Computer step by step
 Make your Pc better
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.

Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
System and open Prevent access to the command prompt
The Default state is Not Configured and Command Prompt is Enable
To Enable cmd select Disable
To Disable cmd select Enable
To finish press ok button and close Group Policy window
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
and locate DisableCMD registrykey
Double click on DisableCMD and edit the value:

To Disable Command Prompt Only:
Change the data value with 2

To Disable Command Prompt and Scripts
Change the data value with 1

To Enable Command Prompt:
Change the data value with 0

To finish press ok button and close Registry Editor window
#Regedit #Regedit #Regedit
   Enable\Disable Registry Editor
   
   The registry is a set of  files that store all the information about the hardware and software configuration
of your computer. The registry can be altered using registry editor. Viruses use the registry to place
unwanted files into your system and deny access to the registry editor in order to protect himself.
Here are some methods to get access to Registry editor.
   Path
   Please go to Start and choose Run ...

Type C:\Windows and press ok
In the windows folder you can find regedit file
   Disable
   Registry editing has been disable by your administrator
   Using Gpedit
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.

Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
System and open Prevent access to registry editing tools
The Default state is Not Configured and Registry Editort is Enable
To Enable regedit select Disable
To Disable regedit select Enable

To finish press ok button and close Group Policy window
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable Registry Editor:

REG add  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

To Enable Registry Editor:

REG add  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

To finish please close command prompt window
   Using Windows
   Please go to Pearl button (Start) and click on the Start Search

Type cmd, right click on cmd icon under the Programs and click on Run as administrator
Please confirm User Account Control pop-up
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable Registry Editor:

REG add  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

To Enable Registry Editor:

Note: When you try to enable registry editor you will receive:
ERROR: Registry editing has been disabled by your administrator

REG add  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Type net user administrator /active:yes and press Enter in order to enable default administrator
account
Then go to Start and click on Switch User
Please log on on the Administrator account
Please go to Pearl button (Start) and click on the Start Search
Type regedit and press Enter

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_USERS a difrent user it will be like this:
S-1-5-21-3328385459-2160724153-741923063-1000
then go to \Software\Microsoft\Windows\CurrentVersion\Policies\System and locate
DisableRegistryTools registrykey

Double click on DisableRegistryTools and edit the value:

To Disable Registry Editor:
Change the data value with 1

To Enable Registry Editor:
Change the data value with 0

Close Registry Editor window
Please go to Start and click on Log Off
Please log on on with your account  
In order to finish please write in command prompt window net user administrator /active:no and press
Enter in order to disable default administrator account
#Path #Path #Path #Disable #Disable #Disable #Gpedit #Gpedit #Gpedit #CMD #Windows #Windows
   Enable\Disable Task Manager
   
   Task Manager is a operating system program which provides detail information about running process and
programs. With the help of task manager you can end/kill processes and services. Usually viruses disable
task manager like a safety measure. When you right click on the taskbar the Task Manager option is grayed
out..
Enable back Task Manager using the following steps:
   Path
   Please go to Start and choose Run ...

Type C:\Windows\System32 and press ok
In the System32 folder you can find taskmgr file
   Disable
   Task Manager has been disable by your administrator.
   Using Gpedit
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.

Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
System -> Ctrl+Alt+Del Options  and open Remove Task Manager
The Default state is Not Configured and Task Manager is Enable
To Enable taskmgr select Disable
To Disable taskmgr select Enable

To finish press ok button and close Group Policy window
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable Task Manager:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

To Enable Task Manager:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

To finish please close command prompt window
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\System and locate DisableTaskMgr registrykey
Double click on DisableTaskMgr and edit the value:

To Disable Task Manager:
Change the data value with 1

To Enable Task Manager:
Change the data value with 0

To finish press ok button and close Registry Editor window
#Path #Path #Path #Disable #Disable #Disable #Gpedit #Gpedit #Gpedit #CMD #CMD #CMD #Regedit #Regedit #Regedit
   Enable\Disable Group Policy
   
   Group Policy is a windows utility to control with a set of rules the working environment of user accounts
and computer accounts. It's mainly used in Active Directory environments, it controls what users can and
cannot do on a system. If somehow Group Policy editor is disabled (mmc disabled) you can enable it back
using these methods:
   Path
   Please go to Start and choose Run ...

