Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypac and “please connect to internet” white screen. [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Then I installed jre-7u21-windows-x64.exe , result was: "You have successfully installed Java".
Then the install sent me to java.com/en/download/installed.jsp and I clicked the "Verify Java Version" button.
The response back was:
We are unable to verify if Java is currently installed and enabled in your browser.

If you have installed Java and there is an error with the verification, there could be a
configuration issue (eg. browser, Java control panel, security settings).

Some time you must close and reopen the browser for the Java settings to take effect in the browser. If you want to check further, go to http://www.java.com click the Do I have Jave link and on that page click the Verify Java version button.

I could not turn on the Java Automatic Update feature because I did not see an Update tab in Java in the Control Panel.
Does this mean go to the Windows Control Panel? Because I didn't see an Update tab there.
But I did type "java" in the "search control panel" in the upper right.
The Java Control Panel icon appears and when I click on it, the Java Control Panel appears.
But it only has 4 tabs: General, Java, Security and Advanced.
I went through all parts of all 4 of the tabs and didn't see a way to turn on the Java Automatic Update feature in any of them.

My bad. The Update tab is not available for 64bit versions of Windows.

Farbar Scanner Service shows that the malware has deleted some Registry values and keys. Including the Firewall. I am going to attach a registry file to repair the keys and a batch file to restart the services, but first we will need to back up the Registry.


Step-1.

Download the attached MultiFix.zip folder and save it to your desktop.[attachment=65001:MultiFix.zip]
Download the attached StartServices.bat file and save it to the desktop.[attachment=65002:StartServices.bat]
Do Not run them yet


Step-2.

Download Tweking.com Registry Backup and Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from one of the links below and save it to the desktop :

    Link 1 Click the Download Now button.
    Link 2 Click one of the Download buttons under Installer
  • Right click the tweaking.com_registry_backup_setup.exe file and select Run as Administrator to install the program.
  • Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected. Click Next > then Finish
  • The GUI(graphical user interface) should open with the Backup Registry tab selected and all options checked (see the image below)
Posted Image

  • Click on Backup Now to create a backup of the Registry.
  • While the backup is being created you will see a screen similar to the one below ...

    Posted Image
  • When completed you should see a message saying something like ... Successful 12/12 Registry Files Backed Up ... (the number of files may vary)

    Posted Image
  • This means you have successfully backed up your Registry, and you can now exit out of the program.
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features can be viewed here


Step-3.

Merge the Registry file

  • Right click on MultiFix.Zip file and select Extract All... >> use the Browse... button to select the Desktop as the extraction location then click on Extract.
  • There will now be a a new folder on your desktop called MultiFix, double click on this to open it...
  • Now right click on Multifix.Reg and select Merge >> click on Yes at the UAC prompt >> Yes >> OK.
This will merge the registry fixes into the registry.


Step-4.

Restart the Services

Right click the StartServices.bat file and click Run as Administratorto run the batch file. It will self delete when completed.
Note: Your machine should automatically reboot. If it does not, reboot your machine manually.


Step-5.

Please run Farbar Service Scanner again using the instructions in Step 4. of post #14 and post the FSS.txt file in your next reply.
  • 0

Advertisements


#17
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi godawgs,

I tried the "Verify Java Version" button again, still getting "We are unable to verify if Java is currently installed and enabled in your browser."
So I did the following:
downloaded jre-7u21-windows-x64.exe again.
uninstalled java, rebooted.
installed jre-7u21-windows-x64.exe again. result "You have successfully installed java"
but when it goes to the verify page, still getting the response back:
We are unable to verify if Java is currently installed and enabled in your browser.

If you have installed Java and there is an error with the verification, there could be a
configuration issue (eg. browser, Java control panel, security settings).

I went to Control Panel, searched for Java, opened the Java Control Panel,
The "General" tab says "Java is enabled in the browser" See the Security Tab.
and on the Security Tab, "Enable Java Content in the browser" is checkboxed.
The security level is set on "High - minimum recommended".

I'll leave the java stuff alone for now godawgs, unless you have any recommendations on this.
I'll wait until my son is around and have him run the web site that requires Java and see if it works.

