# Norton AntiVirus won't start! Trojan disabling it?



## jormor1991 (Mar 6, 2008)

The title basically explains it all. The funny thing is, I was updating AdAware when it happened. No internet or anything was running except for the update. After the restart, Norton didn't show up on the toolbar and I can't run it at all. Security Center is not detecting any firewall. I tried a system restore but when I get to a certain point I can't click next. I restrarted using last good known config settings, still hasn't worked. I also tried starting up in safe mode. NOTHING! Please help!

Edit: I ran Stinger in safe mode. Still won't start! 

Edit #2: Just ran AdAware. This two viruses were found. I clicked quarantine, hope that's right. I usually click remove, don't know why I clicked quarantine.

PossibleBrowserHijackattempt
Win32.Trojan.Agent

I'm going to restart and see if anything changes!

Edit #3: Just removed a file Malwarebytes' Anti-Malware found called iamfamous.dll. It was in my Firefox folder which probably explains why I was being redirected to porn. Sorry for all the updates, I'm not being impatient, I just want to give you guys as much information as I can. I restarted after the quarantine. Still no luck.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

================

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

=============

Please include the *MBAM log, SAS log and a HijackThis log *in your next reply

Regards

eddie


----------



## jormor1991 (Mar 6, 2008)

MBAM


> Malwarebytes' Anti-Malware 1.34
> Database version: 1749
> Windows 5.1.2600 Service Pack 3
> 
> ...


SAS


> SUPERAntiSpyware Scan Log
> http://www.superantispyware.com
> 
> Generated 02/28/2009 at 09:02 PM
> ...


HJT


> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 9:05:01 PM, on 2/28/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


Thanks so much for helping me!


----------



## eddie5659 (Mar 19, 2001)

Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

==========

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under *Upgrading your Java Runtime Environment*, to download and install the latest vesion.


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.
*Upgrading Java*:

Download the latest version of *Java Runtime Environment (JRE) 6 Update 12*.
Scroll down to where it says "*The J2SE Runtime Environment (JRE) allows end-users to run Java applications*".
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the *jre-6u7-windows-i586-p.exe* and select "Run as an Administrator.")

eddie


----------



## jormor1991 (Mar 6, 2008)

Alrighty, did everything you asked. All the logs are attached.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the late reply, just got a new monitor, and had to test it out on my gaming....and its great :up:

Now, back to you 


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\WINDOWS\system32\drivers\al8tbvgs.sys*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Do the same for this one as well:

*C:\WINDOWS\system32\drivers\avxx5gzh.sys*

eddie


----------



## jormor1991 (Mar 6, 2008)

Okie dokie, I went to the website, but when I went to browse for the files (because it wouldn't let me paste) it said the files could not be found.


----------



## eddie5659 (Mar 19, 2001)

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## jormor1991 (Mar 6, 2008)

You didn't say you wanted the log, so I didn't post it, but if you need it let me know.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the late reply, was away for my birthday, so catching up 

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC
Post a fresh HijackThis log


----------



## jormor1991 (Mar 6, 2008)

No problem, I understand you have a life.  Happy Birthday!

HJT Log


> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 9:12:37 PM, on 3/11/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


----------



## eddie5659 (Mar 19, 2001)

Download ComboFix from one of these locations:

*Link 1*
*Link 2*
*Link 3*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## jormor1991 (Mar 6, 2008)

I already had the recovery console installed. 

Here's the log.


> ComboFix 09-03-13.02 - Owner 2009-03-14 16:24:00.3 - NTFSx86
> Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1982 [GMT -5:00]
> Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
> AV: Norton AntiVirus *On-access scanning disabled* (Updated)
> ...


----------



## eddie5659 (Mar 19, 2001)

Okay, just a few there:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> c:\windows\system32\flvDX.dll
> c:\windows\system32\msfDX.dll
> c:\windows\system32\Smab0.dll


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Also, post a fresh HijackThis log.


----------



## jormor1991 (Mar 6, 2008)

OMG! I'm so sorry! I thought I had posted my logs already. I guess not.

ComboFix


> ComboFix 09-03-26.03 - Owner 2009-03-27 18:54:10.4 - NTFSx86
> Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -5:00]
> Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
> Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
> ...


HJT


> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 5:50:57 PM, on 4/5/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


Sorry again!


----------



## eddie5659 (Mar 19, 2001)

That's okay, my internet at home has been down for a week 

Okay, looks like it hasn't removed it.


Open Spybot Search & Destroy.
In the Mode menu click "*Advanced mode*" if not already selected.
Choose "*Yes*" at the Warning prompt.
Expand the "*Tools*" menu.
Click "*Resident*".
Uncheck the "*Resident "TeaTimer" (Protection of overall system settings) active.*" box.
In the File menu click "*Exit*" to exit Spybot Search & Destroy.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Then, do the following:

Please *download* the *OTMoveIt3 by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt3.exe* to run it. (Vista users, please right click on *OTMoveit3.exe* and select "Run as an *Administrator*")
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):



> :files
> c:\windows\system32\flvDX.dll
> c:\windows\system32\msfDX.dll
> c:\windows\system32\Smab0.dl
> ...



