Posts by DMR

One other thing, can you think of why my pc is a bit slow responding? For example, moving the mouse pointer around the screen, opening folders/files etc.

That can definitely be one of the noticeable effects of a background process which is taking CPU and/or memory resources away from your applications and user-initiated events such moving the mouse, opening folders, etc. More specifically, a symptom like that usually manifests itself in "spurts". That is, your mouse may periodically lag for a moment, but then return to its normal behaviour; if the lag is constant, that may be indicative of some other issue.

I understand that by checking the items then that would speed up the time it takes for the computer to boot up, but would it also speed up the computer generally??

Technically yes- because most of the startup items remain active in the background (hidden) while Windows is running. Whether or not the actual performance increase gained by disabling startup items is actually noticeable to the user is another story.

I don't know how to thank you DMR, for all the time and effort you spent helping me.

Your appreciation is thanks. :)

Glad we could help you get things sorted out.

There are always risks involved with electronic communications, but there's obviously no way to predict whether you will have any problems with it. I personally try to keep sensitive electronic transactions to a minimum.

You're welcome; glad we could help you get it straightened out. :)

Very good. How to things seem to be functioning now?

Checking/"fixing" the items with HijackThis will only remove their autostart entries, not the programs themselves. You can also disable/enable the autostarting of most of those programs through an option in the programs' preferences settings.

found this ,
http://www.justlinux.com/forum/showthread.php?threadid=143973

lol! JL is where I learned about Linux and all the fun of multi-boot systems. It was also where I worked before Dani stuffed me in a canvas sack and brought me here... :cheesy:

Good work- there are no longer any signs of the infection in your log. :)

1. Not related to the infection, but you have the Windows messaging service (which is not MSN Messenger) running. The service is non-critical, and can be exploited by malware.
*Download and run Shoot the Messenger to disable the Messenger service.
* Run another HJT scan and fix the following entry if it is still present:
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

2. Just for verification, please do the following:

* Reboot your computer into Safe Mode again.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Search for the following files/folders and delete them if found:

D:\WINNT\system32\atmclk.exe
D:\WINNT\system32\dcomcfg.exe
D:\WINNT\system32\hp???.tmp
D:\WINNT\system32\ld????.tmp
D:\WINNT\system32\ot.ico
D:\WINNT\system32\regperf.exe
D:\WINNT\system32\simpole.tlb
D:\WINNT\system32\stdole3.tlb
D:\WINNT\system32\ts.ico
D:\WINNT\system32\1024\
(The question marks in the two files above are placeholders for what will really be random letters and/or numbers; "hp100.tmp", for example)

* Empty your Recycle Bin and reboot normally.

Registering voltage where? With what, exactly?
Obviously if you didn't have any DC voltage coming from the power supply, you wouldn't have a working system, so could you please be more specifc about the problem?

Happy Machine is Good Machine :mrgreen:
Gld we could help you get it sorted out.

I take it that you would rather I attach the logs from what you said in your last reply so, thats what I'm gonna do.

I'm not sure where I gave you that impression, but no- we'd rather have logs pasted directly into the posts; they're more accessible that way.
(I edited your last post to include the logs you attached)

And finally... the infections no longer appear in your log! :)

Have HijackThis fix the following "loose ends"; other than that you look good to go:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - Disabled:AutorunsDisabled - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

Yeah- complete with "Instructions for use on a ghost hunt", no less. I think everyone needs one of those things, don't you? :mrgreen:

OK- the infection is being extremely stubborn...

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

Please download the following two rootkit detection tools and save them to new folders of their own:

RootKitRevealer
BlackLight

* Close all open/running programs now.

* Unzip the contents of the downloaded RootKitRevealer.zip file and:
- Click on the rootkitrevealer.exe file.
- Click on the Scan button and let the scan complete.
- When the scan is finished, click on the "Save..." option under the "File" menu; save the report file in the RootKit Revealer folder.
- Close the program.

* In the BlackLight folder:
- Double-click on the blbeta.exe file to start the program.
- Click "I accept the agreement", "next", "Scan"
- After the scan is finished, choose "Close"
- The scan will have created a report log named "fsbl-xxxxxxxx.log, where the "x"s are a string of numbers (a time and date stamp, specifically).

* Post the contents of log files that the two programs genrated.

