Posts by jholland1964

I really don't see anything in the logs.

I really don't see anything in the log.

Give me a new HJT scan ok?

What was the log you posted in your first post entitled Scan Log? You never posted a previous MBA-M log.
If you are having problems uninstalling a program then try the uninstall via Safe Mode.
that MagicDisc causing crashes seems to be a common problem, at least that is what I found when searching.

what are all the other process that are running.

I don't know because you didn't post a complete HJT log. You have to post ALL of it from top to bottom.
Run a new Full Scan, and post the entire log.

i dont want it to be reformatted.
1. my mom does not want to talk it back to the office for reasonsi dont know.
2. i dont want it reformatted either because i will lose a licensed windows.
3. i think i can try

I find this a bit confusing. Why would you lose licensed windows? That doesn't make you lose the license, unless you don't own the computer or the license. Do you have the disks that came with the computer?
Remember, if you do try and it fails then you will have no computer at all.
If the computer is working well then just leave it alone.

they said u can try it . although they did not sound certain
what do u think we should take a gamble

If they sound uncertain and they are the one's who installed it then frankly I would let them do it. I would hate to remove key files, which could happen. If they have given you the computer and are willing to reformat it for you then I would let them do it.

The Malwarebytes' is running as a service. This is only available when purchasing the program so I would turn that off. The programs you have are all good programs that really isn't the issue. The main one I do wonder about is the Peer Guardian. Though I don't really know much about it. Occasionally when trying to clean a computer having them all running in the background will hinder the cleaning because they stop changes being made. I would recommend you turn them all off with the exception of the av program and the firewall.
Can you update MBA-M and run the Full Scan and remove all that's found? I would like to see a log from that.

First thing I see is you are running two anti-virus programs, ESET NOD32 Antivirus and COMODO Internet Security which contains both a firewall AND an anti-virus program. This is an absolute no-no. Rule is ONE anti-virus program and One firewall. You need to uninstall ESET or Comodo but one must go. You are also running PeerGuardian2 which has been known to conflict with some firewalls, whether Comodo is one of those I am not sure. On top of that you are running WinPatrol, MBA-M, SUPERAntiSpyware and SpyBot. Too much as far as I am concerned, as you can see they didn't protect you.
Did you purchase MBA-M? It is running in the background as a service, if you didn't purchase it then this is unnecessary. But it IS the top of the line program on there.
This needs to be updated, AFTER you Uninstall one of those anti-virus programs and then run a Full System scan with it.
When the scan is complete then Be sure that everything is checked, and click Remove Selected.
Then Reboot the computer.
Run HJT again and post the new log along with the MBA-M log.
If you feel all of the other programs are INFECTED then uninstall them.

I found this while searching it says it uninstalls LANDesk but i m not sure UninstallWinClient.exe . Do u think i should try
do u think deleting the folder would help? and later removing the registry values.

You need to check with the tech people at your Mom's office before attempting this.
The items found by MBA-M should probably have taken care of your
MKMKrnl.dll message.
Items found by your AV program probably are related to the combofixes you ran. You need to UNINSTALL Combofix ASAP.
Do it this way and follow the instructions EXACTLY:

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

MKMKrnl.dll was one of the trojans removed. It must still be set to run in Start Up. The computer doesn't know it is a bad file, is looking for it and since it isn't there it tells you it cannot be found.
Update MBA-M and run a Full System Scan with it. Allow it to Remove all found. Then Reboot the computer. and run a new HJT scan and post both logs.
Judy

Is there somebody you can check with in your mother's office who may know what to do with this program? I have a "feeling" this might be what is causing the excessive svchost usage, but I cannot say for certain. Obviously this is a business program, meant to be used with other computers on an office network I imagine. This is why you probably cannot uninstall it. They wouldn't want somebody in an office to be able to do that. See if you can check on it.

Look on the computer for this file:

uninstallwinclient.exe

You couldn't fine the actual Landesk program file or you couldn't find and Uninstall file?

