please help with cws here is my hijacklog
Logfile of HijackThis v1.97.7
Scan saved at 1:32:50 AM, on 4/29/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\My Documents\My Received Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {8F7D164F-DC1F-4AB9-9A43-6F4B87BED7ED} - C:\WINDOWS\System32\clo.dll (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8159.1663310185
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EAEA55-7B6C-4A93-974C-1DA5950FADBF}: NameServer = 216.163.120.19 216.163.120.21
Thanks
Full Version: cws hijacklog
update, I have tried cwsshredder, ad-ware and a couple of others. I looked at other post and downloaded but did not run the beta-fix.exe and the stardreck file.
below is my last highjackthis
ogfile of HijackThis v1.97.7
Scan saved at 2:45:03 AM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\My Documents\My Received Files\HijackThis.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {FC76A72E-23F0-4C03-878A-85AE16ACC045} - C:\WINDOWS\System32\adjfnh.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8159.1663310185
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EAEA55-7B6C-4A93-974C-1DA5950FADBF}: NameServer = 216.163.120.19 216.163.120.21
thanks again for any help
below is my last highjackthis
ogfile of HijackThis v1.97.7
Scan saved at 2:45:03 AM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\My Documents\My Received Files\HijackThis.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\David\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {FC76A72E-23F0-4C03-878A-85AE16ACC045} - C:\WINDOWS\System32\adjfnh.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8159.1663310185
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EAEA55-7B6C-4A93-974C-1DA5950FADBF}: NameServer = 216.163.120.19 216.163.120.21
thanks again for any help
Hi glowowl
I think we unintentionally missed seeing your post here. Lets go forward then with the Beta-Fix to try to find the hidden file causing the problem. Here is the first step then we need to see the log and attach the win.txt file.
Download Beta-Fix.exe from here: http://freeatlast.100free.com/
Double Click on the Beta-Fix.exe and it will install the batch file in its own folder.
Open the Beta-Fix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the Beta-Fix folder.
Relax, sit back and wait a few minutes while the program collects the necessary information.
*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.
When the program is finished:
Open the Beta-Fix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post) You can just scroll down below the reply box and you wil see the file attachment section. Just browse to the win.txt file on your PC and click on *open* and then *add reply* :)
I think we unintentionally missed seeing your post here. Lets go forward then with the Beta-Fix to try to find the hidden file causing the problem. Here is the first step then we need to see the log and attach the win.txt file.
Download Beta-Fix.exe from here: http://freeatlast.100free.com/
Double Click on the Beta-Fix.exe and it will install the batch file in its own folder.
Open the Beta-Fix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the Beta-Fix folder.
Relax, sit back and wait a few minutes while the program collects the necessary information.
*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.
When the program is finished:
Open the Beta-Fix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post) You can just scroll down below the reply box and you wil see the file attachment section. Just browse to the win.txt file on your PC and click on *open* and then *add reply* :)
I am just happy you are here to help. I usually can not solve a problem in one sitting, so please continue to check up on me. Thanks
I ran the Beta-Fix but had an error. I could not open the Log.txt file. I am attaching it and the Win.txt file
Below is what was on the Beta-Fix screen when it ran and the error message
1 file<s> copied
1 file<s> copied
1 file<s> copied
file.txt
keys1\winkey.txt
1.txt
2.txt
error message:
C:Beta-Fix\logtxt is not valid Win32application.
Any help is welcome
I ran the Beta-Fix but had an error. I could not open the Log.txt file. I am attaching it and the Win.txt file
Below is what was on the Beta-Fix screen when it ran and the error message
1 file<s> copied
1 file<s> copied
1 file<s> copied
file.txt
keys1\winkey.txt
1.txt
2.txt
error message:
C:Beta-Fix\logtxt is not valid Win32application.
Any help is welcome
I was only abe to attach the log.txt , so here is the win.txt
Download the following: (freeware)
'Salamand.zip' from:
http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm
Unzip 'Salamand.zip' to its own folder.
Download 'Registrar Lite' from here:
http://www.resplendence.com/reglite
Install 'Registrar Lite'.
Now we are going to get rid of the hidden DLL that is causing all the problems.
First we need to make it visible:
Copy and paste this line to reglite's address bar. Then press 'Go':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Rename the Folder Windows to NotWindows
(the folder is highlighted as a purple folder in the left hand pane of Reglite)
Click "AppInit_DLLs" and clear the data value:
C:\WINDOWS\System32\D3DGN.dll < -- delete this line ,
'Apply' and 'ok' to set.
Rename the NotWindows folder back to its original name Windows
Restart your computer. <-- IMPORTANT
=== Locate, Move, and Delete Hidden dll ===
Run Salamand.exe.
Using the Menu Items at the top, do the following:
(wherever 'enter' is used, you may cut and paste the bold faced text instead)
a. Left --> Change Drive --> select 'C:'
b. Right --> Change Drive --> select 'C:'
c. Commands --> Create Directory --> enter junk --> press 'OK'
d. Options --> Command Line (be sure it is checked)
e. Commands --> Change Directory --> enter C:\windows\system32 --> press 'OK'
f. Commands --> Find Files… --> press 'Edit'; in 'Search For' enter D3DGN.dll, Uncheck 'Include subdirectories', press 'OK', press 'Start'; the file will be listed in the lower pane.
g. Press 'Focus'
h. Files --> Move/Rename --> enter c:\junk, press 'OK'
i. Left --> Change Drive --> select 'C:'
Into the narrow command window at the bottom (starts with 'c:\>')
a. Copy and paste the following command, then press 'Enter'
cacls C:\junk\*.dll /t /e /g Administrators:f & cacls C:\junk /t /e /g Administrators:f
(you should get 'Processed…' confirmation message)
b. Copy and paste the following command, then press 'Enter'
attrib -r \\?\C:\junk\*.dll & ren \\?\C:\junk\*.dll *.111
(there should be no confirmation message)
In the left pane:
a. Click on the 'junk' folder
b. Files --> Delete, press 'Yes'
=== Reset Registry Permissions ===
Download the attached 'FixRegHome.zip'
.
Unzip 'FixRegHome.zip' to the Desktop.
Double Click on the 'FixReg' folder.
Double Click on the 'FixReg.bat' file.
Post the 'last.txt' to this thread.
Open the Beta-Fix folder and double click on !LOG!.bat.
1. Post the contents of Log.txt in this thread. (You can also attach it as you did before)
2. Attach file Win.txt to the same post. (Please attach, do not post)
'Salamand.zip' from:
http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm
Unzip 'Salamand.zip' to its own folder.
Download 'Registrar Lite' from here:
http://www.resplendence.com/reglite
Install 'Registrar Lite'.
Now we are going to get rid of the hidden DLL that is causing all the problems.
First we need to make it visible:
Copy and paste this line to reglite's address bar. Then press 'Go':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Rename the Folder Windows to NotWindows
(the folder is highlighted as a purple folder in the left hand pane of Reglite)
Click "AppInit_DLLs" and clear the data value:
C:\WINDOWS\System32\D3DGN.dll < -- delete this line ,
'Apply' and 'ok' to set.
Rename the NotWindows folder back to its original name Windows
Restart your computer. <-- IMPORTANT
=== Locate, Move, and Delete Hidden dll ===
Run Salamand.exe.
Using the Menu Items at the top, do the following:
(wherever 'enter' is used, you may cut and paste the bold faced text instead)
a. Left --> Change Drive --> select 'C:'
b. Right --> Change Drive --> select 'C:'
c. Commands --> Create Directory --> enter junk --> press 'OK'
d. Options --> Command Line (be sure it is checked)
e. Commands --> Change Directory --> enter C:\windows\system32 --> press 'OK'
f. Commands --> Find Files… --> press 'Edit'; in 'Search For' enter D3DGN.dll, Uncheck 'Include subdirectories', press 'OK', press 'Start'; the file will be listed in the lower pane.
g. Press 'Focus'
h. Files --> Move/Rename --> enter c:\junk, press 'OK'
i. Left --> Change Drive --> select 'C:'
Into the narrow command window at the bottom (starts with 'c:\>')
a. Copy and paste the following command, then press 'Enter'
cacls C:\junk\*.dll /t /e /g Administrators:f & cacls C:\junk /t /e /g Administrators:f
(you should get 'Processed…' confirmation message)
b. Copy and paste the following command, then press 'Enter'
attrib -r \\?\C:\junk\*.dll & ren \\?\C:\junk\*.dll *.111
(there should be no confirmation message)
In the left pane:
a. Click on the 'junk' folder
b. Files --> Delete, press 'Yes'
=== Reset Registry Permissions ===
Download the attached 'FixRegHome.zip'
.
Unzip 'FixRegHome.zip' to the Desktop.
Double Click on the 'FixReg' folder.
Double Click on the 'FixReg.bat' file.
Post the 'last.txt' to this thread.
Open the Beta-Fix folder and double click on !LOG!.bat.
1. Post the contents of Log.txt in this thread. (You can also attach it as you did before)
2. Attach file Win.txt to the same post. (Please attach, do not post)
update
Every done ok until the end of running Salanad.exe
after i was done, the bottom bar said C:\windows\system32'c:\>' instead of only having 'c:\>"
I completed the task thinking maybe this was ok
I ran FixReg.bat file and attaced the "last. txt" to this message
i did get a the following on the screen
The operation completed successfully
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ
DeviceNotSelectedTimeout REG_SZ 15
GDIProcessHandleQuota REG_DWORD 0x2710
Spooler REG_SZ yes
swapdisk REG_SZ
TransmissionRetryTimeout REG_SZ 90
USERProcessHandleQuota REG_DWORD 0x2710
Error: Access is denied.
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
USERProcessHandleQuota REG_DWORD 0x2710
and then error message say it was not valid with win32 application or something close to that, I was unable to write the exact message before I lost it
I will now run the Beta-fix and attach those files to the next message
Thanks so many times
Every done ok until the end of running Salanad.exe
after i was done, the bottom bar said C:\windows\system32'c:\>' instead of only having 'c:\>"
I completed the task thinking maybe this was ok
I ran FixReg.bat file and attaced the "last. txt" to this message
i did get a the following on the screen
The operation completed successfully
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ
DeviceNotSelectedTimeout REG_SZ 15
GDIProcessHandleQuota REG_DWORD 0x2710
Spooler REG_SZ yes
swapdisk REG_SZ
TransmissionRetryTimeout REG_SZ 90
USERProcessHandleQuota REG_DWORD 0x2710
Error: Access is denied.
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
USERProcessHandleQuota REG_DWORD 0x2710
and then error message say it was not valid with win32 application or something close to that, I was unable to write the exact message before I lost it
I will now run the Beta-fix and attach those files to the next message
Thanks so many times
I was unable to open log.txt so I am attaching it
I got the same error message not valid Win32 application
I will attach the Win.txt file to the next message
never ending thanks
I got the same error message not valid Win32 application
I will attach the Win.txt file to the next message
never ending thanks
win.txt attached
Hi glowowl,
Hmmmm. Something did not go right as the hidden file is still there.
We now have a new improved tool that might be a little easier for you to work with. So let's do this.
Download FindnFix.exe from here: http://freeatlast.100free.com/
Double Click on the FindnFix.exe and it will install the batch file in its own folder.
Open the FindnFix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the FindnFix folder.
Relax, sit back and wait a few minutes while the program collects the necessary information.
*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.
When the program is finished:
Open the FindnFix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post)
(If this board does not provide the ability to attach documents to your post, then please post the Win.txt file in this thread)
Hmmmm. Something did not go right as the hidden file is still there.
We now have a new improved tool that might be a little easier for you to work with. So let's do this.
Download FindnFix.exe from here: http://freeatlast.100free.com/
Double Click on the FindnFix.exe and it will install the batch file in its own folder.
Open the FindnFix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the FindnFix folder.
Relax, sit back and wait a few minutes while the program collects the necessary information.
*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.
When the program is finished:
Open the FindnFix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post)
(If this board does not provide the ability to attach documents to your post, then please post the Win.txt file in this thread)
ran findnfix attaching log.txt but got the following error at the end of runninging it
C:\FINDnFIX\log.txt is not a valid W32 application
C:\FINDnFIX\log.txt is not a valid W32 application
win.txt attached
Thanks. Wow! That's interesting. The first infection I do not see now. Instead we have a different variant of Coolwebsearch. That's going to be another set of steps, but I think we are making progress, believe it or not.
Can you please now scan and post a fresh HijackThis log for me? From there I can writeup the fix.
Can you please now scan and post a fresh HijackThis log for me? From there I can writeup the fix.
I have continued to run adware and update it daily. I hope this is OK I also updated everything at the windows update page. I also deactivated my active X to require permission everytime. Below is my log
Logfile of HijackThis v1.97.7
Scan saved at 1:35:14 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\David\My Documents\My Received Files\HijackThis.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8164.9019212963
I also deleted my notepad icon because it was not working
thanks
Logfile of HijackThis v1.97.7
Scan saved at 1:35:14 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\David\My Documents\My Received Files\HijackThis.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8164.9019212963
I also deleted my notepad icon because it was not working
thanks
Please go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and look for a service called "Network Security Service". If you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
The let me know what you found please. If it was there, we will have a few other steps to follow
Notepad may well have been infected. Best to delete it and I'll get a link so you can get a fresh one.
Scroll down and look for a service called "Network Security Service". If you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
The let me know what you found please. If it was there, we will have a few other steps to follow
Notepad may well have been infected. Best to delete it and I'll get a link so you can get a fresh one.
I did not find it.
I hope that is good news
I did download notepad and it works but I do not have it in the start area
Thanks
I hope that is good news
I did download notepad and it works but I do not have it in the start area
Thanks
I was able to pin notepad to my start up. But I don't know how to get it back under accessories in the all program area. I'll figure that out on my own. I know you time is worth much more than that.
we thank you for your help.
we thank you for your help.
Ok, yes that is good news :)
Actually, it was just FindnFix looking for that service (and didn't find it). Am not used to seeing that tool look for it.
I think you are A-ok, now.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, we highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 1.2 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Actually, it was just FindnFix looking for that service (and didn't find it). Am not used to seeing that tool look for it.
I think you are A-ok, now.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, we highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 1.2 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Thank you!!!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.