=========================================
DMR's Note to Self:
C:\WINDOWS\system32\avload32.dll 12.31 KB
C:\WINDOWS\system32\wnlogow.sys 5.36 KB
=========================================

Here we go, then; let's start with the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

* Download ewido Anti-Spyware (30-day trial) - http://www.ewido.net/en/download/

Install and configure ewido:

• Close all other Applications and run hte ewido installer.
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. (It is very important to get the updates)
• Don't run a scan with ewido yet; just close the program when the updating has finished.

* Download ATF Cleaner by Atribune. Save the folder to your desktop or to another convenient location, but do not run it yet.

* Run HijackThis again, put a check mark in the boxes to the left of the following entries, and then click the "Fix checked" button. close HJT once the fixes are completed:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\byxxwtr.dll
O20 - Winlogon …

The ieframe.dll file is a component of IE7, so yes- it's IE7 that you would need to install. Note that I've read threads where people had to uninstall/reinstall Messenger as well (after uninstalling IE7) to totally resolve the problem.

The exact symptom you described is usually a result of failing beam-drive electronics in the monitor, but if it doesn't happen when connected to other computers, then that diagnosis does become less likely.
Have you been able to connect another monitor to the computer in question? That would be the next obvious test.

* Do you mean that the computer disconnects from the router, that the router and modem lose connection, or that you lose DSL signal/sync at the modem?

* If the problem is between the computer and the router, and the computer connects to the router via wireless, connect the computer to the router with a CAT5 cable and see if the problem persists.

Do a hard reset on the router, perhaps? Most Linksii have a small recessed reset button on them somewhere which, if pressed for 10 seconds or so, will clear the router out to its facory defaults.

Hi BTfreek- wlecome to DaniWeb :)

You've definitely got the infection, but you are also using a very old version of HijackThis. Please throw away the version you're currently using, download and run the latest version, and post the log that the new version generates.

We have an entire 12-page thread dedicated to those beasties, please confine GMail inquires to that thread:
http://www.daniweb.com/techtalkforums/thread10502.html

THis log looks a little bit lacking...

Don't worry about SuperSam's posts; they're essentially the same thing that you were up to in this post:
http://www.daniweb.com/techtalkforums/thread49029.html

:cheesy:

Please tell us if the "screen" is a laptop screen or a traditional tube-type monitor. If it's the later, connect it to another computer and see if it exhibits the same sysmptoms. If so, the internal circuitry of the monitor is probably failing.

What sorta nonsense is this??

nonsense that's going to make someone a pile of cash, I'd bet. :eek:

So what about this one?

Hmm.... well, let's just whip out the handy Ghost-O-Meter that I purchased from that site's store and find out...

[IMG]http://www.stevewolfonline.com/Downloads/DMR/Misc/ScreenHunter_001.bmp[/IMG]

DMR are you considering Viewpoint manager to be malicious, because its in his log just so you know.

Yeah- I space on that one a lot, but it should go. Thanks for the eyes.

sdeguzman,

This isn't related to your primary problem, but you should open your Add/Remove Programs control panel, hilight the Viewpoint package, and click the "Remove" button.
(I'm still looking for a solution that directly relates to your AU/esent crashes)

Well this was one of those thinking out of the box problems, now wasn't it.

Yeah, it sure was. I don't know about you, but I like one of these every once in a while- keeps things lively... :mrgreen:

Me too slow as usual :D.

We were both being our usual slow selves at the same time... :mrgreen:

Gosh DMR, I had no clue you were so handsome! :)

Well... I'm, um... :o :o

Do I need to do something to System Restore now?

Yes. Since your log is now clean, it might be a good idea to:

Disable System Restore

1. Log in as a user with Administrator privileges.

2. Right-click on the My Computer icon on your desktop and choose the "Properties" option.

3. In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

4. Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.

and then...

Reactivate System Restore

In the System Restore tab, uncheck the box next to the "Turn off System Restore" option, and hit the "OK" button. There will be a slight delay as Restore reactivates; the Properties window will automatically close when the operation is complete.

The above steps will clear out your Restore folders, the contents of which could include infected files.

1. You need to take care of one thing before we can begin cleaning your system:
C:\Documents and Settings\bec\Local Settings\Temp\HijackThis.exe

The log entry above indicates that you are running HijackThis from within a Temp/Temporary folder. Please do the following:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

2. You have a SpywareQuake infection, which requires a specific removal procedure. The most up-to-date version of the procedure is posted here; after moving hijackthis.exe to its new folder, please follow the instructions in the "Automated Removal" section of the link fully and carefully.

Once you've completed the SpywareQuake removal steps, post a new HijackThis log here, along with contents of the C:\Program Files\RoguesScanFix\task.txt file (which will be created during the removal process). We will work on removing any possible "loose ends" at that point.

You may find clues in the Event Viewer utility in your Administrative Tools control panel. Open the Viewer and look through your System and Application logs for entries flagged with "Error" or "Warning". Double-clicking on such an entry will open a properties window with more detailed information on the error.

There are still a few malicious items evident in your log. Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open your Add/Remove Programs control panel and uninstall the "WeatherBug" program.

* Download Ewido Anti-Malware it is a free version of the program.

1. Install Ewido Anti-Malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

Don't actually run a scan with ewido yet, just close it for now.

* Please download ATF Cleaner by Atribune. Save the file to your desktop or any other convenient locaiton. Again- don't run hte program yet.

* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the …

* Download the Killbox utility and save it to any convenient location/folder.

* Reboot the computer into Safe Mode again; you get to the safe mode boot option by hitting the F8 key as your computer is starting up. Once in Safe Mode:

* Run the Killbox utility.

- In the "Full Path of File to Delete" box, copy and paste the following:
C:\WINDOWS\SYSTEM32\avload32.dll

- Select the "Replace on reboot", "Use Dummy", and "Unregister dll before deleting" options.

- Click on the button with the red circle with the X in the middle and then click Yes at the "Replace on Reboot" confirmation prompt. Click No when prompted to reboot now.

- In the "Full Path of File to Delete" box, copy and paste the following:
C:\WINDOWS\system32\wnlogow.sys

- Select the "Replace on reboot" and "Use Dummy" options.

- Click on the button with the red circle with the X in the middle and then click Yes at the "Replace on Reboot" confirmation prompt.
This time, click Yes when prompted to reboot now.

* Let the computer reboot normally. Once it has rebooted, run another HiajckThis scan and post the new log.

Good work- Your latest log is clean :)
Do things seem to be running smoothly now, or are there still Gremlins lurking about?

Due to the fact that the member who originally started this thread has not responded in quite a long time, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar questions or problems need to start their own threads and post their questions there.
In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

Hi SEQ,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.). Remember that having the same symptom as another member does not mean that you actually have the same problem.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Ah... got it. :)
Makes sense now.

McDaddy17,

Please don't bump your threads with "reminder" posts. It's pretty rare for us to forget a thread, but with a few hundred problems per day to deal with, it can take some time for us to posts follow-ups to all of the active issues on which we are working. Also keep in mind that it's a major holiday weekend in the US, meaning than many of us have other things to do with our "free" time today.

That said:

* Your log is definitely free of any signs of infections, and it also indicates that you a running a relatively "lean" system in terms of startup processes and the like.
However, the following startup items are not critical to their programs' operations; to conserve CPU and memeory resources, you can safely disable them if you wish:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

To disable the above items with HijackThis, run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix checked" …

While it's true that you did have in infection, you are also experiencing a known bug with IE7 components (ieframe.dll, specifically) which is not related to malicious infections. You need to uninstall IE7, as it is known to cause exactly the error with Messaenger that you are reporting.

Remember that IE7 and new Live Messenger are beta releases; they are not stable, and should be avoided until the official public release versions are made available.
Translation: You use beta software at your own risk!

-

An infection is still present, as indicated by this entry in your latest log:
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll

ewido should have flagged the winrge32.dll file; let's try again, this time with the correct, updated ewido instructions:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open ewido, click on the Update menu icon, and then click on the "Start Updates" button. Close ewido once the latest updates are installed.

* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll

* Reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site:

I get the 404 errors as well as DNS and others at random sites....The only I can remember going back to several times with the same results...this the link...
http://www.justrealmail.com/affiliate/link.php?ref=4&productid=2

Yes, that is a dead link. The problem is on the webserver, not your computer. That's probably the case with most of the sites where you encounter the error; expired or "orphaned" links are pretty common.

except Norton Antivirus won't run in safe mode. Maybe it's because its part of NIS???

Right- some verisons of Norton AV don't run in Safe Mode, but I thought it was worth a try.

Ewido ( it's not called Anti Malware anymore, it's Anti Spyware and it's not free anymore...30 day trial. Just thought I'd let you know.

Yeah, thanks- I cut-n-pasted those instructions from an outdated file. My bad.

