Windows XP help

XP TIPS AND TRICKS

Perflib_Perfdata_84c

Disable system restore before you run

 

Go here to download CCleaner.

  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the “Options” button.
  • Click “Advanced” and remove the check by “Only delete files in Windows temp folders older than 48 hours”.
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.

 

* Download the trial version of Ewido Security Suite here.

  • Install ewido.
  • During the installation, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.

 

* Click here for info on how to boot to safe mode if you don’t already know how.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Run Ewido:

  • Click on scanner
  • Click the Start Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop

* Start Ccleaner and click Run Cleaner

* Restart back into Windows normally now.

* Run ActiveScan online virus scan here

If still not removed go to next step :

Click here to download Nailfix.zip
Unzip it to the desktop but do NOT run it yet.

Restart in safe mode

Now in Safe Mode:

Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly — this is normal.

Download HiJackThis

Run HJT again and put a check in the following:

R3 – URLSearchHook: (no name) – {02EE5B04-F144-47BB-83FB-A60BD91B74A9} – C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 – REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 – BHO: Band Class – {00F1D395-4744-40f0-A611-980F61AE2C59} – C:\WINNT\dsr.dll (file missing)
O4 – HKLM\..\Run: [mzwlkkl] C:\WINNT\system32\evvqbs.exe r

Close all applications and browser windows before you click “fix checked”.

Close HiJackThis.

* Run Ewido:

  • Click on scanner
  • Click the Start Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop

Start Ccleaner and click Run Cleaner.

Finally go to Control Panel, Internet Options.
On the General tab under “Temporary Internet Files” Click “Delete Files”.
Put a check by “Delete Offline Content” and click OK.
Go to Internet Options, Programs and click the “Reset Web Settings” Button to reset your home and search pages.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

January 27, 2007 Posted by blbsnj | HELP WITH HIJACKERS | | No Comments Yet