On to your other steps:


Step 1: downloaded MultiFix.zip and StartServices.bat

Step 2: downloaed tweeking.com, ran "backup now":
Successful! 15/15 Registry Files Backed up

Step 3: used MultiFix.Zip to merge the Registry file
Right click on MultiFix.Zip file and select Extract All... >> use the Browse... button to select the Desktop as the extraction location then click on Extract.
I used the Browse button to select the Desktop: C:\Users\RYAN\Desktop\Multifix
Then after I clicked on "Extract", it did some work, but I did not see a new "Multifix" folder on my desktop (just the Multifix.reg was created, not a folder)

So I just went on to:
3. Now right click on Multifix.Reg and select Merge >> click on Yes at the UAC prompt >> Yes >> OK.
This worked...I got the message:
The keys and values contained in c:\Users\RYAN\Desktop\Multifix.reg have been successfully added to the registry.

Step 4: ran the StartServices.bat file. Output in the command prompt screen was:

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] StartService: OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] ControlService FAILED 1062:

The service has not been started.


ERROR: Unrecognized command

DESCRIPTION:
SC is a command line program used for communicating with the
Service Control Manager and services.
USAGE:
sc <server> [command] [service name] <option1> <option2>...


The option <server> has the form "\\ServerName"
Further help on commands can be obtained by typing: "sc [command]"
Commands:
query-----------Queries the status for a service, or
enumerates the status for types of services.
queryex---------Queries the extended status for a service, or
enumerates the status for types of services.
start-----------Starts a service.
pause-----------Sends a PAUSE control request to a service.
interrogate-----Sends an INTERROGATE control request to a service.
continue--------Sends a CONTINUE control request to a service.
stop------------Sends a STOP request to a service.
config----------Changes the configuration of a service (persistent).
description-----Changes the description of a service.
failure---------Changes the actions taken by a service upon failure.
failureflag-----Changes the failure actions flag of a service.
sidtype---------Changes the service SID type of a service.
privs-----------Changes the required privileges of a service.
qc--------------Queries the configuration information for a service.
qdescription----Queries the description for a service.
qfailure--------Queries the actions taken by a service upon failure.
qfailureflag----Queries the failure actions flag of a service.
qsidtype--------Queries the service SID type of a service.
qprivs----------Queries the required privileges of a service.
qtriggerinfo----Queries the trigger parameters of a service.
qpreferrednode--Queries the preferred NUMA node of a service.
delete----------Deletes a service (from the registry).
create----------Creates a service. (adds it to the registry).
control---------Sends a control to a service.
sdshow----------Displays a service's security descriptor.
sdset-----------Sets a service's security descriptor.
showsid---------Displays the service SID string corresponding to an ar
bitrary name.
triggerinfo-----Configures the trigger parameters of a service.
preferrednode---Sets the preferred NUMA node of a service.
GetDisplayName--Gets the DisplayName for a service.
GetKeyName------Gets the ServiceKeyName for a service.
EnumDepend------Enumerates Service Dependencies.

The following commands don't require a service name:
sc <server> <command> <option>
boot------------(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock------------Locks the Service Database
QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:


So I answered "n" to that question, then the batch file completed and the system rebooted.

Step 5: Ran the Farbar Service Scanner FSS.exe, FSS.txt is here:

Farbar Service Scanner Version: 31-05-2013 01
Ran by RYAN (administrator) on 10-06-2013 at 11:27:31
Running from "C:\Users\RYAN\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Thanks again godawgs!

-Len420

Edited by Len420, 10 June 2013 - 11:38 AM.

  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
What browser does it open when Java goes to the verify page? I will research it further, but in the mean time...

The .reg file repaired all of the missing values and keys and the .bat file started all of the services except BFE and Windows Firewall. So we're making progress. Let's check those services along with the Remove Procedure Call service.

  • Click the Start Orb. In the Start Search box type the following and press the Enter key:

    services.msc
  • The Services window will open.
  • Look in the Names column for the following service Base Filtering Engine
  • Right click on the service and click Properties. The service Properties window will open.
  • On the General tab, look for the Startup type: and make sure it says Automatic. If it says Manual or Disabled, click the down arrow and click Automatic.
  • Make sure the Service status: says Started. If it doesn't, click the Start button.
  • Click the Apply button and then click OK. You should then be back to the Services window.
  • Repeat steps 3 through 6 except look for the following services:
    • Remote Procedure Call(RPC) (NOTE: NOT the Remote Procedure Call(RPC) Locator service)
    • Windows Firewall
  • Close the Services window.
  • Reboot the computer.