I want you to attempt to UNINSTALL that LANDesk Software program from the computer. Reboot the computer then run a new HJT scan.

ok i will try that once i get back home however the computer was running very slow

And? Sorry but this is getting to be silly. Either you want the computer cleaned or not. Frankly, maybe you had better take it to a shop and let them clean it. I have better things to do than play around here. I have been trying to help you but evidently you doubt that.
You don't want to try any of the steps given, you give half of the information. You run tools not requested. You run requested tools incorrectly.
Since you doubt what I say or choose to ignore what I say I would have to figure you don't want my help.

I am not aware how to remove them.

Look in Add/Remove and see if they are listed there. If they are try to remove them there. Since this is now a personal computer I wouldn't think you would need them

Are those LANDesk Software programs yours or from your Mom's office? Do they have to stay on there if they are from the office, in other words, are you allowed to remove them?

yes i did

Ok, good. Is DE.BAYER.cnb your internet provider?

Please look at these comments from Malwarebytes' Anti-Malware.org

Safe mode doesn't let MBAM load all it's drivers which are often necessary for the best detection and removal results. MBAM works in safe mode but is crippled, so if at all possible it should be used in normal mode in an admin account.

Now look at your scans....the first scan done in Safe Mode DID NOT FIND

Files Infected:
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Nskhelper2.sys (Spyware.OnlineGames) -> Delete on reboot.

WHY? Because it was run in SAFE MODE. In Safe mode that scan took 36 minute(s), 35 second(s)
Now you ran the second scan in Normal Mode and those two files were found...because it was run in Normal Mode.
BUT for some reason that scan only took 16 minute(s), 15 second(s). Not normal time for a Full Scan.
See why I don't know what you are doing or what you have done correctly?
DID you reboot the computer after BOTH MBA-M scans and BEFORE you ran HJT?

A good part of the problem is you refuse to follow instructions as given but insist on doing it your own way.
Why didn't you follow the instructions I gave you? Why did you insist on running it in safe mode after I specifically told you not to do so?
I may be done with this and leave you on your own. Even after I told you to follow instructions you didn't. If you know everything why then did you come here and ask for help?

MBA-M MUST BE DONE in NORMAL MODE. It is not set up to be run in Safe Mode. If run in Safe Mode it will NOT do the full work it was designed to do. Please Follow these instructions TO THE LETTER. I don't want you to do ANYTHING ELSE except what is posted below.

download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT THE COMPUTER
Run a new HJT scan. Post back with the MBA-M log and the new HJT log.

no this is a different computer, that one was a desktop this one is a laptop.
i only ran combofix once after starting windows normally and once in safe mode. cause i forgot it has to be done in safe mode.
yes i posted here after running combofix

Look, I told you in your previous thread and you obviously IGNORED my warning, Combofix is NOT A TOOL that should be run without first being told to do so. It is only for specific infections and you DON'T know what infections you have. It is a tool that is NOT run in Safe Mode, but should be run in NORMAL mode AND you say above you ran it once in normal mode and once in safe mode so you have run it twice on this computer. So you obviously don't know how to run this tool.
You say

SUPERAntiSpyware however it couldnt find anything other then adwares.
unfortunately i could not run the updater as it said it could be blocked by the firewall however this was not the case.

What was the Adware? Adware can be very dangerous.
One piece of Adware showing in your log is a program called Thunderwise which is also known as Adware.Thunderwise...it is a Backdoor Trojan. Very dangerous. You are also showing MKMKrnl.dll which is very dangerous and a fraudulent security program.

How do you know absolutely that your firewall DIDN'T block updates? I don't see a firewall on …

Yes jazzyjaj I do remember you. I went back and reviewed the last thread you had here. On that thread you had run multiple programs BEFORE you posted, including three runs at least of combofix and multiple other programs which are usually only run if a helper instructs a poster to do so. Is this that same computer or a different one? DID you run combofix on THIS computer before you made THIS thread?

Who told you to run Combofix? This is an infection specific tool, NOT recommended unless specific symptoms are showing. Running it without supervision or being told to run it can cause damage to the computer.

Why are you running Windows Installer? What specific program are you trying to install?

Hurricane, this thread is six months old. You need to begin your own thread, stating all your problems and what you have done to try to correct them. Include your HJT log in your new thread and we will try to get things in order.
Judy

You can delete them, there is no reason to keep them. Keep the most recent and get rid of the rest.

