Trojan.killav

[trick508]

need help with my computer. Norton detected Trojan.killav and i thought it took care of the problem but i guess not. now norton spyware and anti virus is disabled. computer is slow and my homepage is always changed on internet explorer. any help you can give me would be great. following is the Hijack log:\\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:13 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/oax/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2170131229-3872886762-2731073557-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sian')
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9854 bytes

[shelf life]

hi trick508,

i dont see anything in the hjt log. try booting into safe mode, then running your antivirus.

to reach safe mode:
tap the f8 key during a computer restart, chose the first option from the list safe mode. run your antivirus in safe mode

can also try this in normal mode:

start hjt, clcik on "open misc tools section"
at the top click on the misc tools section tab
click on open process manager
click on the small clipboard icon

then go to start>programs>accessories>notepad
right click in notepad and select paste
call the list something and save it so you can find it
copy/paste the list in next reply

we will see if anything unusual shows up.
-----------------------------
also do this:
F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml

click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet,Click Full System Scan
Once the download completes (may take awhile),the scan will begin automatically.
The scan will take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.

[trick508]

Thanks for the reply.

I was unable to run my anti-virus in safe mode. I have norton 360 and it said that it cant run in safe mode. Told me to use the online norton virus scan. Problem with that is I cant access the web page from my computer.

When i ran spybot the last time i got the following after the scan:

Microsoft.windows.redirected hosts
(SBI $2CF31C11 redirected host)
www.symantec.com=192.168.200.3

I then hit the fix button and spybot fixes it. I then run spybot again and sure enough the same problem is found. anyway www.symantec.com is the website i need to access for the online norton scan.

following HJT log:
Process list saved on 1:52:48 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
600 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
688 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
732 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
744 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
920 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4100
936 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1116 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1468 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 106.2.0.21 Symantec Corporation
1728 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
968 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation
1296 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1292 C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe 4.0.0.6211 Intel Corporation
1328 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe 0.1.0.10 Intel Corporation
1344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe 1.4.1.0 Creative Technology Ltd
1360 C:\WINDOWS\system32\Rundll32.exe 5.1.2600.2180 Microsoft Corporation
1412 C:\Program Files\Dell\Media Experience\PCMService.exe 1.0.0.1611 CyberLink Corp.
1436 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe 3.0.0.0 CyberLink Corp.
1372 C:\Program Files\Real\RealPlayer\RealPlay.exe 6.0.9.584 RealNetworks, Inc.
1508 C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe 1.0.0.1 TODO: <Company name>
1556 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe 8.20.2.51 Musicmatch, Inc.
1572 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe 1.1.33.1 Sonic Solutions
1624 C:\WINDOWS\system32\dla\tfswctrl.exe 1.4.8.0 Sonic Solutions
1672 C:\Program Files\Common Files\Dell\EUSW\Support.exe 2.1.1.0 Dell
1716 C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe 5.8.10.-13003 Motive Communications, Inc.
1820 C:\Program Files\Common Files\Symantec Shared\ccApp.exe 106.2.0.21 Symantec Corporation
1824 c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe 2.1.0.72
1924 C:\WINDOWS\system32\CTsvcCDA.EXE 1.0.1.0 Creative Technology Ltd
200 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 2.2.824.5515 Google
244 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
268 C:\Program Files\MSN Messenger\MsnMsgr.Exe 8.1.178.0 Microsoft Corporation
324 C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe 4.0.0.6211 Intel Corporation
468 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1.5.0.9 Safer Networking Limited
1212 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1932 C:\WINDOWS\system32\MsPMSPSv.exe 7.0.0.1954 Microsoft Corporation
2136 C:\Program Files\Google\Google Updater\GoogleUpdater.exe 2.2.940.-30727 Google
2504 C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
3568 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1.9.1.1088 Symantec Corporation
2648 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2836 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc.
932 C:\WINDOWS\system32\wuauclt.exe 7.0.6000.381 Microsoft Corporation

as for the F-Secure Scan:

I was unable to run this scan for the following reasons:

i click start scanning button and then accept to install. I then click full system scan but nothing happens. I then get a msg saying"unable to download necessary online scanner components! please try again." I tried this several time and received the same result


thanks

[trick508]

A friend told me to shut down system restore. I shut this down and was able to run my Norton 360 scan but still having problems with auto protect. sometimes it is on and then goes off. So i dont know if I got rid of the virus and it is now a problem with Norton 360.

I was able to run the F-Secure Scan and the following is the log:

Scanning Report
Wednesday, September 05, 2007 15:46:15 - 16:27:10
Computer name: DJHQG061
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 8 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 30030
System: 4377
Not scanned: 6
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 7
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{55C79128-98DA-4A95-923F-599581F2F95E}.BIN
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-09-06
F-Secure AVP: 7.0.171, 2007-09-06
F-Secure Orion: 1.2.37, 2007-09-06
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2007-08-01
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

[shelf life]

hi trick508,

ok thanks for the info.
the problem with norton could be that some virus/trojans can terminate AV. looks like you where able to run the f-secure scan. i dont see any virus in its log though.

lets look in your host file since you cant get to norton:

navigate to:
C:\windows\system32\drivers\etc

right click on the hosts File and "open with" notepad.

you know what, never mind all that.

please download hostsxpert:

http://www.funkytoad.com/download/HostsXpert.zip

unzip to a folder
click HostsXpert.exe to run it
click on "Restore MS host file" then ok to do it
exit the program

you should now be able to get to norton's web site

shelf life

[trick508]

Dont know what to tell you. After I turned off system restore i was able to access the internet for norton and everything seems fine now. I had to uninstall norton then reinstall but besides that the computer runs fine.

do i dare turn system restore back on? any thoughts on it?

[shelf life]

hi trick508,

some problem with norton maybe? who knows, i assume you have run norton after reinstalling it. run spybot once. if all looks good you can make a new restore point:


One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default...b;en-us;310405

shelf life

[tashi]

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.