use to get back some of my lost data.(haven't done a backup in a while, but this should teach me a good lesson).
I am running Windows XP.
Can anyone Pleease Pleease help me.
Desparate!!!
Thank you in advance.

 

[crow053]

Try an online scan from a different vendor.Can you do a system restore?

 

[compgirlfhredi]

This is what I found on the virus
O97M/Tristate.C
Alias: Excel97Macro/Tristate.C,O97M/Crown.B,O97M/Triplicate-2,O97M/Tristate.C.Remains,PowerPoint97Macro/Tristate.C,Word97Macro/Tristate.C,X97M/Tristate.C
Category: Office Macro
Type: Virus
Published Date: 7/12/2001
Last Modified: 5/8/2003
CHARACTERISTICS
This is a cross platform virus. Its infection is started from Word, then spreads to Powerpoint and Excel97 files. It will infect PowerPoint files that are new blank presentations by creating a new BlankPresentation.pot, then attempts to infect Excel97, by creating a new book1 in xlstart directory. Under Excel, all .xls files that are opened will also be infected. Under Word all .doc and .dot files that are opened will become infected. Tristate will disable the anti-virus protection that is built into Word, Excel and PowerPoint. The virus will also change the following registry entry from: "HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Excel\Microsoft Excel", "Options6&quot = "Check" to: "Options6&quot = "Whoa". Sometimes after an infection of Tristate has been cleaned up you will continue to get warnings that spreadsheets may be infected. This is happening because the virus occasionally corrupts files, leaving them without file extensions. To fix this; 1) Close Excel and delete C:\program files\microsoft office\office\xlstart\book1, you will also need to delete Normal.DOT and BlankPresentation.POT 2) Open Program | File types and select 'scan all files', then scan ALL drives attached to your local machine and network.
Infected Word document repair notes:
In infected Word documents and templates, the virus has replaced any previously written VBA code in the ThisDocument module. Although Norton AntiVirus removes the viral code from the ThisDocument module, it is not possible to restore the overwritten VBA code.

 

[linney]

These sites offer freeware programs to show you what is loading at Startup.

http://www.lurkhere.com/~nicefiles/

http://www.diamondcs.com.au/index.php?page=products

http://www.dougknox.com/xp/utils/xp_starttrack.htm

If you check the diamondcs link read about TDS-3 and Port Explorer.

Data Recovery links to try.

http://www.restorer2000.com

http://www.runtime.org/hints.htm