Posts by caperjack

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, uncheck "search for negligible risk entries" in the Prepairing System Scan screen,
and then click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."

sorry, i wrote my post wrong,, i didnt get rid of the boot.ini i got rid of the win2k line, from it, but during boot up it is still there, and also under msconfig, the boot.ini tab, it still list win2k after i have erased it from the ini

From what i read on the site i posted ,you remove the line frome the boot.ini ,then you have to delete the win2000 folder .Read it carefully

use the following bootdisk to change your admin password: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html - you can't recover the current password as it is encrypted in a md5 hash which as of now is not decodeable - good luck!

The person doesn't want to change the password just crack it so that no ones knowes he was in past where he's /she is allowed to go .
I think i can speak for the Admin and Mods of this fourm on this one .
This is not what this fourm if about ,we do not offer that kind of help here .

I dont want to reset the password....just wanna know the password without much fuss....Any help on this would be greatly appreciated!!! Thanx & PLEASE HELP!!!

Thanks, killer _Typo.

Ditto to the killers responce

Got this laptop with MS Windows 2000 5.0 SP 4 in it. Now I am just a user assigned to this laptop. Dont have administrator rights. Cant download anything on this laptop.....dont even have winzip installed in this & can download it.

The person who setup this laptop is unavailable. Can someone please tell me how to know the admin password on this laptop...any software that is available for free. Please remember that cant download stuff...(atleast on this but can ask someone to do it & then run it here).....Is there any way anyone knows how to do it.....

Went thru a coupla sites on lost admin passwords...but got all confused.....I dont want to reset the password....just wanna know the password without much fuss....Any help on this would be greatly appreciated!!! Thanx & PLEASE HELP!!!

Yeah,Right ,Sorry i don't thing that info can be found on this fourm,not me anyway ,anyone else here know the password to this computer .,LOL,just kidding .
Best to wait till the person with the password is avaiable ,password software tools and be dangersus to use !.
Also ,there is a reason that you don't have admin rights ,Right .

ok i got rid of it in my boot.ini, but when i do run/msconfig/boot.ini tab, it still shows it there. i dont understand...

Sorry ,Were did it tell you to get rid of it ,you are just to modify it !!

I got Winxp and win2k installed as a duel boot, im currently using xp and the win2k folders are in my c directory, i just want to remove 2k from my computer, and keep xp with out reformating or reinstalling.. what do i do...
when i put winxp cd in i was told to pretend as if i was reinstalling xp and delete the partion then quit, but i see one partion, and im afriad if i do, it will format xp.. HELP i also have win2k cd

This sounds to simple ,.
http://www.pctechnicians.ca/help/delxpw2k.html

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you …

Yes, the monitor has onscreen display. I also didn't realize that my video port was connected to the motherboard, it's not a separate card. Does this mean that the motherboard would need to be changed in order to correct the problem ?

Motherboard ,with onboard video can also have an AGP video slot to upgrade the video to something better.You can also add a PCI video card ,You could look around for a old 2meg PCI card [a bout 5 bucks ] just to troubleshoot computer.,The onboard video will need to be disabled to do either of these .

If you have onboard video ,it could be that you toasted the Board ,or just the video chip .

After you get it all fixed and things are working good ,Download and install these 3 programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

========================

i can say, this really worked for me! thanks a lot!

Good to here it helped !:)

I haven't read your reply, I just noticed something and wanted to get it in here. I found in my System 32 folder a file named lsass.exe (,C:\WINDOWS\system32\lsass.exe) isn't that a sasser worm? Why isn't it showing up on the hjt scan? I'll go back and read your reply now.

Not the sasser ,thats a legit windows file ,the sasser one is spelt different like lssaass or something simular to the orignal.

So how do I go about removing XoftSpy and get rid of the trojan.bookmarker.gen? This thread is getting kind of long now, should I start a new one?

No don't start a new thread .

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.................................................

Oh, one more thing, is it safe to remove all the references to incredimail in the Regisry Editor since the program has been removed?

Yes ,you can edit the registry and delete all incredimail stuff.
Don't forget to backup you registry first !:)

Also hijack this should be in afolder and not just on the c like this .
C:\HijackThis.exe
create a new folder call it HJK or something like that , and move it there .so it looks like this
C:\HJK\HijackThis.exe

To night when i have more time i will start from your first post and read this thread over again an see if i can see what I'm missing .

I purchased and ran XoftSpy. It found many things no other programs had

Thats because the program installed the things it said it found ,when you installed the program ,to Dupe you into buying it !!!!

There is a list of bogus spyware removal tool for sale on the net and your makes the list ,Check it here for the discription of the one you bought ,[
http://www.spywarewarrior.com/rogue_anti-spyware.htm
]Sorry to here you were duped into buying something that can be had for free and are better ..like Spy-bot ,ad-aware ,Spywareblaster ,spywareguard.IE-Spyad.to name a few .

Sure, post away .

Reinstall your video card drivers !

Try this ..

Download this .reg file to a temporary place, like Desktop. http://www.spywareinfo.com/downloads/tools/IEFIX.reg
Double-click on it and answer Yes.
It will restore all the default Search settings for IE.

I was going to suggest it a few times ,but some people love it and cant do with out it ,or so they think. so I was shying away from telling people to remoce it !!Nowing that it causes the problems it causes ,because I installed it once back in 97!!:)
WebFlds doesn't seem to be a problem ,seems to be a legit windows file/program.

OK. I found the instructions on how to use Adaware and Spybot a bit confusing, so I hope I did this right. Here is the final hijack report.