Now right click on FSS.exe and click Run as Administrator to run the program again and post the FSS.txt log in your next reply.
Don't forget to answer my question above.
  • 0

#19
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi godawgs:
had a bit of trouble here with error messages:

Running Firefox 21.0, I go to http://www.java.com/...d/installed.jsp

I click the Verify Java Version button, it stays in Firefox 21.0 and
does not open a new tab..just the screen changes to say:

Verify Java Version

We are unable to verify if Java is currently installed and enabled in your browser.

If you have installed Java and there is an error with the verification, there could be a configuration issue (eg. browser, Java control panel, security settings).


I brought up services.msc and found the Base Filtering Engine
Startup type: Automatic
Service Status: Stopped

I pressed the "Start" button and got this error message:

Services
! Windows could not start the Base Filtering Engine service on Local Computer.
Error 5: Access is denied.
OK (button)


Then found:

Remote Procedure Call (RPC)
Startup type: Automatic
Service Status: Started


Then found:

Windows Firewall
Startup type: Automatic
Service Status: Stopped
I pressed the "Start" button and got this error message:

Services
! Windows could not start the Base Filtering Engine service on Local Computer.
Error 1068: The Dependency Service or group failed to start.
OK (button)


FSS.txt:
Farbar Service Scanner Version: 31-05-2013 01
Ran by RYAN (administrator) on 11-06-2013 at 21:26:02
Running from "C:\Users\RYAN\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I may have found an answer for the Java issue but I want to table that right now and work on the services that won't start. It appears that the BFE service is timing out when it queries the configuration of installed services and gives the Access Denied error. We can either look for the service or services that has/have the missing Access Control Entries in the Discretionary Access Control List manually, a time consuming and pains taking process, or we can run some tools and see if it/they can repair the critical services.

This time instead of making a full registry backup we will make a System Restore point. We can always go back to the full Registry backup that Tweaking made if we need to.


Step-1.

Make a Fresh Restore Point

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Before Service Repair
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel

Step-2.

ESET Service Repair

  • Download Service Repair (from Eset) and save to your Desktop.
  • Double click the Posted Image icon to run the program. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Follow the prompts to repair the services. Once the ServicesRepair utility finishes running click Yes to restart your computer.

    Posted Image
  • The tool will create a folder called CC Support in the same diretory (your desktop) the tool is run. Send me the CC Support\Logs\SvcRepair.txt in your next reply.
Windows Firewall and any other critical missing services should work. now but let's check.


Step-3.

Right click the FSS.exe file and click Run as Administrator to run the tool and post the FSS.txt log in your next reply.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The SvcRepair.txt log
2. The new FSS.txt log
  • 0

#21
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi godawgs,

Step-1.

Make a Fresh Restore Point

For Vista and Windows 7:

Click the Start Orb. Click Control Panel. Click System and Maintenance
(actually this was called System and Security on my Windows 7 system)

In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
(actually the Windows7_OS (C:) (System) said "On" under the column heading "Protection"
no checkboxes here. It looked like this:

Protection Settings
Available Drives Protection
SYSTEM_DRV Off
Windows7_OS (C:) (System) On
Lenovo_Recover (Q:) Off

So I pressed "Create" button at the bottom and it created a Restore point per your instructions.


Step-2.

ESET Service Repair

Download Service Repair (from Eset) and save to your Desktop.
I clicked the link, it goes to:
kb.eset.com/ESET/KB%Team%Only/Malware/ServicesRepair.exe
then just sits there...nothing on the white screen. Tried it with:
Open link in new tab, open link in new window...neither works.
I went to kb.eset.com to see if I could find ESET Service Repair, could not find it.

googled servicesrepair.exe
found:
http://social.techne...9-8bd18a5c3aad/
one post says:

http://kb.eset.com/l...vicesRepair.exe
downloaded servicesrepair.exe from there to desktop.
I ran servicesrepair.exe by "right click and run as administrator" instead of double-clicking it. I hope that's ok!
It ran, asked me to reboot and I did.

here is svcRepair.txt:


Log Opened: 2013-06-12 @ 08:41:50
08:41:50 - -----------------
08:41:50 - | Begin Logging |
08:41:50 - -----------------
08:41:50 - Fix started on a WIN_7 X64 computer
08:41:50 - Prep in progress. Please Wait.
08:41:51 - Prep complete
08:41:51 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
08:41:53 - Services Repair Complete.
08:41:57 - Reboot Initiated





Ran FSS.exe, here is FSS.txt:
Farbar Service Scanner Version: 31-05-2013 01
Ran by RYAN (administrator) on 12-06-2013 at 08:46:49
Running from "C:\Users\RYAN\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Thank you godawgs,
-Len420
  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I ran servicesrepair.exe by "right click and run as administrator" instead of double-clicking it. I hope that's ok!
It ran, asked me to reboot and I did.

Same difference. :) The instructions I posted were the ones on the ESET site, but as long as it worked

You should be able to turn the Windows firewall on and I would recommend that you do that until your son can verify with the college whether or not the Symantec program includes a firewall.

Now for the Java problem. Firefox is a 32bit program and requires the 32bit Java application. So you will need to install that...and leave the 64bit application on the PC too.

Go back to the Java download site here
Download the Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe file and save it to the desktop.
Close the browser and all open windows and right click the file and click Run as Administrator to run it and follow the prompts.

Now see if you can get Java to verify in FF
  • 0

#23
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes! That worked perfectly, godawgs, you're a genius! Here's the screen result:
Verified Java Version
Completion checkmark
Congratulations!
You have the recommended Java installed (Version 7 Update 21).

Thanks godawgs....anything else I should do? I did check and the Windows Firewall is running for both private and public networks.
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
That's good news all around. If you're a happy camper the only thing left is to clean up the tools we used.

OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs and Features heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer and reboot the PC.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote), right click and click Copy.
  • :COMMANDS
    [EMPTYTEMP]

  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

Files on the Desktop

MBR.dat
SecurityCheck.exe
checkup.txt
jre-7u21-windows-64.exe
jre-7u21-windows-i586.exe
The Flash Player installer file
MultiFix.reg
StartServices.bat
ServicesRepair.exe


Files on the Desktop

MultiFix.zip
CC Support


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

For Vista and Windows 7
1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Appearance, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name for the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start Orb, click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialize and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
We installed the Tweaking.com Registry Backup program. Keep this and use it to keep the Registry backed up.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#25
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for all your help here godawgs, you provide an amazing service and you did another
great job!
I did have one problem finding the place to delete the old system restore points, but
other than that things are good. Thanks godawgs!

Step 1: I guess I didn't have ESET installed, didn't see it in "uninstall programs"

Step 2: uninstalled AdwCleaner

Step 3: did the OLTcleanup steps and it's gone.

Step 4: deleted that stuff

Step 5: Reset Hidden Files and Folders

Step 6: created new restore point


did the Run > cleanmgr
first it says select the drive you want to clean up, I chose Windows7_OS (C:)
Then it calculates how much space I could save.
Then my "Disk Cleanup for Windows7_OS (C:) window comes up.

I don't have a "more options" tab on my Disk Cleanup window
(I only have the Disk Cleanup tab)
I looked in the "Files to delete" and there is no "System Restore and Shadow Copies"
option there, either.

There are just 2 buttons at the bottom, "Clean up System Files" and "View Files"

In my System Restore FAQ it says:
How long are restore points saved?
Restore points are saved until the disk space System Restore reserves is filled up.
As new restore points are created, old ones are deleted. If you turn off system protection
(the feature that creates restore points) on a disk, all restore points are deleted
from that disk. When you turn system protection back on, new restore points are created.
For more information about system protection, see What is system protection?



Preventing Re-Infection

Windows automatic Updates is on.
installed some updates they recommended.

made IE and Firefox more secure per your suggestions, added the add-ins.

Installed the MVPs Hosts File


Thanks again for ALL YOUR HELP godawgs! Very much appreciated.
You can close this thread.
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

You are very welcome and if you need us in the future just give us a shout.

For the missing More Options tab in Disk Cleanup do this:

Open the Disk Cleanup again.
Click the Clean Up System Files button at the bottom. Disk Cleanup will again ask you to choose the disk. Do so and when it loads, you will have "More Options" at the top again.

Then follow the instructions from there.
  • 0

#27
Len420

Len420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The Disk Cleanup worked...thanks again godawgs and have a great day!
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP