IE6 redireting to www2.diymov.com

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kesor

Thread Starter
Joined
Nov 2, 2007
Messages
4
Recently, my internet explorer 6 has been opening by its own to www2.diymov.com. And I dont know how to fix it. Any help would be good.
Here is the hijack log. Thanks for your helping

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:01, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\temp\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\uTorrent\uTorrent.exe
C:\Program\World of Warcraft\BackgroundDownloader.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\temp\lsass.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3440 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download ComboFix to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 

Kesor

Thread Starter
Joined
Nov 2, 2007
Messages
4
I did what you said, here is the logs.

ComboFix 07-11-01.1 - Allmän 2007-11-03 1:13:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1604 [GMT 1:00]
Running from: C:\Documents and Settings\Allmän\Skrivbord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 01:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 00:05 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\Ace
2007-11-02 18:48 <KAT> d-------- C:\WINDOWS\LastGood
2007-11-02 18:46 <KAT> d-------- C:\Program\THQ
2007-11-02 18:40 <KAT> d-------- C:\Program\Activision
2007-11-02 18:39 <KAT> d--hs---- C:\WINDOWS\ftpcache
2007-11-02 10:37 <KAT> d-------- C:\Program\Trend Micro
2007-11-02 10:05 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-11-02 10:05 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\SUPERAntiSpyware.com
2007-11-02 10:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-02 04:14 <KAT> d-------- C:\Program\Yahoo!
2007-11-02 04:14 <KAT> d-------- C:\Program\CCleaner
2007-11-02 01:43 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\Ventrilo
2007-11-02 01:42 <KAT> d-------- C:\Program\Ventrilo
2007-11-02 01:42 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-11-02 01:36 <KAT> d-------- C:\Program\Steam
2007-11-02 00:13 <KAT> d-------- C:\Program\EA GAMES
2007-11-02 00:05 <KAT> d-------- C:\Program\Codemasters
2007-11-01 23:17 <KAT> d-------- C:\Program\Sierra Entertainment
2007-11-01 23:16 <KAT> d--h----- C:\Program\InstallShield Installation Information
2007-11-01 22:37 <KAT> d-------- C:\Program\DAEMON Tools Pro
2007-11-01 22:17 <KAT> d---s---- C:\Documents and Settings\Allmän\UserData
2007-11-01 22:17 <KAT> d---s---- C:\Documents and Settings\Allmän\UserData
2007-11-01 21:44 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\DAEMON Tools Pro
2007-11-01 21:42 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-01 21:42 90,112 --a------ C:\Progr_.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 17:43 --------- d-----w C:\Documents and Settings\Allmän\Application Data\uTorrent
2007-11-02 03:01 --------- d-----w C:\Program\World of Warcraft
2007-11-01 19:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-01 18:49 --------- d-----w C:\Documents and Settings\Allmän\Application Data\Sports Interactive
2007-11-01 18:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-01 18:46 --------- d--h--w C:\Program\Zero G Registry
2007-11-01 18:46 --------- d--h--r C:\Documents and Settings\Allmän\Application Data\SecuROM
2007-11-01 18:44 --------- d-----w C:\Program\Sports Interactive
2007-11-01 18:24 --------- d-----w C:\Program\Delade filer\SpeechEngines
2007-11-01 18:24 --------- d-----w C:\Program\Delade filer\ODBC
2007-11-01 18:07 --------- d-----w C:\Program\VideoLAN
2007-11-01 18:07 --------- d-----w C:\Documents and Settings\Allmän\Application Data\vlc
2007-11-01 18:06 --------- d-----w C:\Program\uTorrent
2007-11-01 18:02 --------- d-----w C:\Program\Delade filer\Blizzard Entertainment
2007-11-01 17:57 --------- d-----w C:\Program\MSN Messenger
2007-11-01 17:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-01 17:40 --------- d-----w C:\Program\Delade filer\InstallShield
2007-11-01 17:39 --------- d-----w C:\Program\DIFX
2007-11-01 17:39 --------- d-----w C:\Documents and Settings\Allmän\Application Data\InstallShield
2007-11-01 17:34 --------- d-----w C:\Program\microsoft frontpage
2007-11-01 17:33 --------- d-----w C:\Program\Onlinetjänster
2007-11-01 17:33 --------- d-----w C:\Program\Delade filer\MSSoap
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 00:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 00:07 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 00:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 00:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 00:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 00:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 00:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 00:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 00:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 00:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 00:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 00:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 00:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34]
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 13:45]
"Steam"="c:\program\steam\steam.exe" [2007-11-02 01:36]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{639e42ab-88aa-11dc-82ea-0019dbd0b933}]
\Shell\AutoRun\command - E:\autorun.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 01:14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 1:14:48
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15:26, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\DAEMON Tools Pro\DTProAgent.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2892 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\temp\lsass.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
 

Kesor

Thread Starter
Joined
Nov 2, 2007
Messages
4
Here is the log file

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nbxudytk

*******************

Script file located at: \??\C:\Documents and Settings\tmrldmow.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\temp\lsass.exe not found!
Deletion of file C:\WINDOWS\temp\lsass.exe failed!

Could not process line:
C:\WINDOWS\temp\lsass.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You're welcome :)

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top