I woke up this morning and saw a flood of netbios advertisements. I then noticed that my firewall was off. Any attempt to restart it won't work. Spybot search and destroy found Prolivation (IE hijacking), and Ad-aware didn't find anything. I can't use system restore...whatever I have caused it to be wiped out (and i dedicated 1GB on each hard drive towards system restore). I reboot the computer, and Windows reports that my hardware has changed significantly and that I need to re-active windows xp. (I have added a new video card, memory, and tv tuner, but it's been several weeks). Same thing happened when I used Tiny Personal Firewall, and this time I'm using Sygate's firewall. I've been analyzing the Event Viewer logs, and I've been trying to access the firewall so I can see the last connection made. Software I installed last night: AR Ram Disk by AR Soft. Eventually, it started causing problems on my computer...and then Windows couldn't reload the hive file (i had to choose last known good config to get my pc to work again). What steps do I take now? How do I fix this? I don't want to lose all my settings and customizations. I spend all of my free time perfecting my computer. Any programs to fix this? Any way to manually restore my computer ? Which directory is system restore using?

try http://spywareinfo.com/ijacked.html and post back if you need more help. You get to System Restore by right clicking My Computer select properties and you will see system restore, you might have to turn it off, shut down and restart to clear the crud out. Also delete your temp internet files, Take care and all the best!

TonyKlein, a security expert at several forums has developed the following procedure to get rid of Prolivation: Copy the following to Notepad, and save as Url.reg Doubleclick, and answer 'yes' when asked whether you want the contents of the regfile merged into the Registry. Subsequently, reboot. The info to copy is: REGEDIT4 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://"

Hello Jason, Well I arrive in the third position, so I just have to say: When you are hacked that's mean you got a trojan's virus on your machine. I suggest always to computer's users to try this wondeful shareware in the net: Trojan Remover, which is the only program created by the english programer Nigel, able to detect a trojan, but also scan all the hard drive and find the "worm" which is the second part of a trojan used by hackers to spy your machine. Also to restore all your computer to the original configuration you had before the corruption. Trojan Remover 4.89 at: (second site) http://members.aol.com/simplysup/tremover freeware for one month, then shareware to get all update virus signatures.