Type C:\Windows\System32 and press ok
In the System32 folder you can find gpedit.msc file
   Disable
   The snap-in below, referenced in this document, has been restricted by policy. Contact your
administrator for details.
Group Policy Editor.
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable Group Policy:

REG add "HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}" /v Restrict_Run /t REG_DWORD /d 1 /f

To Enable Group Policy:

REG add "HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}" /v Restrict_Run /t REG_DWORD /d 0 /f

To finish please close command prompt window
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-
A7D3-0000F87571E3} and locate Restrict_Run registry key
Double click on Restrict_Run and edit the value:
To Disable Group Policy:

Change the data value with 1

To Enable Group Policy:

Change the data value with 0

To finish press ok button and close Registry Editor window
#Path #Path #Path #Disable #Disable #Disable #CMD #CMD #CMD #Regedit #Regedit #Regedit
   Enable\Disable Security Tab
   
   In windows based systems you have the option to set access permissions on files and folders located on
NTFS file system volumes. You have the possibility to set, view, change, or remove special permissions for
files and folders. Viruses may disable the security tab to prevent to be deleted or have their permissions
modified.
Enable security tab using one these methods:
   View
   In order to view Security Tab in Windows Xp you need to uncheck the Use simple file sharing
(Recomanded) from Folder Options, View tab.

Note: In Windows Xp Home you have access to Security tab only from Safe Mode

Please go to Start and choose My Computer
Please go to Tools and choose Folder Options...
Please go in View tab and uncheck Use simple file sharing (Recomanded) box, press OK button to finish
Now you can see Security tab, for example right click on a partition from My Computer and select
Properties
In Properties window now you can select Security tab
   Missing
   When you open Properties window for a file you observe that the Security tab is missing even if you
made the settings from View section
   Using Gpedit
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.


Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
Windows Components -> Windows Explorer  and open Remove Security tab
The Default state is Not Configured and Security tab is Enable
To Enable Security tab select Disable
To Disable Security tab select Enable

To finish press ok button and close Group Policy window
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable Security tab:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v Nosecuritytab /t REG_DWORD /d 1 /f

To Enable Security tab:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v Nosecuritytab /t REG_DWORD /d 0 /f

To finish please close command prompt window
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer and locate Nosecuritytab registrykey
Double click on Nosecuritytab and edit the value:

To Disable Security tab:
Change the data value with 1

To Enable Security tab:
Change the data value with 0

To finish press ok button and close Registry Editor window
#View #View #View #Missing #Missing #Missing #Gpedit #Gpedit #Gpedit #CMD #CMD #CMD #Regedit #Regedit #Regedit
   Enable\Disable Folder Options
   
   You can use Folder Options to specify how your folders function and mainly how content is displayed.
By default windows explorer will not display hidden files and folders and will Hide extensions for known file
types and protected operating system files. Malicious files can easy hide themselves in hidden folders and like
file to have the hidden attribute. Like a safety measure the virus will restrict your access to Tools -> Folder
Options. This option may be missing from your Tools menu.
To get it back follow one of these methods:
   View
   Please go to Start and choose My Computer

In My Computer window under Tools you can select Folder Options...
   Missing
   Folder Options... is missing from the Tools menu
   Using Gpedit
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.

Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
Windows Components -> Windows Explorer  and open Removes the Folder Options menu item from
the Tools menu
The Default state is Not Configured and Folder Options is Enable
To Enable Folder Options select Disable
To Disable Folder Options select Enable

To finish press ok button and close Group Policy window
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window,
select Paste and press Enter

To Disable Folder Options:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f

To Enable Folder Options:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f

To finish please close command prompt window and Restart your computer
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer and locate NoFolderOptions registrykey
Double click on NoFolderOptions and edit the value:

To Disable Folder Options:
Change the data value with 1

To Enable Folder Options:
Change the data value with 0

Now choose the same value for the second registry key and navigate to HKEY_LOCAL_MACHINE
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and locate NoFolderOptions
registrykey

Double click on NoFolderOptions and edit the value:

To Disable Folder Options:
Change the data value with 1

To Enable Folder Options:
Change the data value with 0

To finish press ok button, close Registry Editor window and Restart your computer
#View #View #View #Missing #Missing #Missing #Gpedit #Gpedit #Gpedit #CMD #CMD #CMD #Regedit #Regedit #Regedit
   Enable\Disable Internet Options
   
   Internet Options feature is available under the tools menu from Internet Explorer. It lets you control and
customize your internet options and also your Internet Explorer features. This option may be disabled,
missing or you me receive a message like this “This operation has been cancelled due to restrictions in effect
on this computer. Please contact your system administrator. The virus may have restricted access to this
feature to assure his safety.
Follow the next steps to enable it back:
   View
   From Internet Explorer go to Tools and choose Internet Options...