Oh, after all this, I opened Manage Addons and ds3m32.dll was still there as a browser helper. I disabled it and after I closed and reopened IE it was gone. :)

Cool... but unfortunately, your log still shows signs of infections. That's not surprising, given the number of Nasties that ewido found on your system.

Now after going thru all that I went to this site:
http://www.imageshack.us/v_images.php

and clicked on this link:
http://img2.imageshack.us/click_trac...images_txt_lnk

That link isn't available to me, probably because I'm not a registered member of that site.

I think you did it crunchie!!

And so did you, by the looks of it; good work. :)

There is just one "loose end" in your log that we need to clean up. Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix checked" button:
O2 - BHO: (no name) - {9F0651AC-3A49-4873-8392-B84CF465910E} - C:\WINDOWS\system32\sstts.dll (file missing)

Once the fix has completed, reboot your computer, run HiajckThis again, and post the new log.

-

Your log shows no indications of infections, nor signs of anything (non-malicious) which might be causing the error.

1. Your log does show one thing you need to fix before we continue:
C:\DOCUME~1\SHERWI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

The log entry above indicates that you are running the HijackThis.exe program from within the downloaded HijackThis.zip download package. You are also running HJT from within a Temp/Temporary downloads folder.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Please do the following:

* Create a folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted hijackthis.exe file should open.
* Double-click on the hijackthis.exe file to verify that the program works. If it does, just close hijackthis for now.

2. Open the …

Much better. :) Thanks again for your patience.

The avload32.dll file is being stubborn, so we'll have to take another approach to remove it. Please start by doing the following:

Download haxfix.exe.
Save it to your desktop.
Close down all applications and every browser window.
Double-Click on haxfix.exe to start the installation.
Put a check mark next to "Create a desktop icon".
Click "Next" and follow the prompts on the screen.
When the installation is finished, make sure that "Launch HaxFix" is enabled.
Click "Finish".

A DOS Window will open with the following options to choose:
1. Make logfile
2. Run auto fix
3. Run manual fix
4. Run wnlogow fix
E. Exit Haxfix

Chose "Option 1: Make logfile" by pressing "1" and then pressing Enter.
This will need a moment of your time. When the HaxFix is finished, a textfile opens (haxlog.txt)

Post the contents of the haxlog.txt file here.

-

Ouch! Sorry this got overlooked....

1. C:\Program Files\HijackThis.exe

The above log entry indicates that you are running HJT directly from within your Program Files folder; you need to create a new, separate folder for HJT and move the hijackthis.exe file there now.
HijackThis creates backup files each time it performs a fix, and the backup files will become scattered and unlocatable unless they are in their own folder with the program.

2. Please download the L2MFix utility.
* Save the file to your desktop and double click l2mfix.exe.
* Click the Install button to extract the files and follow the prompts.
* Open the newly added l2mfix folder on your desktop.
* Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter.

This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!

-

There could be any of a number of things going on, but if you'd like to post a HijackThis log for us to review, you can do that:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what (if any) "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Ah- folks... what the devil is going on here?

And more importantly perhaps: what kind of a "request" for help is "Fix it."?

there is a version of Vundo that causes hijackthis to not display the 02 and the 020 entry...

Ahhh.... I was wondering why nothing was showing in the log.
Thanks for that info, Chris!
:)

"Is it possible to install loads of operating systems on one PC (i.e. 10 to 20)?

Yes, definitely- the number of drives you can cram into a system is probably your biggest limitation. Different bootloader programs have a limit to the number of OSes they can handle individually, but that problem can be overcome by cascading bootloaders; a process known as "chainloading".

Maybe I could set a world record.

Well, I know you'll have to do bettter than 6... :mrgreen:

1. Open your Add/Remove Programs control panel and look for an Avast! entry. If you find Avast! listed there, hilight it, click the Change/Remove button, and uninstall the program. Once done, close the A/R P control panel and:

* Run HijackThis again, put a check in the box to the left of the following entry, and then click the "Fix checked" button:
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

* Close HijackThis and then double-click on your My Computer icon. Navigate to C:\Program Files, and delete the "Alwil Software" folder if it still exists.

2. There may be other infected files hiding in your System Volume Restore folders. Please do the following to delete the contents of those folders:

Disable System Restore

1. Log in as a user with Administrator privileges.

2. Right-click on the My Computer icon on your desktop and choose the "Properties" option.

3. In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

4. Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.

Reactivate System Restore

In the System Restore tab, uncheck the box next to the "Turn off System Restore" option, and hit the "OK" button. There will be a slight delay …