I was just handed a PC with 1017 viruses/malware/spyware items. My antivirus deleted 
1017 viruses and the machine was virus free after the 4th sweep. I ran AdAware and 
eliminated all the spyware. Then I put it online and did Microsoft updates. As soon 
as I did, I had popup windows for hornywives or something similar and a few other 
items.

Where is this being triggered and how do I eliminate it?

Tip: Run a free scan for common Windows errors ad

re: Browser hijack Sunday, February 17, 2008 at 2:59 pm Posted by Ricer46 (20448 messages posted) When you get a system that is that screwed up, the best bet is to do a clean install. On Sunday, February 17, 2008 at 2:51 pm, George Cowley wrote: >I was just handed a PC with 1017 viruses/malware/spyware items. My antivirus deleted >1017 viruses and the machine was virus free after the 4th sweep. I ran AdAware and >eliminated all the spyware. Then I put it online and did Microsoft updates. As soon >as I did, I had popup windows for hornywives or something similar and a few other >items. > >Where is this being triggered and how do I eliminate it? > [Reply or follow-up to this message] re: Browser hijack Sunday, February 17, 2008 at 3:01 pm Posted by George Cowley (154 messages posted) Yes. I suspect that's what the system needs. To be honest, if I was charging the lady, I'd tell her it was cheaper just to get a new computer. It's a Dell 2400 with a CD/DVD ROM, 128mb DDR and 40GB HDD. It's very basic. Her children appear to have been using it to access porn judging by the registry entries. If I can fix it without a reinstallation that'd probably be best. I don't think the lady has a ton of money. I'm not too sure whether Dell's reinstallation partition works anyway. On Sunday, February 17, 2008 at 2:59 pm, Ricer46 wrote: >When you get a system that is that screwed up, the best bet is to do a clean install. [Reply or follow-up to this message] re: Browser hijack Sunday, February 17, 2008 at 6:14 pm Posted by Johnb33 (1622 messages posted) Its funny, I just got done working on a Dimension 2400 as well that was so screwed up. The best thing you can do is post a hijackthis log at a spyware forum and they can help you out by running different programs to download to clean the infections that are still on the computer. There are many to choose from, but only register and post on one site. On Sunday, February 17, 2008 at 3:01 pm, George Cowley wrote: >Yes. I suspect that's what the system needs. To be honest, if I was charging the >lady, I'd tell her it was cheaper just to get a new computer. It's a Dell 2400 with >a CD/DVD ROM, 128mb DDR and 40GB HDD. It's very basic. Her children appear to have >been using it to access porn judging by the registry entries. > >If I can fix it without a reinstallation that'd probably be best. I don't think the >lady has a ton of money. I'm not too sure whether Dell's reinstallation partition >works anyway. > > > > [Reply or follow-up to this message] re: Browser hijack Sunday, February 17, 2008 at 6:56 pm Posted by Ari (1287 messages posted) Adaware didn't eliminate all the spyware...just all the spyware it could FIND. All of the various antispyware programs miss things that others find. They each have their strengths and weaknesses. Your best bet is to scan with a couple of other Spyware scanners to find whatever Adaware might have missed. In your shoes, I might try the free scanner at free.prevx.com, and also CWShredder (which is aimed at one particular Trojan, CoolWebSearch, but does a great job against it.) On Sunday, February 17, 2008 at 2:51 pm, George Cowley wrote: >I was just handed a PC with 1017 viruses/malware/spyware items. My antivirus deleted >1017 viruses and the machine was virus free after the 4th sweep. I ran AdAware and >eliminated all the spyware. Then I put it online and did Microsoft updates. As soon >as I did, I had popup windows for hornywives or something similar and a few other >items. > >Where is this being triggered and how do I eliminate it? > [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 8:01 am Posted by Kevinh (238 messages posted) Did you turn off system restore before running the AV and anti spyware, if you didn't then you will get it all back when you reboot. On Sunday, February 17, 2008 at 2:51 pm, George Cowley wrote: >I was just handed a PC with 1017 viruses/malware/spyware items. My antivirus deleted >1017 viruses and the machine was virus free after the 4th sweep. I ran AdAware and >eliminated all the spyware. Then I put it online and did Microsoft updates. As soon >as I did, I had popup windows for hornywives or