| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92635 | 2008-08-17 06:06:00 | can't enable system restore | yavben (14077) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698007 | 2008-08-17 06:06:00 | Hello after recovering my comp from spyware infestation trying to enable system restore..getting following error "system restore encountered an error trying to enable/dissable one or more drives please restart your machine and try again" followed the instructions in microsoft's website, no change did anyone encountered this, pls let me know how to fix this |
yavben (14077) | ||
| 698008 | 2008-08-17 06:11:00 | Post a hijackthis log its in my sig Get trojan remover in my sig, install it update it, click on scan. Then select all options under utilities Get this (www.malwarebytes.org) install and update it then click on scan |
Speedy Gonzales (78) | ||
| 698009 | 2008-08-17 07:23:00 | hi there tx for the help installed and executed malware and trojan scanner here is the hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:07 PM, on 8/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\System32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Tutor.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\RAMASST.exe c:\program files\verizon wireless\venturi\Client\ventc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\DllHost.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Creative Planet\Movie Magic Scheduling\MMS.exe C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" /STARTUP O4 - HKLM\..\Run: [LingvoTraining] "C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Tutor.exe" /ND /NW /AS O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800" O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series (Copy 1) on GATEWAY-212AE44] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P59 "Auto EPSON Stylus CX4800 Series (Copy 1) on GATEWAY-212AE44" /O26 "\\GATEWAY-212AE44\Printer4" /M "Stylus CX4800" O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on GATEWAY-212AE44] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P50 "Auto EPSON Stylus CX4800 Series on GATEWAY-212AE44" /O26 "\\GATEWAY-212AE44\Printer5" /M "Stylus CX4800" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - download.yoomba.com O17 - HKLM\System\CCS\Services\Tcpip\..\{43B2B400-3540-4418-81C5-DFF47728B588}: NameServer = 66.51.205.100,66.51.206.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{CF9C6600-8670-4188-85EF-13D31AB3A787}: NameServer = 66.51.206.100 66.51.205.100 O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: AutorunsDisabled - (no CLSID) - (no file) O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - (no file) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe -- End of file - 12051 bytes |
yavben (14077) | ||
| 698010 | 2008-08-17 07:43:00 | Looks pretty clean to me. But you can tick these entries then tick fix checked close browsers O2 - BHO: (no name) - AutorunsDisabled - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe " -atboottime O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe If you dont use Nero Home, you can tick this O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Filter: AutorunsDisabled - (no CLSID) - (no file) If this is still installed, uninstall it O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - (no file) Then reboot. Then see if this works (bertk.mvps.org) Try reinstalling system restore |
Speedy Gonzales (78) | ||
| 698011 | 2008-08-17 23:53:00 | can't reinstall system restore ..don't have windows home edition cd | yavben (14077) | ||
| 698012 | 2008-08-17 23:56:00 | Did you select all options under utilities in trojan remover as well?? | Speedy Gonzales (78) | ||
| 698013 | 2008-08-18 00:03:00 | i did | yavben (14077) | ||
| 698014 | 2008-08-18 00:11:00 | How many hard drives are installed?? More than 1? | Speedy Gonzales (78) | ||
| 698015 | 2008-08-18 16:51:00 | only one drive | yavben (14077) | ||
| 698016 | 2008-08-20 02:02:00 | tx have resolved the problem | yavben (14077) | ||
| 1 2 | |||||