Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could some one please check up on my system?


  • Please log in to reply
16 replies to this topic

#1 MrDavidoff

MrDavidoff

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 21 January 2009 - 05:26 AM

Hi!

Ive been browsing these forums for help and usefull apps. for quite a while now, but now I actually decided I could post a topic.
For start - Im not native english speaker, so pardon me, if I make some stupid grammar mistake - will try to do my best.

I have MS Windows XP professional SP3 and for virus etc. protection Im using avast, Ad-aware, Spyware Terminator and Sygate personal firewall.

The PC is running "normally" - read : I cant say I would experience any crashes, slowdowns.. I can run all applications without a noticable problems.
But why am I here - about a month ago I was using the internet and from nowhere (no avast pop-up, no virus detection) I couldnt use anything - couldnt
open any antivirus program, couldnt open some programs, couldnt perform a right click and I think internet was off aswell- technically, my PC was dead.

So I tired to boot in safe mode and tried to run avast from there - while It was performing the deep memory scan, it yelled at me, that Im heavily infected
and should reboot and run the deep scan - I think It deleted over 27 files - even from the windows diretory and I should admit, that I did use a combofix
scan at that point aswell.

After that I could use my pc normally again, but also I doubt it cleaned everything - I suspect this is the reason for my weird background processes.
And lately avast popped the detection window on me again - about muwevola.dll and a second .dll thing, that I cant memorize atm.. I deleted it, but it kept
returning, so I deleted this and other one avast reported using Spyware Terminator. then I opened avast, which found some viruses during the initial memory scan - so again, the reboot and deleted 3files in windows. After restarting I got an error on start up a windows error ("X" ) saying that the wevola.dll couldnt be run - but besides that, it didnt do anything, would drop down on its own and then i could work again and now its gone - without me doing anything about it.

So I would welcome, if someone would have a look at this, as I think everything is not :thumbsup: .. althought Its not really limiting me atm, I would
like to double check.

Thanks.
David

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 21 January 2009 - 11:33 AM

Hi David and welcome to BleepingComputer :thumbsup:

Let's take a look using Malwarebytes...

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Edited by rigel, 21 January 2009 - 11:34 AM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 21 January 2009 - 12:01 PM

Hi Rigel !

Installed, updated the Malwebytes, deleted the stuff it found, heres the log-
(note to myself - next time will install in english lan. sorry, I hope you remember the log in general "what is what" :thumbsup: )

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1674
Windows 5.1.2600 Service Pack 3

21.1.2009 17:54:06
mbam-log-2009-01-21 (17-54-06).txt

Typ skenu: Rychlý sken
Objektu skenováno: 47342
Uplynulý cas: 1 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Admin\Data aplikací\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\salizuya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebuhobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by MrDavidoff, 21 January 2009 - 12:04 PM.


#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 21 January 2009 - 01:45 PM

No problems with the language. I am working one in Greek too :thumbsup:

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.


What country are you from???

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 21 January 2009 - 01:53 PM

David... Hold off using SDFix for a moment. Does your computer use a Western Character set?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#6 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 21 January 2009 - 04:53 PM

David... Hold off using SDFix for a moment. Does your computer use a Western Character set?


Ermm.. what ? :D What is that West. Character set and perhaps how do I check it ?

#7 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 21 January 2009 - 08:29 PM

What is the native language of your computer? Google thinks it is Czech tranlation. As far as I know, Europe uses a western character set, but I am not sure of your country. Without knowing that, I am not sure what SDFix will do with your computer. So, we shouldn't run it until sure.


Until then, let's continue with SAS...


Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#8 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 22 January 2009 - 10:26 AM

Oki, Im back.

I used the ATF cleaner - 75+Mb deleted (couldnt use the ATF in safe mode though :thumbsup: - no icon on the desktop)
and here is the log from the SUPERAntiSpyware :


Generated 01/22/2009 at 03:50 PM

Application Version : 4.25.1012

Core Rules Database Version : 3721
Trace Rules Database Version: 1695

Scan type : Quick Scan
Total Scan Time : 00:08:55

Memory items scanned : 443
Memory threats detected : 0
Registry items scanned : 516
Registry threats detected : 0
File items scanned : 12973
File threats detected : 6

Rogue.AntiVirusPro2009
C:\Documents and Settings\Admin\Nabídka Start\Programy\AntivirusPro2009\AntivirusPro2009.lnk
C:\Documents and Settings\Admin\Nabídka Start\Programy\AntivirusPro2009\Uninstall.lnk
C:\Documents and Settings\Admin\Nabídka Start\Programy\AntivirusPro2009

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NNNKJYQR.DLL.VIR
C:\WINDOWS\SYSTEM32\DUYOVAHA.DLL
C:\WINDOWS\SYSTEM32\ZUKEPIVE.DLL


About the Combofix issue - I did use it before and It was using correct characters for me, so I didnt think there could be something wrong with it,
but I havent found a clear "yes" - that my pc would use the western char. set, will have to have another search on it.

#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 22 January 2009 - 11:14 AM

Ok... we will wait with SDFix then.

Please update and rerun Malwarebytes in Full Mode. Post its fresh log. Then run this online check...

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 22 January 2009 - 02:20 PM

Okis, heres the Malwarebytes log :

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1674
Windows 5.1.2600 Service Pack 3

22.1.2009 20:16:19
mbam-log-2009-01-22 (20-16-19).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 118781
Uplynulý cas: 18 minute(s), 50 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)


and here is the Avira log :

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started 22. ledna 2009 - 19:53:29
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 232.88 GB
- Working disk free size : 201.17 GB (86 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_USERS\S-1-5-21-2000478354-2147083713-839522115-1003\Software\SecuROM\License information -> datasecu
Hidden value : HKEY_USERS\S-1-5-21-2000478354-2147083713-839522115-1003\Software\SecuROM\License information -> rkeysecu

--------------------------------------------------------------------------------------------------------
Files: 0/80182
Registry items: 2/422592
Processes: 0/44
Scan time: 00:02:46
--------------------------------------------------------------------------------------------------------
Active processes:
- bghdmtcp.exe (PID 200) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 876)
- csrss.exe (PID 944)
- winlogon.exe (PID 968)
- services.exe (PID 1012)
- lsass.exe (PID 1024)
- svchost.exe (PID 1184)
- svchost.exe (PID 1248)
- svchost.exe (PID 1396)
- Smc.exe (PID 1508)
- svchost.exe (PID 1604)
- svchost.exe (PID 1732)
- aawservice.exe (PID 1796)
- aswUpdSv.exe (PID 1900)
- ashServ.exe (PID 1952)
- spoolsv.exe (PID 512)
- svchost.exe (PID 1488)
- jqs.exe (PID 1500)
- LSSrvc.exe (PID 1572)
- svchost.exe (PID 1616)
- nvsvc32.exe (PID 1672)
- svchost.exe (PID 1872)
- sp_rsser.exe (PID 664)
- svchost.exe (PID 708)
- nSvcAppFlt.exe (PID 1440)
- nSvcIp.exe (PID 836)
- wmiprvse.exe (PID 1340)
- ashMaiSv.exe (PID 1424)
- ashWebSv.exe (PID 2052)
- alg.exe (PID 2332)
- explorer.exe (PID 2496)
- OverClk.exe (PID 3264)
- ashDisp.exe (PID 2980)
- razerhid.exe (PID 3160)
- smax4pnp.exe (PID 3292)
- rundll32.exe (PID 3344)
- razertra.exe (PID 548)
- razerofa.exe (PID 3416)
- SpywareTerminatorShield.Exe (PID 3440)
- QTTask.exe (PID 3520)
- ctfmon.exe (PID 3684)
- wuauclt.exe (PID 1652)
- avirarkd.exe (PID 916)
========================================================================================================
- Scan finished 22. ledna 2009 - 19:56:15
========================================================================================================


cheers :thumbsup:

#11 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 22 January 2009 - 08:44 PM

Much better! Ok, let's do one more SuperAntiSpyware scan. Post its log. Hopefully we will now see 0's

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 January 2009 - 04:02 AM

Okis, heres the log, not 0s, exactly, but only cookies :thumbsup:


Generated 01/23/2009 at 09:56 AM

Application Version : 4.25.1012

Core Rules Database Version : 3723
Trace Rules Database Version: 1697

Scan type : Quick Scan
Total Scan Time : 00:09:52

Memory items scanned : 486
Memory threats detected : 0
Registry items scanned : 515
Registry threats detected : 0
File items scanned : 13047
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@atwola[1].txt
C:\Documents and Settings\Admin\Cookies\admin@ads.ad4game[1].txt
C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt
C:\Documents and Settings\Admin\Cookies\admin@ads.bleepingcomputer[2].txt


Edit - can I ask - is it "okay" to have so many processes running ? I mean eve, if I turn everything off on the right panel, I still have 42, which seems kinda too many. I tried a trial of Ultimate Troubleshooter - to limit processes and app. on start-up, but still wont go down ? =s

Edited by MrDavidoff, 23 January 2009 - 04:27 AM.


#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 23 January 2009 - 10:42 AM

Those are cookies being reported. I think we are clean. How are things running now?

I usually run around 30-40 processes running. It depends on what you have installed. Quicktime, Adobe Reader, Java all have quickstarters and updaters that can be stopped.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 MrDavidoff

MrDavidoff
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 January 2009 - 02:14 PM

I ran all the scans one-after one today, havent found anything, so I guess its as clear as it gets :flowers:

How it runs - like I said, cant say I would have any slow-down moments before, so all we can rely are
those 0s the scanners will show us. Im happy that a lot of stuff has been found and removed though :thumbsup:

I would ask how to disable the quickstarters and updaters - as I have all, what you mentioned.


/Plus I guess I would go offtopic with this, but I have this problem - used Ai booster to up my performance by 10%, now,
cant return it back to normal, as the comp freezes - but thats not a part of this forum :trumpet:

#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:01 AM

Posted 23 January 2009 - 03:26 PM

Let's finish with the cleanup and then we can tackle the questions..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Let me write something up for disabling the startups.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users