Since my logs appear to be coming up clean is it possible that Trend is picking this up from one of the old log files? Do I need to delete everything from all my log files (virus logs, etc) and quarantined files and restart?

What Trend Micro is telling you is there have been changes made to default settings on Internet Explorer, and there have been. We have removed those bad settings which appeared in your logs....this one that you noted:

Internet Explorer settings (6056 changes detected)
(Arrow down)http://red.clientapps.yahoo.com/cust...tp://www/yahoo....

was one that we removed. This was actually NOT yahoo but a "click through" search engine I guess you would call it. What it did was begin to take you to Yahoo search but instead direct you someplace else. It was listed in your 2nd log as this:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

The R1 in front of it indicates this is the default search for your Internet Explorer and the red.clientapps listed before the yahoo indicates it really wasn't yahoo. So this was a BAD one.
I really believe that there is NOTHING on the computer, at least these latest logs are clean. I believe that Trend Micro was notifying you of changes made...it will do this whether the changes are good or bad, it really doesn't know if they are good or bad, just that changes were made.
Now I was concerned because you said this earlier:

I tried to dis-allow, …

Don't attach the logs, we prefer to have them copy/pasted. Prevents possible infection of our computer by having to download and open files from possibly infected computers.
Paste the MBA-M log here when complete. Then do a new HJT scan and post the log here also.
Judy

5684 changes made to IE) and they were all icky website places.

SpywareBlaster secures your browser against potentially unwanted software and sites this is why I am wondering if these were the changes that Trend Micro saw, which would actually been GOOD changes. If so, by undoing them then SpywareBlaster has been disabled.
There shouldn't be websites LISTED in IE unless they were either listed as GOOD or BLOCKED, otherwise there aren't sites listed in IE.
With the latest updates SpywareBlaster has 4826 Restricted sites. Meaning if enabled this many sites are BLOCKED in IE.
It also has a total of 7243 activeX and Cookies BLOCKED in IE.
I really do think that it is very possible that this is what Trend Micro saw. Can you check SpywareBlaster again and be certain that it is 100% enabled and shows NO protection disabled.

Yes, Spyware blaster is set to protect all, I didn't run a scan. The trend micro changes were all in Internet explorer (5684 changes made to IE) and they were all icky website places. So, I checked them to undo the changes in trend. My system is running VERY slow. I have been trying to run a scan with trend, but it locks up...well, let me clarify...it appears to be scanning, but after over an hour, zero targets were scanned. Also, I had this trojan_NOTTY that appeared and one of the things that has happened is that there appears to be a virus on my F: drive - that's the USB port that my printer, camera card reader and iPod go into on the front of my computer. I am going to see what I can find in my trend after I post this.

Tell you what...I am somewhat confused here because SpywareBlaster BLOCKS all nasty websites, you have a firewall, why suddenly would all these sites appear in IE? Are you absolutely CERTAIN that these sites had not been ADDED to be blocked web sites in IE? OR are you certain these were not removed cookies in IE? I really would like to see the actual wording of these warnings and maybe I will better understand.
The other thing...a trojan on your F drive...it doesn't mean the USB port, it means whatever is plugged into it at the moment. What was plugged in there when this trojan was …

What changes did Trend Micro say had been made? Is there a log available, if so post it. Was this the anti-virus program? Are you sure it said 8000? Don't forget there were a lot of infected files on there. Plus you turned off auto starts and also removed Defender, plus turned off Windows Firewall.

DSBroker Service. It's listed under Dell Support, but it has an unknown owner...is that strange?

No, you see that often.
You DON'T run a scan with SpywareBlaster, it is not a scanner program. Are you certain you downloaded the correct program? It is a protection program ONLY. Don't forget it also has 12,299 items it BLOCKS. Maybe Trend noticed some of those. Did you actually run a scan with Trend Micro...do so please.

Looks good to me.

You're welcome Adam. If you feel all is fixed you can mark this thread solved.
Judy

Looks good this time. Now your Java program is WAY out of date so you should install the newest update. Go HERE and download the Offline install, save it to the Desk top.
After the download then go to Add/Remove and Uninstall ALL previous versions of Java you find there. Once the uninstalls are completed then double click on the new install file you downloaded. After it is installed then go back to the download link and click Verify Now in order to test to be sure the dupgrade was successful
I would also recommend that you uninstall AdAware. It just isn't as good as it used to be.
Install SpywareBlaster. Truly a MUST have program. It is Free and good thing is it Does Not run in the back ground. I wouldn't run my computer without having it installed. Download, install, enable all, including the Restricted Sites portion and then close the program. Manually check for updates weekly and enable all new protection.
Judy

Looks pretty good EXCEPT...you have a program running from a TEMP file. This is not a good idea. It should be moved to a permanent location.
The program is Internet Download Manager. It shows throughout your HJT log as being located in C:\Documents and Settings\Default User\Local Settings\Temp\.

I just noticed that it says that the sunasuyu.dll entry is still there, but I deleted it the first time I ran HJT.

Yes, I was afraid of that. There may be more lurking in there. Before I give you other steps do this; Go to http://virusscan.jotti.org/ and upload that file C:\WINDOWS\system32\sunasuyu.dll
It will be scanned by multiple antivirus scanners and then give a read out of what that may be. Post back here with the results and then we can decide what step, or steps, to take next.
Judy

Be sure to run that NEW scan with HiJackThis and post back here with that log so we can take a look.
Judy

@jholland1964..
thanx for ur reply.. but after doing dis do i have to do any other step.. or the problem wuld be solved? ?? :S

Please install and run CCleaner as I instructed.
Then I would like you to choose an anti-virus program from one of those I listed and install it and run a Full System scan with it. Allow it to fix anything that is found. Install a Firewall from one of those I listed.
Then I would like you to reboot the computer and run a new scan with HJT, save the log and post it back here so that we can see if the computer looks clean.
Also please tell us if the computer seems to be running correctly.
Judy

Better. I would like you now to download CCleaner
You can save it to the desktop for easy locating.
Let the program scan your computer. It will show you all items which can be removed Allow it to do this.
100% of your infections were found in temp files. Obviously you are not cleaning these out on a regular basis. There is a reason they are called Temp files, because they are TEMPORARY, NOT to be Kept.

After you run CCleaner then run HJT again, place check marks next to the following entries if they still exist:
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
After you have placed the check marks then click the Fix Checked button.
Exit HJT.
Now it does not appear that you are running either an anti-virus program or a firewall. VERY DANGEROUS as you can see. If you continue to run your computer without these protective programs and continue to hold onto your temp files then you …

It appears you did not reboot immediately after the MBA-M scan please do so now and do another HJT scan. Please post the entire log this time including the very top portion which looks similar to this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:21 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Also what is your geographical location? How are you connected to the internet?

Hi, unfortunately you received incomplete instructions for the use of MBA-M.
You need to run a Full System scan with it again but this time
when the scan is complete
Be sure that everything is checked, and click Remove Selected.
Reboot the computer
Run a NEW HiJackThis Full System scan, save the log like before.
Then post back here with both of those new logs.
Judy

Run HiJackThis again.
This time place check marks next to the following entries if they remain:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
O4 - HKLM\..\Run: [mafosulevu] Rundll32.exe "C:\WINDOWS\system32\wuvajepe.dll",s
O4 - HKLM\..\Run: [e4dfef14] rundll32.exe "C:\WINDOWS\system32\sunasuyu.dll",b

Click the Fix Checked button.
Exit HJT.
Boot to safe mode.
Click Start.

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Now you need to do a File Search for the following files:
C:\WINDOWS\system32\wuvajepe.dll
C:\WINDOWS\system32\sunasuyu.dll

If you find the two above noted in RED Delete them.

Then reboot the computer. Run a new HJT scan and post back here with that new log.

Good. Now run a new HJT scan and post that log.
Judy

You did wonderfully. Combofix ran exactly as it was supposed to do.
Now you need to do the following:
· Make sure that combofix.exe is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
· Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

File::

C:\WINDOWS\system32\vidomovo.dll
C:\WINDOWS\system32\wuvajepe.dll
C:\WINDOWS\system32\wuvajepe.dll
c:\windows\system32\zobubabe.dll
c:\windows\system32\zobubabe.dll
c:\windows\system32\mikomuyo.dll
c:\windows\system32\vidomovo.dll
c:\windows\system32\migirega.dll
c:\windows\system32\fehamito.exe
c:\windows\system32\fehamito.exe

· Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
· At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
· Follow the prompts.
· When it finishes, a log will be produced named c:\combofix.txt

Post back here with that new combofix log.

Yes Jill, you can get rid of that backup folder. As far as the security programs, the one I would actually Uninstall would be Windows Defender. It is just not as powerful or as reliable as MBA-M or Spybot and once in awhile it interferes. As far as the TeaTimer, leave it disabled. It truly doesn't do much, as you have seen. Spybot itself is an EXCELLENT program and definitely keep that one and scan with it weekly. Same goes for MBA-M, but be sure you update both programs before doing scans. MBA-M especially actually has updates daily, sometimes more than once a day so always be sure to update before running.

Also, I noticed that there are several programs running on my log that I tried to remove through the windows add/remove programs.

Which programs are those? Rather than stop programs using HiJackThis I would recommend using this Free program Codestuff Starter. You can stop auto starting programs and also unnecessary auto starting Services using it. It also has a Processes Tab which works much like Task Manager to show you running processes on the computer but it shows much more than Task Manager shows you.
Looking at your HJT log I see the following which can easily be run manually when needed and are not required by the computer or operating system.
BCMSMMSG-this is a voice modem driver. Only required if you are on dial-up
UserFaultCheck-Used in connection with memory dumps
NvCplDaemon-System …

One reason for the slowness is that you have a HUGE number of programs running all the time in the background, most or many auto start and are not needed to do so. I will give you a list of those that don't need to do that shortly and also a FREE program to use to easily stop them.
But first there is another program you need to run. While MBA-M removed a lot, there are a lot of infected files still remaining. Please do the following:
download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take …

Looks pretty good. You can run HJT again and fix these

R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
by place a check mark next to each and clicking the Fix Checked button.
Then Uninstall combofix this way, it is no longer needed:
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

You can also Uninstall HJT via Add/Remove as it is no longer needed.

Next, set a new System Restore point by Right Clicking My Computer. Choose Properties. When System Properties opens click on the System Restore Tab. Put a check mark in Turn Off System Restore. You will get a prompt telling you it will turn it off and you will lose restore points. Click yes or ok. Allow it to turn off.
Restart the computer.
Go back in and do the reverse to turn it back on with a new, clean restore point.
Keep MBA-M and update and do a Quick Scan at least once a week. Remove anything found. If something IS found with the Quick Scan then Immediately run a Full System Scan and remove everything found.
If you computer is running to …

First of all, unless it is impossible to run in Normal Mode HiJackThis should not be run in Safe Mode. You don't get a full picture of the computer in safe mode. Secondly, fixes done with HJT are most generally Clean up fixes AFTER removal programs have been completed. Just removing something with HJT doesn't necessarily remove the offending file, just removes the listing from HJT so please only consider it a scanner program.
Also, there are items disabled from starting using msconfig. Please go back in and make sure all are enabled so we can see what is listed there too. We can give steps for disabling unneeded start ups later, for now we need to see what those may be.

Do the following, and it must be done in NORMAL MODE as MBA-M is configured to scan and remove in Normal Mode:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad …

Hi Jill, Looks good. Couple recommendations and I think you are good to go.
First of all, keep the MBA-M program and update and run a Quick Scan with it at least weekly. Be sure to Remove items found.
If anything IS found during the Quick scan then immediately run a Full Scan with it and Remove all found.
Also a MUST have program, FREE also is SpywareBlaster. I wouldn't run a computer without it. Blocks malicious ActiveX installs by implementing a “kill bit” to prevent those ActiveX programs with known CLSIDs from being executed.
And unlike many other anti-spy apps, SpywareBlaster does not have to remain running in the background. Very highly recommended! From Javacool Software. Download, install, update and then Enable All protection, including the Restricted Sites portion. Works with both IE and Firefox. Then close the program. Just check weekly for updates and enable any new updates.
Now you should also set a new, clean Restore Point on the computer. To do this Right Click My Computer. Choose Properties. When System Properties opens click the System Restore Tab. Put a check mark in Turn Off system restore. Windows will warn you that you are turning it off. Click ok. It will then turn off. Wait a moment and then turn it back on.
Judy