Free Malware Removal Forum

[ktreffin]

Nice job....Notice what is not showing in the HijackThis log any longer? We killed that 024 that was being a little persistent.

How are things running? Are you noticing any problems.....

You mentioned getting rid of BitDefender earlier. I see in the RSIT log that it appears that BitDefender might not have uninstalled properly. This is the folder that we are dealing with:

C:\Program Files\Common Files\BitDefender

I don't see anything related to it in the uninstall list. Deleting this entire BitDefender folder ( C:\Program Files\Common Files\BitDefender <== just this one) should take care of it.

One of the items that Kaspersky found is an infected system restore point, the other two I believe may be False Positives. Lets get one more scan, and then we will wrap it up.....

Step #1: Run ESET Online Scan

Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
• Click on the Start button next to it.
• When prompted to run ActiveX. click Yes.
• You will be asked to install an ActiveX. Click Install.
• Once installed, the scanner will be initialized.
• After the scanner is initialized, click Start.
• Uncheck (untick) Remove found threats box.
• Check (tick) Scan unwanted applications.
• Click on Scan.
• It will start scanning. Please be patient.
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:

• Tell me how things are running.
• A New Hijack This Log
• Contents of the ESET Online Scan Log

Thanks,
Ken

[CookieRocks]

Hey,

1) Things are running divinely.
2) Posted is the HJT log - minus that stubborn O24 line
3) Posted is the ESET Online Scan log.

I'm thinking that the computer is clean now, with maybe cleanup job remaining. One thing I wanted to ask was about Restore points. I use TuneUp Utilities on a regular basis, and under an option for freeing up disk space I notice that everytime that I am on the computer, it seems to find 500MB worth of restore points. Is there anyway to configure so that not as many restore points are created.

There are a few entries in the HJT log that I was wondering about, are they essential or needed entries:

1) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dslreports.com/speedtest
(I always wondered what this Entry points to and whether its needed.)

2) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
(I always wondered what this Entry points to and whether its needed. It says 'no file' - do I need it if there is no file corresponding to it.)

3) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
(It says 'no name' - not sure why, but it didn't sit well with me. Also the 'no file' message.)

4) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
(It says 'no file' - do I need it if there is no file corresponding to it.)

5) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
(It says 'no name' - not sure why, but it didn't sit well with me.)

6) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
(Considering I have ESET Smart Security as my AV, would I be using the Online Scanner anymore?)

7) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
(I believe this is something to do with IPOD service, I don't have an IPOD anymore.)

Or maybe I'm just picking out random silly things.

Otherwise, I think the general health is my PC is nop notch once again. Many thanks thus far to you for helping me clean it up and removing all the crap that infested the computer.

Would you assume now that my PC is clean, for me to apply to the MRW University?

Thanks.
Cookie
------------------------------------------------------------------------------------------
HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:01, on 18/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dslreports.com/speedtest
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PS2] "C:\WINDOWS\system32\ps2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-864ee77a564bb8da.spaces.live ... nPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8000 bytes
------------------------------------------------------------------------------------------
ESET Online Scan log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3535 (20081018)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=f97537a7b8d3da4ba388453967dc07a5
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-18 10:08:23
# local_time=2008-10-18 11:08:23 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=398862
# found=0
# scan_time=3063
# nod_component=V3 Build:0x30000000 ()
------------------------------------------------------------------------------------------

[ktreffin]

Hi Cookie,

Let me take a minute and answer some of your questions:

1) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dslreports.com/speedtest
(I always wondered what this Entry points to and whether its needed.)

R1's deal with Internet Explorers Search functions and other characteristics. dslreport.com is a legitimate website. If you wish, you may choose to fix this line with HijackThis. Fixing this line will not be detrimental to your Internet Explorer install.

2) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
(I always wondered what this Entry points to and whether its needed. It says 'no file' - do I need it if there is no file corresponding to it.)

