0

I would appreciate any help with the following problems : Cannot open system restore - tried safe mode %systemsroot%\system32\restore\rstrui.exe - Cannot access or delete emails in messenger. Cannot access defrag ! Here is my HJT logfile :-Logfile of HijackThis Logfile of HijackThis v1.99.1Scan saved at 19:37:07, on 06/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\MSN\MSNCoreFiles\MSN6.EXEC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\WINDOWS\system32\cmd.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\CHRISB~1\LOCALS~1\Temp\Rar$EX11.3508\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO17 - HKLM\System\CCS\Services\Tcpip\..\{FB32859E-54AA-4149-ADB9-18980BA42FC0}: NameServer = 80.225.252.178 80.225.252.186O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - GRISOFT, s.r.o. - (no file)O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe\WRSSSDK.exe

3
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by EAMON
0

I would appreciate any help with the following problems : Cannot open system restore - tried safe mode %systemsroot%\system32\restore\rstrui.exe - Cannot access or delete emails in messenger. Cannot access defrag ! Here is my HJT logfile :-Logfile of HijackThis Logfile of HijackThis v1.99.1Scan saved at 19:37:07, on 06/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\MSN\MSNCoreFiles\MSN6.EXEC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\WINDOWS\system32\cmd.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\CHRISB~1\LOCALS~1\Temp\Rar$EX11.3508\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO17 - HKLM\System\CCS\Services\Tcpip\..\{FB32859E-54AA-4149-ADB9-18980BA42FC0}: NameServer = 80.225.252.178 80.225.252.186O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - GRISOFT, s.r.o. - (no file)O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe\WRSSSDK.exe

If you want to get to system restore, start/run type 'msconfig' this will bring up a utility window with a 'launch system restore' button. Ifear you have bigger problem, get rid of Spy Sweeper, use Windows Defender, Ad-Aware and Spybot instead, and update & scan regularly. Also make sure you have a good anti-virus, PC-Cillin or Norton. The free A/V AVG is poor, I also found 16 viruses on a machine using MaCaFee full version,
and removed all with a 30 day fre trial version of Trend PC-Cillin 2006.
Hope this helps,
Eamonn.

0

If you want to get to system restore, start/run type 'msconfig' this will bring up a utility window with a 'launch system restore' button. Ifear you have bigger problem, get rid of Spy Sweeper, use Windows Defender, Ad-Aware and Spybot instead, and update & scan regularly. Also make sure you have a good anti-virus, PC-Cillin or Norton. The free A/V AVG is poor, I also found 16 viruses on a machine using MaCaFee full version,
and removed all with a 30 day fre trial version of Trend PC-Cillin 2006.
Hope this helps,
Eamonn.

Many thanks for your prompt response. Cannot operate mscconfig - get message windows cannot find ! Downloaded as you suggested Trend Micro chillin - ran full scan - nothing found. Any further suggestions would be appreciated.

0

Many thanks for your prompt response. Cannot operate mscconfig - get message windows cannot find ! Downloaded as you suggested Trend Micro chillin - ran full scan - nothing found. Any further suggestions would be appreciated.

try 'msconfig' not 'mscconfig' . Viruses are not the only malware that play with default settings, some spyware can do that pretty good as well, get Ad-Aware of www.download.com it's free, then scan for spyware. If that is not working then, along with all your other problems, save what you can and re-install from scratch, if you have an OEM machine save and revert back to factory settings.
Eamonn.

0

try 'msconfig' not 'mscconfig' . Viruses are not the only malware that play with default settings, some spyware can do that pretty good as well, get Ad-Aware of www.download.com it's free, then scan for spyware. If that is not working then, along with all your other problems, save what you can and re-install from scratch, if you have an OEM machine save and revert back to factory settings.
Eamonn.

Thank you again for your help. Still cannot use misconfig - will not work !Have tried about 8 spyware/virus programes without success including the one you recommended. Cannot access System restore or misconfig.My recovery cd is an older version of XP and will therefore not load. Any further suggestions would be appreciated.

0

Thank you again for your help. Still cannot use misconfig - will not work !Have tried about 8 spyware/virus programes without success including the one you recommended. Cannot access System restore or misconfig.My recovery cd is an older version of XP and will therefore not load. Any further suggestions would be appreciated.

its msconfig not misconfig

0

brown1950, after booting and hardrive is at rest, close ALL applications. Go to START/RUN type and spell right MSCONFIG. NOT misconfig. Press 'Enter' This should open 'System Configuration Utility'. Do not change any setting in this unless you know EXACTLY what you are doing. Just look for the 'Launch System Restore' button and press. If you cant access it via normal boot, boot from safe mode and follow the same steps. Hope this helps, remember its MSCONFIG you type not MISCONFIG. ie MicroSoftCONFIGuration utility.
Eamonn.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.