something similar and a few other >items. > >Where is this being triggered and how do I eliminate it? > [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 8:36 am Posted by George Cowley (154 messages posted) I emptied the system restore archives. On Monday, February 18, 2008 at 8:01 am, Kevinh wrote: >Did you turn off system restore before running the AV and anti spyware, if you didn't >then you will get it all back when you reboot. > > > [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 9:33 am Posted by Dan Sarandrea, MCSE (6749 messages posted) +1 on what RiceR46 posted. Try some online scans like Norton's (but you'll have to do manual removal file-by-file) or like Housecall, which can do auto removal but is intolerably slow. In your shoes, with a low budget (no money equals no time to save anything from th existing installation), I'd run the Dell PC Restore CTRL + F11 after the Dell startup logo, (it's pretty fast), set up Limited User accounts for each of the users, one Admin account for program installation, and password protect the available Admin account as well as the built-in Admin. I'd install AVG, Adobe Reader, Flash and Java. Finally I'd make sure the Windows Firewall was on (it should be by default if it has SP2), turn on Auto updates, I'd show the person how to do Windows updates and then have them do it for themselves. That would take about an hour on a faster connection. [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 9:49 am Posted by George Cowley (154 messages posted) I ran a few more anti-spyware programs. Prevxcsifree turned up nothing bar 4 items that it claimed were present but which could not be located where it indicated they were (snapshot.exe and dmioo.sys). CWshredder found nothing. adaware found nothing. AVG found nothing. HijackThis found the following: Logfile of HijackThis v1.99.1 Scan saved at 11:12:38 AM, on 2/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\Miranda\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203181489526 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Mcaffee is one ugly sod to remove. I wonder whether MCafee is the virus I'm looking for. [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 10:38 am Posted by George Cowley (154 messages posted) Looks like it has been disabled. I kept hammering ctrl+F11 from the second the Dell logo came up. No luck. I suspect from the fact the disk size is 37GB (from memory) that the restore partition has been removed. On Monday, February 18, 2008 at 9:33 am, Dan Sarandrea, MCSE wrote: >+1 on what RiceR46 posted. > >Try some online scans like Norton's (but you'll have to do manual removal file-by-file) >or like Housecall, which can do auto removal but is intolerably slow. > >In your shoes, with a low budget (no money equals no time to save anything from th >existing installation), I'd run the Dell PC Restore CTRL + F11 after the Dell startup >logo, (it's pretty fast), set up Limited User accounts for each of the users, one >Admin account for program installation, and password protect the available Admin >account as well as the built-in Admin. I'd install AVG, Adobe Reader, Flash and >Java. Finally I'd make sure the Windows Firewall was on (it should be by default >if it has SP2), turn on Auto updates, I'd show the person how to do Windows updates >and then have them do it for themselves. That would take about an hour on a faster >connection. [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 10:46 am Posted by Johnb33 (1622 messages posted) You have an old version of hijackthis. go here and download the new version. http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?tag=lst-1 Install it and do another system scan and save a logfile. On Monday, February 18, 2008 at 9:49 am, George Cowley wrote: >I ran a few more anti-spyware programs. Prevxcsifree turned up nothing bar 4 items >that it claimed were present but which could not be located where it indicated they >were (snapshot.exe and dmioo.sys). > >CWshredder found nothing. adaware found nothing. AVG found nothing. > >HijackThis found the following: >Logfile of HijackThis v1.99.1 >Scan saved at 11:12:38 AM, on 2/18/2008 >Platform: Windows XP SP2 (WinNT 5.01.2600) >MSIE: Internet Explorer v7.00 (7.00.6000.16608) > >Running processes: >C:\WINDOWS\System32\smss.exe >C:\WINDOWS\system32\winlogon.exe >C:\WINDOWS\system32\services.exe >C:\WINDOWS\system32\lsass.exe >C:\WINDOWS\system32\svchost.exe >C:\WINDOWS\System32\svchost.exe >C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe >C:\WINDOWS\system32\LEXBCES.EXE >C:\WINDOWS\system32\spoolsv.exe >C:\WINDOWS\Explorer.EXE >C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >C:\WINDOWS\System32\svchost.exe >C:\PROGRA~1\Grisoft\AVG7\avgcc.exe >C:\WINDOWS\system32\ctfmon.exe >C:\Program Files\FinePixViewer\QuickDCF2.exe >C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe >C:\Program Files\Nikon\PictureProject\NkbMonitor.exe >C:\PROGRA~1\Grisoft\AVG7\avgw.exe >C:\WINDOWS\system32\wuauclt.exe >C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe >C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe >C:\Documents and Settings\Miranda\Desktop\HijackThis.exe > >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html >R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program >Files\Yahoo!\Common\yiesrvc.dll >O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP >O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe >O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet >O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe >O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital >Imaging\bin\hpqtra08.exe >O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe >O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe >O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program >Files\Java\j2re1.4.2\bin\npjpi142.dll >O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} >- C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll >O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program >Files\Yahoo!\Common\yiesrvc.dll >O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll >O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program >Files\Messenger\msmsgs.exe >O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} >- C:\Program Files\Messenger\msmsgs.exe >O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program >Files\Yahoo!\Common\Yinsthelper.dll >O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203181489526 >O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware >2007\aawservice.exe >O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe >O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE >O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program >files\mcafee.com\agent\mcdetect.exe (file missing) >O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe >(file missing) >O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe >(file missing) >O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner >- C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) >O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates >Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe >O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe > >Mcaffee is one ugly sod to remove. I wonder whether MCafee is the virus I'm looking >for. > > > > > > [Reply or follow-up to this message] re: Browser hijack Monday, February 18, 2008 at 2:45 pm Posted by Dan Sarandrea, MCSE (6749 messages posted) Might have been shipped before the started using Dell PC Restore, which was 7/14/04 for USA shipments of consumer Dimension models. If you see the blue bar at the top of the screen with www.dell.com after the logo but before windows, it has the necessary programming to alter startup to access the restore partition. Whether or not someone nuked the contents of the partition is another matter. [Reply or follow-up to this message] re: Browser hijack Tuesday, February 19, 2008 at 6:56 am Posted by George Cowley (154 messages posted) Interesting... On the 2400 I'm working on, there is a second disk partition (I looked at it with Slax). It only seems to contain maintainance utilities accessed via F12, option 5. There appears to be no installation partition. Just two partitions on the disk. The maintainance is MSDOS and the other is NTFS. I've asked the lady concerned for her original O/S disk. I bet she never ever had one. This is the first time the system has ever undergone any work and the two people who used it don't use it for anything other than photos and myspace. They know little of the technicalities of computers - it's just a box that works (or doesn't). Slax worked just fine on the system using a run-from-CD version with KDE. As I said, I asked her for the OS CD and for extra RAM for it. That way I can get it going well. Of course, if she hasn't got the CD it could well be worth her while to dump that system - take it down to a charity and get the tax deduction then to buy a new computer, given that new systems are $300 and the OS disk is about $150. Meanwhile I found two difficult to remove files - MDIOO.SYS and core.cache.dsk - neither of which look as though they belong. Haven't managed to