This line is actually now a part of AVG Antivirus. Did you have AVG installed on this system at one time? You are correct by saying that there is no file associated with it. In essence it is still listed in the registry so it shows in the HijackThis log. Once again you may safely fix this line with HijackThis.

3) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
(It says 'no name' - not sure why, but it didn't sit well with me. Also the 'no file' message.)

4) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
(It says 'no file' - do I need it if there is no file corresponding to it.)

These are both the same as the one before (WormRadar). You may fix these with HijackThis.

5) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
(It says 'no name' - not sure why, but it didn't sit well with me.)

This is actually part of your Java installation and should be left alone.

6) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
(Considering I have ESET Smart Security as my AV, would I be using the Online Scanner anymore?)

This deals with the ActiveX component that was installed. There really is no harm in leaving it.

7) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
(I believe this is something to do with IPOD service, I don't have an IPOD anymore.)

Yes it actually deals with Apple network. It is a legitimate file, and there is no harm in leaving it. This is what it actally is: "mdnsresponder.exe is a process associated with "Bonjour for Windows" software. It is used by ITunes for music sharing. "

Would you assume now that my PC is clean, for me to apply to the MRW University?

Yes! Good luck with your application. I will be looking forward to seeing you around the Uni!!

Congratulations Cookie, Your Log appears to be clean!

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like Windows Update) have to be done, the others are optional.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

Clean up with OTCleanIt
Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Update your Anti Virus Software - I would highly recommend that you set your Anti-Virus software to update automatically. Most Anti-Virus programs will update at least once a day, and frequently more than once a day. If you notice that it isn't updating itself regularly and frequently, you should check to make sure your anti-virus subscription has not expired (if it's a paid subscription) or that your settings have not spontaneously changed.

Turn on "Automatic Updates" - In order to make sure your system stays up to date, I recommend that you turn on the "Automatic Updates" feature. To turn on the "Automatic Updates" feature please do the following:

• Click Start and choose Control Panel
• In the control panel double click "Automatic Updates"
• Make sure "Automatic (recommended)" is ticked
• set the time that you would like to check for updates
• Click "OK"

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer including those for Microsoft Office, etc. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
WinPatrol
The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
http://www.bluetack.co.uk/forums/index. ... ils&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can right click/delete the other Hosts Switch icon from your desktop).
When the Hosts Manager comes up, click the small down arrows on the Right side of the bar labeled "Options and Tools",
Click Disable DNS Service. This is important
In the Left Pane, click Download.
It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a separate third party Firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox << Most used, I use this one myself.
Opera

Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
Help! My computer is slow
Slow Computer? Check here first; it may not be malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first!

>> Here << you can see how you can help us.

Have a happy computing day!!

Ken

[CookieRocks]

Hey,

I went and fixed the three entries with HJT that were okayed by you. I also did all that you have suggested.

A big thanks to you for helping me sort this computer out, I truly am grateful.

Just in regards to the amount of restore points that the PC creates by itself, any way it can be toned down? If not then its not a big deal, as tuneup cleans the accumalated restore points automatically every friday.

All in all, a sterling job from you, and thanks once again.

I will try sign up to MWR Uni now, see where it takes me, and look forward to seeing you around on here. No doubt, if I get stuck somewhere, I will ask you

Cheers

Cookie

[ktreffin]

Hi Cookie,

You are very welcome! I am glad everything worked out for you. The Uni is a great place. You will be amazed by the amount of information available.

Regarding the System Restore. If you can wait until Monday night Florida time, I will have an answer for you. I am heading out of town with the family, and we are leaving tomorrow AM. I will return Monday night (10/20). Right now I am on my Vista system, and won't have access to my XP box until then. I will leave this thread open, and will post back when I return if that is acceptable with you.

Once again, glad it all worked out. Soon you will be here helping others too.....

Thanks again for the kind comments.

[NonSuch]

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.