Read slow and it will seem like you know what its saying ;) LOL

......................................................................................................

you picked up the Sasser worm since your last post .run this online virus scan ,be sure to check auto fix .
http://housecall.trendmicro.com/housecall/start_corp.asp

Also download and install the windows Sasser patch here .
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

......................................................................................................
Do this before you scan for the virus/worm

Disabling System Restore on Windows XP

IMPORTANT NOTES:

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the …

how i can remove the password to get in the laptop. gateway solo 2000 p3c
i don't remember my password

Look up above where you come into this thread ,click where it says new thread ,and tell us what password you forgot,bios/or windows

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

...........................................................
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ienmcl32.dll

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

C:\WINDOWS\System32\Ienmcl32.dll.......delete file

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start …

Wanna ,reboot and post a new log just to make sure you got rid of all the baddies !:)

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update …

Reboot computer a few time may set things right

how to unhide hidded files .
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

I've never used the program ,Never had the opertunity to have to use it .I just read about using it and i know it can get confusing!!Thats why i posted the link to it being explained better than i could explain it .Sorry

almost ,fix this one .follow the same instructions as before
O19 - User stylesheet: C:\WINDOWS\win32.bmp

Then delete this file ,you may need to do it in safe mode .
C:\WINDOWS\win32.bmp...delete file

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Fix the following if left after running cwshredder ans ad-aware .....................................................................

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=4444

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wholeworldmarket.com/search/

O4 - HKLM\..\Run: [vwhahij] C:\WINDOWS\vwhahij.exe

O4 - HKLM\..\Run: [jsrajqt] C:\WINDOWS\jsrajqt.exe

O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKCU\..\Run: [ChkMail] ¸@9

this one is Not malware but suggested fix because its a rescource hog and not needed at atartup.
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O19 - User stylesheet: C:\WINDOWS\win32.bmp

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Make sure you had Ad-Aware setup like this when you last ran it .
Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

And after that, please do the following:

reboot computer and post a new …

\ W I N D O W S \ S y s t e m 3 2 \ h l p m i d b . d l l

Is the offending dll you need to rid the computer of it .

Same problem here,just different differnt dll..this is the one i was watching .
http://forums.techguy.org/t249763.html

Study this tutorial,and google search ones you think look bad.or out of place next time you scan with hijackthis .
http://www.spywareinfo.com/~merijn/htlogtutorial.html

Search ,CLSID [the 016's]- BHO [the 02's]Herr to see if they show up ad good or bad .
http://computercops.biz/CLSID.html

search startups /run/runonce [the 04's]here!Just copt and paste the .exe's [like this one -MSMSGS- or its exe ,msmsgs.exe ]into the search field
http://www.sysinfo.org/startuplist.php

Hi ,its a nasty one that im still trying to figure out how they remove it ,This is from another fourm ,same problem ,this is what they are telling the person to do if you want we can try there fix .may take some time as they are just starting the post .
do the following .for starters.

.Quote from other site
..............................................................................................
Your not going to get rid of this one with CWShredder. You have a hijack which can be removed using CWShredder but will be reinstalled by a hidden file. So first we have to find the hidden file and remove it.

Copy the contents of the quote box to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt

Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Attach the windows.txt file here to your next post please.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q255867
From God !:)

Looks ok to me to

This is bad ,
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll
check here for removal instructions .
http://www.pestpatrol.com/PestInfo/i/idonate.asp

just continus here when you come back

If you used hijackthis to fix , CTHELPER.EXE ,then it isn't going to show up any more in msconfig .I wouldn't delete it from the system32 folder.

The 04 entrys of the hijackthis log are whats in msconfig !

Yeah its safe to fix it with hijackthis as it will create a backup if something isn't right after the fix .
Just run hijack in normal mode ,run it again and fix all items suggested in the earlier post and reboot and run again and post the fresh log .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please print a copy of these instructions because you will be working with all windows closed except HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=D:\WINDOWS\SYSTEM32\Userinit.exe,

Check this out ,do you know what it is , i don't like the fact that its running from a temp folder ,If you know what it is leave !If you don't know what it is fix it and go to the temp folder and delete it .

O4 - HKLM\..\Run: [BTFirstRun] D:\DOCUME~1\Chris\LOCALS~1\Temp\Firstrun.exe /BT Yahoo Install

Also cant find any info on this one ,do you know what it is ??Fix if you don't know what it is.
O4 - HKLM\..\Run: [Byte dale] D:\PROGRA~1\Hide Mix Move\play four.exe

Reboot and post new log

Ok ,i need to go back one step ,Pleas do the following '.
Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning …

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

..................................................................
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...p://about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,

O2 - BHO: Forkbat - {55C375D8-7D5E-1F21-9360-3103E79E0323} - D:\PROGRA~1\ANTILE~1\Close Upload.dll

O3 - Toolbar: Heart Comp Mode - {45C50406-2BAE-7837-BD43-5FF98F0E7D57} - D:\PROGRA~1\ANTILE~1\Close Upload.dll

This one suggested fix because it a rescource hog.
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} -

Well first you have the blaster worm. so go here for instruction on removing it .
http://www.pchell.com/virus/msblast.shtml
Then post back with a new log

Are you sure thats a full log ,usually more after the 08's

Some trojan.virus realeated info in you log ,so please go here and run the free online virus scan ,check auto fix,, before you scan .http://housecall.trendmicro.com/housecall/start_corp.asp

Welcome Newbie.JAY_2 !:)
A lot more baddies in you log than Bridge .dll
Give these programs a try one at a time following instructions carefully .Good luck .
Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."

for the task manager problem just open it and double click on the large area at the bottom.don't know what happened to system restore .

Right on ,well done >)

Make sure you set Ad-aware up like this .

After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

How about with the windows cd in the cdrom ,go to start/run and type in, SFC