Now you can access the Internet Properties window
   Disable
   This operation has been canceled due to restrictions in effect on this computer. Please contact your
System administrator.
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window,
select Paste and press Enter

To Disable Internet Options:

REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 1 /f
REG add "HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 1 /f

To Enable Internet Options:

REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 0 /f
REG add "HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 0 /f

To finish please close command prompt window
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
\Restrictions and locate NoBrowserOptions registrykey
Double click on NoBrowserOptions and edit the value:

To Disable Internet Options:
Change the data value with 1

To Enable Internet Options:
Change the data value with 0

Now choose the same value for the second registry key and navigate to HKEY_LOCAL_MACHINE
\Software\Policies\Microsoft\Internet Explorer\Restrictions and locate NoBrowserOptions
registrykey
Double click on NoBrowserOptions and edit the value:

To Disable Internet Options:
Change the data value with 1

To Enable Internet Options:
Change the data value with 0

To finish press ok button and close Registry Editor window
#View #View #View #Disable #Disable #Disable #CMD #CMD #CMD #Regedit #Regedit #Regedit
   Now that the system is virus free you need to make sure your system files and volume aren’t corrupt. You
do this by running a check disk and a system file check .
   Run a disk error checkup

   Your hard disk might have errors or corruption in the file or directory structure. They can be produced by
several causes: system freezes, inappropriate shut downs or power outages. The check disk command will
inspect your hard drive volumes and repair problems related to bad sectors, lost clusters, cross-linked files,
and directory errors. It will repair automatically any found errors. Mainly we recommend to run a check disk
for your system partition. Because the partition is in use, this check will be done next time when the
computer restarts. The process takes a while but it makes sure your disk is healthy.
    Run a disk error checkup following these steps:
   Using CMD
   Please go to Start and choose Run ...

Write cmd and press ok
In the Command Prompt window please select, copy and paste the following commands:

chkdsk /x /f /r
Y

After each command please press Enter
   Using Windows
   Please go to Start and open My Computer

Right on your windows partition and choose Properties
In Properties window please go to Tools tab and press on Check Now... button
In Check Disk Local Disk window please check Automatically fix file system errors and Scan for and
attempt recovery of bad sectors boxes and click on Start button
Because this is your system partition you will be informed that this utility will run on the next restart.
Please confirm the pop-up.
#CMD #CMD #CMD #Windows #Windows #Windows
   Check your system files integrity

   Also integrated in your operating system is the System File Checker Tool. It's a very useful and powerful
tool to restore corruptions in your windows system's files. Why do we need to use it? During every day use
we install several programs which need access to system files; they may need to modify them or even
overwrite them. This tool was created like a security measure to protect critical system files. Every change is
tracked by the system and a spare copy of the initial file is saved. Like this, your system protects him self
from malicious attacks, corruptions or several other problems.
   The tool is very easy to use, you just need to start the checking process. If any critical files are damaged
they will be restored automatically.
   Using CMD
   Please go to Start and choose Run ...

Write cmd and press ok
In the Command Prompt window please select, copy and paste the following command:

sfc /scannow

Please press Enter to execute

Note: This command, depending of your operating system, will ask for windows installation cd.
#CMD #CMD #CMD
If you still have problems with your computer after applying all the above steps, feel free to ask for help on
our Forum or send us an email at admin@computerstepbystep.com
Step 1 Step 2 Step 3 Up CHKDSK Sfc Up CHKDSK Sfc Up Up UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options
   Enable\Disable Command Prompt
   
   Commad prompt (cmd) utility is a command-line interpreter. You can use many commands through cmd.
Usually the malicious file restrict access to it.
Please use these steps in order to be able to use it.
   Path
   Please go to Start and choose Run ...

Type C:\Windows\System32 and press ok
In the system32 folder you can find cmd file
   Disable
   The command prompt has been disabled by your administrator.
   Press any key to continue ...
   Using Gpedit
#Path #Path #Path #Disable #Disable #Disable #Gpedit #Gpedit #Gpedit UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options
   Msconfig
   
   The system configuration utility (msconfig ) it's a troubleshooting tool which helps you to enable and
disable software, device drivers and windows services that run at startup. Some malicious files add
themselves to startup and they will run each time your computer starts. In some cases you will not be able to
open this utility. You can try to copy him from the default path to another location and rename it iexplore.exe
in order to be able to access it.
   Path
#Path
   Please go to Start and choose Run ...