shift them yet - the computer will not enter safe mode - it keeps hanging on the driver list screen. On Monday, February 18, 2008 at 2:45 pm, Dan Sarandrea, MCSE wrote: >Might have been shipped before the started using Dell PC Restore, which was 7/14/04 >for USA shipments of consumer Dimension models. > >If you see the blue bar at the top of the screen with www.dell.com after the logo >but before windows, it has the necessary programming to alter startup to access the >restore partition. Whether or not someone nuked the contents of the partition is >another matter. [Reply or follow-up to this message] re: Browser hijack Tuesday, February 19, 2008 at 7:29 am Posted by Dan Sarandrea, MCSE (6749 messages posted) If the customer can't find their Dell OS Reinstallation CD, which for XP Home of that vintage would have SP1a integrated into it and would be a maroonish-red/brown color, just have them call Dell support and ask to be sent a replacement. Dell will charge them less than $15 incl shipping. Personally I find Bart-PE to be a superior rescue product as compared to Linuxes-on-a-CD for Windows computers. Bart-PE is based on the Windows Preinstallation environment which is a subset of the Windows OS, so younever run into file system issues the way you can on Linux based stuff that has problems safely writing to the NTFS file system. [Reply or follow-up to this message] re: Browser hijack Tuesday, February 19, 2008 at 9:06 am Posted by Ari (1287 messages posted) Hey Dan - Do you know if it's possible to boot from those Reinstallation CD's (Dell or otherwise) into Windows Recovery Console, as you can from a "real" Windows XP CD? Or are the reinstallation CD's so crippled that ALL they can do is copy an installation image onto the hard drive? Thanks! On Tuesday, February 19, 2008 at 7:29 am, Dan Sarandrea, MCSE wrote: >If the customer can't find their Dell OS Reinstallation CD, which for XP Home of >that vintage would have SP1a integrated into it and would be a maroonish-red/brown >color, just have them call Dell support and ask to be sent a replacement. Dell will >charge them less than $15 incl shipping. > >Personally I find Bart-PE to be a superior rescue product as compared to Linuxes-on-a-CD >for Windows computers. Bart-PE is based on the Windows Preinstallation environment >which is a subset of the Windows OS, so younever run into file system issues the >way you can on Linux based stuff that has problems safely writing to the NTFS file >system. [Reply or follow-up to this message] re: Browser hijack Tuesday, February 19, 2008 at 5:23 pm Posted by Dan Sarandrea, MCSE (6749 messages posted) The Dell OS Reinstallation CD is a very close cousin to the genuine MS XP CD and behaves almost identically. It has the MS Recovery Console and you access it on the Dell CD and start the computer with it the same way you do with the hologrammed MS CD. The Dell OS Reinstallation CD is very different from, say, an eMachines Recovery CD or an HP/Compaq Recovery CD, the ones I used can only nuke the contents of the disk and reimage it back to factory condition. [Reply or follow-up to this message] re: Browser hijack Tuesday, February 19, 2008 at 6:12 pm Posted by Ari (1287 messages posted) Thanks, Dan, that's really helpful. I've tried to assist, over the phone, people with HP reinstallation CD's, and they (the CD's, not the people) didn't seem to behave the way I would have anticipated. Good to have it confirmed that they (the CD's again, not the people) are crippled. On Tuesday, February 19, 2008 at 5:23 pm, Dan Sarandrea, MCSE wrote: >The Dell OS Reinstallation CD is a very close cousin to the genuine MS XP CD and >behaves almost identically. It has the MS Recovery Console and you access it on >the Dell CD and start the computer with it the same way you do with the hologrammed >MS CD. > >The Dell OS Reinstallation CD is very different from, say, an eMachines Recovery >CD or an HP/Compaq Recovery CD, the ones I used can only nuke the contents of the >disk and reimage it back to factory condition. [Reply or follow-up to this message] re: Browser hijack Wednesday, February 20, 2008 at 3:21 pm Posted by George Cowley (154 messages posted) My sister-in-law had a Compaq PC. I have a Compaq laptop. I reinstalled XP on her PC using my Compaq OS disk. It installed just fine but the code-key didn't work. She had to go out and buy a new XP OS CD. I used the code key from that and everything worked just fine. Neither Microsoft nor Compaq were willing to help to make the genuine key on the computer work! [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum