rey said:
Thanks all.
I have yet to try any of the adaware/spybot destory.
I am removing keys from within CurrentControlSet.
When I compare the two winsock2 keys (open each .reg file in notepad),
the non-working version is MUCH shorter that the working one.
So, I would think "prune unwanted winsock values" is contrary
to what the .reg files show.
Rey
You will get *much* better results removing malware with tools designed
to do so. All the ones I reference below are free:
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions;
2) remove spyware with Spybot Search & Destroy
(
www.safer-networking.org) and Ad-aware (
www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from
http://www.intermute.com/spysubtract/cwshredder_download.html. I would
not install the other Intermute programs, however. Alternately, there
are CoolWebSearch malware removal steps at
http://www.silentrunners.org/sr_cwsremoval.html. A combination of
HijackThis and About:Buster (
http://www.majorgeeks.com) works well in
removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
Malke