Type C:\WINDOWS\PCHEALTH\HELPCTR\Binaries and press ok
In the Binaries folder you can find msconfig file
   Path
   Please go to Pearl button (Start) and click on the Start Search

Type C:\Windows\System32 and press Enter
In the System32 folder you can find msconfig file
#Path #Path UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options
   Please go to Pearl button (Start) and click on the Search programs and files

Type cmd, right click on cmd icon under the Programs and click on Run as administrator
Please confirm User Account Control pop-up
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable User Account Control:

REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

To Enable User Account Control:

REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f

To finish please close command prompt window
   Using Regedit
   Please go to Pearl button (Start) and click on the Search programs and files

Type regedit and press Enter
Please confirm User Account Control pop-up

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System and locate EnableLUA registrykey

Double click on EnableLUA and edit the value:

To Disable User Account Control:
Change the data value with 0

To Enable User Account Control:
Change the data value with 1

To finish press ok button and close Registry Editor window
#Regedit #Regedit
   Please go to Start and choose Control Panel

If Control Panel is on Category View please click on Category button and select Large icons
In the Control Panel window double click on User Accounts icon
In the User Accounts window double click on Change User Account Control Settings icon
This is UAC Enable Default State
To Disable UAC please select Never notify and press ok button to finish
Please confirm User Account Control pop-up
   Using Msconfig
   Please go to Pearl button (Start) and click on the Search programs and files

Type msconfig and press Enter
In the System Configuration window please go to Tools tab select Change UAC Settings and click on
the Launch button
This is UAC Enable Default State
To Disable UAC please select Never notify and press ok button to finish
Please confirm User Account Control pop-up
#Mscomfig #Msconfig
   Using CMD
#CMD #CMD
   Enable\Disable User Account Control
   
   User Account Control (UAC) is a windows Vista and Windows 7 feature implemented to add more security
to the system. User account control lets users logged with administrator accounts to enable users to work in
restricted accounts, instead of working as administrators. UAC will reduce the damage done to the system file
in a case of infection. Like standard user (restricted rights) you can work on your documents, check your
email, etc. When you would like to do a maintenance task, like installing a software, the UAC will require
elevated access and by allowing it, the software in questions will have access to the system files. Once the
task is completed the access is back to restricted. If a virus infects your computer and Uac enabled ( you
have restricted access), the virus doesn't have access to the global system resources. The damage to the
system will be limited. If the virus tries to get access to the system file you will receive a UAC alert which you
can deny it.
   UAC should be enabled at all times. If UAC is damaged or disabled without your knowledge you can choose
from these steps to have it back to normal.
   Using Windows
   Please go to Pearl button (Start) and click on the Search programs and files

Type useraccountcontrolsettings and press Enter
This is UAC Enable Default State
To Disable UAC please select Never notify and press ok button
Please confirm User Account Control pop-up
#Path
   Using UAC
#UAC #UAC
   Path
   Please go to Pearl button (Start) and click on the Search programs and files

Type C:\Windows\System32 and press Enter
In the System32 window you can locate UserAccountControlSettings executable file
#Windows UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options
   Please go to Start and choose Control Panel

If Control Panel is on Category View please click on Switch to Classic View button to change it
In the Control Panel window double click on Network Connections icon
In the Network Connections window right click on Local Area Connection and select Properties
Note: Please repeat the steps for all your connections
In the Local Area Connection Properties window open Internet Protocol (TCP/IP)
On the DNS section, please verify if the listed DNS are the correct server addresses provided by you`r
Internet provider
If you`r Internet provider did not specified a DNS to use make sure that Obtain DNS server address
automatically checkbox is selected
To finish press ok button and close all the windows
   Second we recommend to check if you have access to these windows utilities:

User Account Control (UAC);
System Configuration Utility (msconfig);
Command Prompt (cmd);
Registry Editor (regedit);
Windows Task Manager (taskmgr);
Group Policy Editor (gpedit.msc);    
Security tab;
Folder Options;
Internet Options;
Services (Local) (services.msc)

Below we presented several methods how to enable/disable them.
Step 1 Step 2 Step 3 Up
   Using Windows
   Please go to Start and choose Run ...

Type c:\windows\system32\drivers\etc\hosts and press ok
In order to open hosts file please select Notepad and press ok
This is the default hosts file
If you make any changes in order to bring the hosts file to default state, before closing, please go to File
and select Save
#Windows #Windows #Windows
   Verify for redirect

   Viruses usually redirect the user browsing to their servers and you will access webpages which have
nothing to do with what you have searched with your search engine. The virus restricts your browsing. We
suggest to use the following 2 basic methods remove the redirect. If this will not do the trick then for sure
you are facing with a rootkit, browser hijacker or a trojan which needs to be removed with a with special
security tools.
   Host file
   
   The hosts file is a system file used to map hostnames to Ip addresses. The function of the file is to
translate host names, which are more easy, to use into numeric protocol addresses called Ips. Some
malware types use the file to block security sites or redirect all browsing requests to their servers . These
entries can also prevent your security software to update. We need to check the entries from hosts to make
sure you can access security sites and you are able to update your security software  to disinfect the system.
   Through this basic check we will make sure also that you will not encounter errors like ”Cannot find web
server” once the malware is removed.
   DNS settings
   
   Domain name system (DNS) is a built on distributed database for computers to translate domain names
into Ips. Some malware types change your DNS settings in order to divert traffic to unsolicited and potentially
malicious sites. Usually the default Dns setting is set on “Obtain DNS server address automatically” . If you
have checked “Use the folowing DNS server addresses “ and the entries aren't from your Internet Provider or
from another trusted vendor then we suggest to check the box “Obtain DNS server address automatically” to
remove the entries.
   Using Windows
#Windows #Windows #Windows
   Safari
   Netscape
   Chrome
#Browser #Browser #Browser #Browser #Browser #Browser #Delete #Delete #Delete Temp Startup List Reset Browser Redirect Up
   Mozilla Firefox
   Opera
#Browser #Browser #Browser #Windows #Windows #Windows #Delete #Delete #Delete
   Please go to Start and choose Run ...

Type msconfig and press ok
In the System Configuration Utility window please go to Startup tab and uncheck all the programs
that you don`t want to startup with your operating system.

Note: When a program is unchecked from this list, it will start only when you will launch it manually. In
this way your computer it will start faster. It is recommended, to leave checked programs like antivirus
software or for example the touchpad software on laptops.

Please press OK button to finish.
Please choose Exit Without Restart to close the window. You will reboot your computer manually, after
you will complete all the steps from Retake control of your Pc .
   Clean/Reset your browser

   A browser is a software application which helps you to load the websites you love so much. There are a
variety of browsers available for navigating the world wide web (www). Most popular ones are Internet
Explorer, Mozilla Firefox, Chrome, Opera, Netscape and Safari.
    Each browser has a cache folder where it stores copies of accessed web content. The purpose of this
folder is to increase your network performance. When you access a web page which has been accessed
before it will be loaded it from cache. This technique has a downside, malicious files can be saved on your
hard drive without your knowledge. Sometimes the virus adds a malicious file like browser helper object to
redirect your browsing and is a proper spot to infect your computer.
   By resetting your browser back to default settings this files will be temporary disabled and others deleted.
This procedure removes all customizations done to the browser: removes your homepage settings, disables
all add-ons and toolbars, erases your browsing history, deletes all saved accounts and passwords and
changes your security settings to default mode. Basically after this step, you start with a fresh copy of your
browser.
Note: Bookmarks or favorites will not be affected by this procedure.
   Clean your temporary files following these steps:
   Internet Explorer
#Browser #Browser #Browser #Windows #Windows #Windows Temp Startup List Reset Browser Redirect Up
   In the Command Prompt window please select, copy and paste the following commands:

Please go to Start and choose Run ...
Write cmd and press ok
Note: In windows Vista and Windows 7 open cmd using Run as administrator

rd /s /q %temp%
mkdir %temp%
rd /s /q c:\windows\temp\
mkdir c:\windows\temp\

After each command please press Enter
   Using Windows
   Please go to Start and choose Run ...

Write %temp% and press ok
In the Temp folder please go to Tools and select Folder Options
In the Folder Options window please go to the View tab, select Show hidden files and folders and
deselect Hide extensions for known file types
To deselect Hide protected operating system files (Recommended) please confirm the the Warning
window. Press OK to close Folders Options window.
Please select the first file from the folder Temp
Please use Ctrl+A  keyboard combination to select all the files from this folder. Right click on the selection
and choose Delete
Please Confirm Multiple File Delete
Now you can close this window and open the temp folder from windows.
Please go to Start and choose Run... , write c:\windows\temp\ and press OK
For this folder please delete all the files like you did on the above steps
#Windows #Windows #Windows
   Msconfig

   All windows based systems have the system configuration utility (Msconfig) included and it's used to
change the way windows starts up. With in the utility you can disable startup programs and services in order
to stop several entries from malicious software.
   Make this settings following these steps:
   Using Windows
#Windows #Windows #Windows Temp Startup List Reset Browser Redirect Up Temp Startup List Reset Browser Redirect Up
   You can choose between the command line method and normal method. We believe the method using
command prompt is faster then the normal one, because you can just select the whole command line, right
click on the selected area, click Copy, then right click on your command prompt window and choose Paste in
order to copy it. However, we recommend to choose the one you feel most comfortable with. Also for backup
reasons we added for every method detailed articles with pictures, you can access them by clicking on the
operating system logo.
   Clean your temporary files

   Temporary files are  created by many different programs. They use the temporary folder during the
installation process  and while they are running. These files supposed to be removed once the process is
completed, but due to various reasons: unexpected shutdown, programming errors, corrupt installation, etc,
they are left behind, wasting free space of your hard disk.
   The temporary folder is also the perfect hiding place for malicious files like viruses and spyware. From here
they can spread  infecting the whole computer.
   Clean your temporary files following these steps:
   Using CMD
#CMD #CMD #CMD
   First we recommend to delete temporary files, clean your computer startup list, reset your browser and
verify for redirect.
 