 Return to OTMoveIt3, right click in the *"Paste List of Files/Folders to be Moved"* window (under the light yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply

Close *OTMoveIt3*
*Note*: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Also, post a fresh HijackThis log as well 

eddie


----------



## jormor1991 (Mar 6, 2008)

Bummer.  Sorry for the inconvenience.



> ========== FILES ==========
> c:\windows\system32\flvDX.dll unregistered successfully.
> c:\windows\system32\flvDX.dll moved successfully.
> c:\windows\system32\msfDX.dll unregistered successfully.
> ...





> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 8:40:00 PM, on 4/7/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


----------



## jormor1991 (Mar 6, 2008)

Alright, so I have a problem and I think it's because of the recent changes, not sure. Firefox freezes every two seconds and it stays frozen for about three seconds. I've searched the internet for solutions but didn't find anything. Could this be because of the recent changes and if so is there a way to undo them without harming my computer?

EDIT: Nevermind, I reinstalled Firefox. Sorry!


----------



## eddie5659 (Mar 19, 2001)

Hiya

Flaming internet was a problem last week, and I was ill again, plus away this weekend 

Can you post a fresh HijackThis log, and I'll look at it tonight to see what needs to be done.

Sorry about the wait.

eddie


----------



## jormor1991 (Mar 6, 2008)

Sorry I didn't reply sooner. I had a busy week as well. Here's my log.



> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 3:47:11 PM, on 4/30/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


Thanks again for everything.


----------



## eddie5659 (Mar 19, 2001)

That's okay, late myself 

Re-open HiJackThis and choose *do a system scan only*. Check the boxes of the entries listed below.

*O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - 
*

*Close all applications and browser windows before you click "fix checked".*

---------------

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## jormor1991 (Mar 6, 2008)

I guess we're just both busy bees. Haven't had time to get on the computer that much with my job and exams. Thanks for still helping me though, I appreciate it. Let me know if you need anything else.


----------



## eddie5659 (Mar 19, 2001)

No problem 

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC
Post a fresh HijackThis log


----------



## jormor1991 (Mar 6, 2008)

> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 1:41:00 PM, on 5/24/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


Thanks.


----------



## eddie5659 (Mar 19, 2001)

That's looking a lot better now, hows the computer running?

eddie


----------



## jormor1991 (Mar 6, 2008)

It's great. Everything's fine. I have a question though. What can I do to prevent this from happening again? I try to be real careful of everything I do but somehow things like this always happen to me.


----------



## eddie5659 (Mar 19, 2001)

Yep, I'll post that next, but first, lets clean up the programs that we've used 

----------------

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










---------------------

You can delete the *RSIT* program off your Desktop.

----------------------

Also, you will see the *Runscanner* program on your Desktop. This, along with the *RSReport.run* file can be deleted.

---------------------

We have a couple of last steps to perform and then you're all set.

Please download *ATF Cleaner* by Atribune.

*Caution: This program is for Windows 2000, XP and Vista only*


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

Now, go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the follwing:

 Untick Enable Install on Demand (may be two of them) under Browsing.
 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Custom Settings*.
 From the drop down menu, select *Medium*, and press *Reset* and select Yes. If its already on *Medium*, still click on the Reset button.
 Apply and OK.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: 
*SpywareBlaster* to help prevent spyware from installing in the first place.
*SpywareGuard* to catch and block spyware before it can execute.
*ZonedOut* to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Kerio Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run these free malware scanners 

*Malwarebytes' Anti-Malware*

*Spybot Search & Destroy*
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## jormor1991 (Mar 6, 2008)

AH! I'm sorry I haven't replied. I didn't get an email for some reason so I kind of just forgot about it until today. I'm doing all of that right now.

Edit: Done everything, the only thing I can't do is the Reset and Re-enable your System Restore part. When I click on the tab it's all faded and nothing is clickable.


----------



## eddie5659 (Mar 19, 2001)

Its no problem, I understand as I didn't get any a while back, and missed loads of replies 

Okay, looks like its not even started, so you won't be able to flush them.

We'll have to do this the manual way 

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
_ Modification of the registry can be *EXTREMELY* dangerous if you do not know exactly what you are doing so follow the steps that are listed below *EXACTLY*. if you cannot preform some of these steps or if you have *ANY* questions please ask *BEFORE* proceeding._

*Backing Up Your Registry*
Go *Here* and download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts 
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT* 
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup 
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked 
Press *OK*
Press *YES* to create the folder.
*Registry Modifications*

Go to Start | Run and type the following:

*REGEDIT*

And press OK

Now, on the left, expand the folders until you find this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

Click on it to highlight, and look at the right.

Do you see the Name *DisableSR*?

If so, look at the Data. Is there anything in there, like mine in the screenshot below, or is it set to No Data? If not, click to highlight *DisableSR* and then rightclick and select *Modify]

In the Value data, put a 0 and press OK.

Thats a Zero, not the letter O 

Then, press the X as normal at the top right.

I've enclosed a couple of screenies of mine. The first shows what to rightclick:










And the second, what to change. Mine is already at 0:










You should be able to see the value of the DisableSR in my screenshot, so it should help you to 'see' it on yours.

Any problems, let me know 

If you want to take a screenshot before doing anything, then that's fine as well *


----------



## jormor1991 (Mar 6, 2008)

Thanks for everything!!!


----------



## eddie5659 (Mar 19, 2001)

You're welcome, I take it it worked okay for you


----------