Step 1 Step 2 Step 3 Up
   Several methods need to be followed to achieve proper disinfection

   In some cases if the computer is heavy infected you are restricted from installing any security software and
you find your self in a impossibility to disinfect the computer. First troubleshooting step that should be tried
out is Safe Mode with Networking.
    To get in Safe Mode with Networking press the F8 key multiple times while the computer is booting and
use the Up and Down arrow keys to navigate through Windows Advanced Options Menu, Select Safe Mode
with Networking and press enter. If the F8 key didn't help, try the same steps but using the F5 key.

Read how to boot in Safe Mode with Networking accessing Microsoft website

   Why Safe Mode? Because safe mode helps you troubleshoot various software and operating system
issues. When the computer boots in Safe mode or Safe mode with networking it only loads the necessary
system drivers and services. We will try this steps because we have good chances that the virus will not be
loaded at startup. We have chose with Networking to be able to download any security software in order to
run a full scan for viruses and clean the system.

   If you can't access or download the security application, we strongly suggest to check the hosts file and
the Dns servers for unwanted entries. This is the basic checkup when you encounter redirect during
browsing.
   In some cases, when the malicious file loads also in Safe Mode with Networking when you are logged
with your user account, we recommend to try logging with the default administrator account. The virus may
not load completely in the Administrator account and you can use this trick to disinfect the computer.

Note: for Windows Vista and Windows 7 the default administrator account needs to be enabled using an
account with administrator rights. Read more how to enable the default Administrator account in Windows
Vista and Windows 7 (both editions use the same command line)

   If you are using the default Administrator account to disinfect the system, the command rd /s /q %temp%
will not erase the temporary files from your regular account, it will delete the temporary files from admin
account. Any malicious files located in the temp files of your regular account will remain intact. You need to
locate the path for your account temporary folder in order to delete them.
   Once you have at least partial control of your computer you can download and install various security
applications to disinfect the system.
    Here you have Microsoft windows security software providers:

 http://www.microsoft.com/windows/antivirus-partners/windows-xp.aspx

   After virus removal or during the steps of retaking control you will need access to several windows utilities
like: task manager, system configuration, command prompt, registry editor, group policy, internet options and  
folder options.

   We will describe bellow how to regain control over a utility depending on what tools you have access to.
That's why we will describe different methods to gain access over a tool using another.
   In some cases you will not be able to open these utilities. You can try to copy them from their default
path to another location and rename them in iexplore.exe in order to be able to access them. We will
provide the default path of each utility.
   Once you are sure the computer is clean, we recommend to verify it using check disk and system file
checker tools. We make this suggestion because usually after a system infection some files get corrupted
and errors appear on the partition. We need to be sure the system is not damaged.
   Also if after these checks you still have issues with your system and your are sure the system is clean of
viruses, you can try to create a new user account with admin privileges. Create the new account logged with
the default administrator account. This will assure the integrity of the newly created account. Use the new
account instead of the old one.
   Now that we have a general idea about the steps that will be applied, we`ll provide a detailed description
of each step.
   Viruses and other types of malware are software intended to harm your computer or access information
without your explicit consent. The malicious software takes control of your computer and tries to achieve his
objectives:

-   obtain personal information;
-   redirect browsing to false domains to obtain personal information or money;
-   restrict some of computer functionalities and use it for commercial gain ( most encountered is type of
    malware is rogue security software. It's a fake security software that misleads the users into buying the  
    product and performs a simulated virus removal, providing a false protection );
-   block legitimate security sites and even windows update;
   
   Most types of malware are hidden from users. They slow down the computer and monitor user behavior,
visited sites collecting various personal information.
   Malware has evolved and it's a powerful instrument mostly for commercial gain.

   Now that we have a general idea about the purpose of  malicious software we need to have a preventive
attitude. Next question from your side will be Why should I use a preventive approach, if I already use a
security software? The answer is easy. Everyday new malicious software is created and released in
alarmingly high numbers. A good antivirus software updates his database daily, but it takes time from the
moment when the malware is detected and analyzed, until the moment when the antivirus signatures are
released.
   Prevention is better than cure

    How can we identify while we browse if we are accessing sites with high risk level? These kind of  
malicious software always needs user interaction to infect the computer. They be hidden in pirated software,
in misleading media players, in music, video or pictures files, etc. Once the user has opened or executed the
file, the malicious software will run in background, or side by side with other applications.

   A secure site is well organized and has a professional look. Avoid accessing websites which aren't
categorized in more sections, which don't have separate section for ads, which open many web pages
without your interaction or the ones that have many pop-ups or ads.
    When you are browsing and you are looking for something using a search engine(like Google, Yahoo or
Live Search) you might open sites which will open or redirect you to other unwanted sites. Avoid these web
sites.
   If you are on a web page and you wish to view a movie but you are requested to install a player, please
be very careful it might be a fake player. If you agree to install it, it’s a strong possibility to get infected. It`s
best to download player's install package from manufacturer website. For example install flash player only
from adobe web site.
   Try to avoid to download music, movies, games from suspicious sites.
   We recommend to identify the web site as trusted and then go to the next step to purchase or download
any products.
   We will repeat, these kind of malicious programs need the user interaction in order to run and infect the
computer.
   Electronic mail is most efficient and fastest way of communication, but unfortunately is also a very easy
way to get infected. Some emails can be sent by strangers and the malicious file is disguised through ads
like lottery wining announcements. When you open your email avoid downloading pictures, funny images,
greeting cards, audio, video files or any other email attachments from people you don't know. Make sure the
files were sent by a trusted source. Some emails will request your personal information in order to benefit of
a price from a contest about which you never heard of. We recommend to delete these messages and don't
click on any provided pop-ups or links.
   If by mistake you have launched or executed these kind of files, your security software warned you that
the file is malicious but you have preferred to ignore the warning, the security software can't protect you
anymore. By allowing the malicious file to run, you can risk to infect your security software as well.
   How can you tell if your computer is infected?

    We will describe some symptoms and indications of Virus infection:

-   Your computer has unwanted pop-ups informing you about computer infection. You aren't offered a safe
    way to remove the malicious files without paying;
-   You are redirected to certain websites to purchase fake security software;
-   You aren't able to access web site which offer antivirus software or any other security software;
-   You aren't able to use windows update to patch your system;
-   You can't access any Microsoft web sites;
-   Your search engine redirects you to web sites that have no connection with the thing you were searching
    for;
-   Running programs are closing by themselves;
-   Your browsing is slower then before, your internet connection is slower due to traffic that's  made by your
    computer but not by your genuine programs.
-   Access to Registry Editor(regedit), Task Manager (taskmgr.exe), Command Prompt (cmd.exe),
    System configuration utility (msconfig), Group Policy Editor(gpedit.msc), Folder options, Internet Options
    and other features is denied;
-   In some cases you are denied to boot in Safe Mode or Safe mode with Networking;
-   You will notice decreased system performance because system's resources are used by hidden malicious
    Software;
-   You can hear sounds in your speakers even if you aren't playing any music or movie files;
-   You system may restart without any warning;
-   Your installed programs stop responding frequently.

Note: These are common signs of infection, but these signs may be caused also by hardware or software
issues, that have nothing to do with a computer virus.

   In most cases once the computer is infected the user is denied access to various tools which can help him
to disinfect the computer.
    If you find your self in this kind of situation you will need to retake partial control of computer functionality
to install a security software and run a full scan.
Prevention Disinfect Up Retake control of your PC Prevention Disinfect
   Using Browser
   Please open Internet Explorer, go to Tools button and select Internet Options

In the Internet Properties window please go Advanced tab and first click on the Restore advanced
settings button and after  on the Reset ... button.
In the Reset Internet Explorer Settings window please read the information's and click on Reset button
Click on the Close button to continue
Click on the OK button to finish the procedure
   Using Windows
   Please go to Start and choose Control Panel

If Control Panel is on Category View please click on Switch to Classic View button to change it.
In the Control Panel window double click on Internet Options icon
In the Internet Properties window please go Advanced tab and first click on the Restore advanced
settings button and after  on the Reset ... button.
In the Reset Internet Explorer Settings window please read the information's and click on Reset button
Click on the Close button to continue
Click on the OK button to finish the procedure
   Using Browser
   Please open Mozilla Firefox, go to Help button and select Restart with Add-ons Disabled...

Please confirm Firefox pop-up
Make your settings and click on Make Changes and Restart  
   Using Windows
   Please go to Start and choose Run ...

Write firefox -safe-mode and press ok
Make your settings and click on Make Changes and Restart
   Delete Private Data
   Please open Opera, go to Menu button and select Delete Private Data... from Settings

Click on Detailed Options to see what to delete
Make your settings and click on Delete
   Please open Safari, go to Menu button and select Reset Safari...

Make your settings and then press Reset button in order to reset your Safari browser
   Using Browser
   Using Browser
   Please open Netscape, go to Tools button and select Clear Private Data... Ctrl+Shift+Del

Make your settings and click on the Clear Private Data Now button in order to clear your private data.
   Clear browsing data
   Open Chrome, go to Customize and control button, and select Clear browsing data... from Tools menu

Make your settings and press Clear browsing data button in order to finish
   Reset to default settings
   In order to reset Chrome to default settings you need to rename or delete the Default directory from the

following path:
C:\Documents and Settings\Win Xp\Local Settings\Application Data\Google\Chrome\User Data
Where “C:\” is the system partition and “Win Xp” the user name

Please perform the following steps:

Replace in the path c:\ with your system partition and Win Xp with your current user name.
Go to Start and choose Run...
Insert your path and press OK
In User Data folder select Default directory, right click on it and choose Rename
After you renamed the folder, for example Default.old, open Chrome.
   Reset to default settings
   In order to reset Opera to default settings you need to delete operaprefs.ini from your profile directory
Please perform the following steps:

Please open Opera, go to Menu button and select About Opera from Help
In About Opera go to Preferences section, select the path without the file operaprefs.ini, right click on it and
select Copy
After you have the path, to go directly to the file, go to Start and choose Run ...
In the Run window right click and select Paste to copy the Preferences path
Please press OK button to open the Preferences folder
In Opera folder please find and select operaprefs.ini file. Right click on it and select Delete.
Please Confirm File Delete
To finish please close Opera folder and restart Opera browser
#Reset #Reset #Reset #Reset #Reset #Reset UAC Msconfig CMD Regedit Up Taskmgr Gpedit Security Tab Folder Options Internet Options Services (Local)
   Enable\Disable Services (Local)
   
   On Microsoft Windows operating systems, a Windows service is a long-running executable that performs
specific functions and it is designed not to require user intervention.
For more information please continue to read the wikipedia article
If somehow Services (Local) editor is disabled (mmc disabled) you can enable it back
using these methods:
   Path
   Please go to Start and choose Run ...

Type C:\Windows\System32 and press ok
In the System32 folder you can find services.msc file
   Disable
   The snap-in below, referenced in this document, has been restricted by policy. Contact your
administrator for details.
Services.
   Using CMD
   Please go to Start and choose Run ...

Type cmd and press ok
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

To Disable services.msc:

REG add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 1 /f

To Enable services.msc:

REG add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 0 /f

To finish please close command prompt window and Restart your computer
   Using Regedit
   Please go to Start and choose Run ...

Type regedit and press ok

Microsoft official disclaimer
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Please navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-
ADCF-00AA00A80033} and locate Restrict_Run registry key
Double click on Restrict_Run and edit the value:
To Disable services.msc:

Change the data value with 1

To Enable services.msc:

Change the data value with 0

To finish press ok button and close Registry Editor window
How to view where gpedit.msc is located in Windows Xp How to view where gpedit.msc is located in Windows Vista How to view where gpedit.msc is located in Windows 7 Gpedit is disable in Windows Xp Gpedit is disable in Windows Vista Gpedit is disable in Windows 7 How to Enable/Disable Gpedit in Windows Xp from cmd How to Enable/Disable Gpedit in Windows Vista from cmd How to Enable/Disable Gpedit in Windows 7 from cmd How to Enable/Disable Gpedit in Windows Xp from regedit How to Enable/Disable Gpedit in Windows Vista from regedit How to Enable/Disable Gpedit in Windows 7 from regedit
   Using Gpedit
   Warning Computers running Windows XP Home Edition cannot join corporate domains. For this reason,
features that require machine accounts within a domain, such as Group Policy, are not available in
Windows XP Home Edition.

Please go to Start and choose Run ...
Type gpedit.msc and press ok
In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
Windows Components -> Microsoft Management Console -> Restricted/Permitted snap-ins  and open
Services
The Default state is Not Configured and services.msc is Enable
To Enable services.msc select Disable
To Disable services.msc select Enable
To finish press ok button and close Group Policy window
How to Enable/Disable CMD in Windows Xp using gpedit How to Enable/Disable CMD in Windows Vista using gpedit How to Enable/Disable CMD in Windows 7 using gpedit Services (Local) Services (Local) Services (Local) Services (Local) Services (Local) Services (Local) Services (Local) Services (Local) Services (Local)