System Restore Won't Work

S

SuPerB SainT

System Restore won't work.

Whenever i try to go to a restore point i have created i get the message

"Restoration Incomplete. Your computer cannot be restored to (whatever
point it was i selected) Please choose another point.

I choose another point....matter of fact....none of them i choose will
work.
I even turned off system restore...and then turned it back on....thereby
purging all restore points. When you do this an automatic restore point
is created. I tested this automatic restore point after one to two
days...and it works fine during that period....but after that......any
restore points i have created...or even that automatic one that was
generated when i turned system restore back on....none of the restore
points will work.

I even chatted with HP online....and they gave me a patch to install
saying this would solve the problem....this was the patch right here:

http://www.kellys-korner-xp.com/regs_edits/systemrestore.reg

It did not work.

I found out through some research of my own....that if i turn off my
computer....and boot it up tapping f8 and enter using safe mode...and
THEN go to system restore....that i am successfully able to restore my
computer........but this is impractical...and takes a long time to do!

Why does this work in Safe mode....and not like it is supposed to in
regular operating mode??

HP also told me that if the patch did not work....that my only
alternative would be to reformat my hard drive....and i REALLY don't
want to do that unless it is absolutely neccessary!!

What i am ultimately wanting....is for system restore to function
normally and consistently in the manner it is supposed to.

HELP!!! ......TIA!!

Larry
 
S

SuPerB SainT

Hi Gerry....thanks for your post!

yes...i have came across this page....and have tried everything on
it....with the exception of reinstalling System Restore....which i have
just did. I won't know till a couple of days elapses if it work on not
though....as all the restore oints seem to work the first couple of
days....and then quit working.

A very good reference page indeed though!!

Thanks!


Re: System Restore Won't Work

Group: microsoft.public.windowsxp.help_and_support Date: Mon, Mar 13,
2006, 7:04pm (CST+6) From: (e-mail address removed) (Gerry Cornell)
See if this link helps:
http://bertk.mvps.org/html/srfail.html
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
System Restore won't work.
Whenever i try to go to a restore point i have created i get the message
"Restoration Incomplete. Your computer cannot be restored to (whatever
point it was i selected) Please choose another point.
  I choose another point....matter of fact....none of them i choose
will
work.
I even turned off system restore...and then turned it back on....thereby
purging all restore points. When you do this an automatic restore point
is created. I tested this automatic restore point after one to two
days...and it works fine during that period....but after that......any
restore points i have created...or even that automatic one that was
generated when i turned system restore back on....none of the restore
points will work.
I even chatted with HP online....and they gave me a patch to install
saying this would solve the problem....this was the patch right here:
http://www.kellys-korner-xp.com/regs_edits/systemrestore.reg
It did not work.
I found out through some research of my own....that if i turn off my
computer....and boot it up tapping f8 and enter using safe mode...and
THEN go to system restore....that i am successfully able to restore my
computer........but this is impractical...and takes a long time to do!
Why does this work in Safe mode....and not like it is supposed to in
regular operating mode??
HP also told me that if the patch did not work....that my only
alternative would be to reformat my hard drive....and i REALLY don't
want to do that unless it is absolutely neccessary!!
What i am ultimately wanting....is for system restore to function
normally and consistently in the manner it is supposed to.
HELP!!! ......TIA!!
Larry
 
B

Bert Kinney

Hi,

If System Restore works in Safe Mode but not in Normal mode, then there
is most likely an application interfering with it's functioning.

Let's take a look at Event Viewer for any System Restore logs that may
have been created recently that may help us diagnosing the problem.

Go to Start - Run and type eventvwr.msc and press enter.
Click on System in the left pane.
Click the gray title "Source" at the top of the source name column in
the right pane to sort by source name, look for "sr" and "srservice".
Double click on each of these events, then click on the button below the
two arrows in the upper right corner. This will copy the event
information to the clipboard. Paste the information for each of the two
event here. There's no need to post duplicate Event ID's.

How do I use the Event Viewer to search for System Restore logs?
http://bertk.mvps.org/html/tips.html#EventViewer
 
S

SuPerB SainT

Hi Bert....

I wish i would have seen your post a bit earlier......cuz i already
disabled System Restore....and i am trying out a product from Stompsoft
called PC BackUp.

I did go through the steps you suggested though when researching my
problem.....ya know about the eventvwr.msc and i couldn't make heads or
tails of it.

I even reinstalled system restore.....and i thought it had fixed it....I
tested it for the first couple of days to insure it was working.....and
i was almost ecstatic because i thought the problem was resovled...only
to get that same REstoration iNcomplete message on the second
day.....What was puzzling to me thought.....was i got that message on a
restore point that had previously worked the day before......and
later.....that same restore point gave me the Restoration Incomplete.

I am not sure if I should enable System Restore while i have the PC
BACKUP program on my computer or not...... i will have to check the
manual and see what it says.

One Question......if i enable System Restore again.....i know it will be
fresh and have no restore points other that the one it generates when
you turn it back on.....but.....if i enable System Restore
again.....will all the old system restore logs still be viewable or does
that also get renewed?

Thanks for your post Bert!

Larry

Re: System Restore Won't Work

Group: microsoft.public.windowsxp.help_and_support Date: Tue, Mar 14,
2006, 9:12pm (CST+1) From: (e-mail address removed) (Bert Kinney)
Hi,
If System Restore works in Safe Mode but not in Normal mode, then there
is most likely an application interfering with it's functioning.
Let's take a look at Event Viewer for any System Restore logs that may
have been created recently that may help us diagnosing the problem.
Go to Start - Run and type eventvwr.msc and press enter. Click on System
in the left pane.
Click the gray title "Source" at the top of the source name column in
the right pane to sort by source name, look for "sr" and "srservice".
Double click on each of these events, then click on the button below the
two arrows in the upper right corner. This will copy the event
information to the clipboard. Paste the information for each of the two
event here. There's no need to post duplicate Event ID's.
How do I use the Event Viewer to search for System Restore logs?
http://bertk.mvps.org/html/tips.html#EventViewer
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
SuPerB SainT wrote:
System Restore won't work.
Whenever i try to go to a restore point i have created i get the message
"Restoration Incomplete. Your computer cannot be restored to (whatever
point it was i selected) Please choose another point.
  I choose another point....matter of fact....none of them i choose
will work.
I even turned off system restore...and then turned it back on....thereby
purging all restore points. When you do this an automatic restore point
is created. I tested this automatic restore point after one to two
days...and it works fine during that period....but after that......any
restore points i have created...or even that automatic one that was
generated when i turned system restore back on....none of the restore
points will work.
I even chatted with HP online....and they gave me a patch to install
saying this would solve the problem....this was the patch right here:
http://www.kellys-korner-xp.com/regs_edits/systemrestore.reg
It did not work.
I found out through some research of my own....that if i turn off my
computer....and boot it up tapping f8 and enter using safe mode...and
THEN go to system restore....that i am successfully able to restore my
computer........but this is impractical...and takes a long time to do!
Why does this work in Safe mode....and not like it is supposed to in
regular operating mode??
HP also told me that if the patch did not work....that my only
alternative would be to reformat my hard drive....and i REALLY don't
want to do that unless it is absolutely neccessary!!
What i am ultimately wanting....is for system restore to function
normally and consistently in the manner it is supposed to.
HELP!!! ......TIA!!
Larry
 
S

SuPerB SainT

Bert....i was able to find the event logs where it gave me Restoration
Incomplete.

I posted two instances of them below.....also....there is an instance
where you can see where i disabled System Restore.

Like i said earlier though.....i can't make heads or tails of the
information in the log.

Event Log

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date:  3/14/2006
Time:  6:07:23 AM
User:  N/A
Computer: YOUR-XHTR8HVC4P
Description:
A restoration to "System Checkpoint" restore point failed.  No changes
have been made to the system.
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 116
Date:  3/14/2006
Time:  6:11:55 AM
User:  N/A
Computer: YOUR-XHTR8HVC4P
Description:
System Restore monitoring was disabled on all drives.
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date:  3/11/2006
Time:  10:09:33 PM
User:  N/A
Computer: YOUR-XHTR8HVC4P
Description:
The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file '_filelst.cfg' on the volume
'HarddiskVolume2'.  It has stopped monitoring the volume.
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 00 00 04 00 4e 00   ......N.
0008: 00 00 00 00 01 00 00 c0   .......À
0010: 00 00 00 00 00 00 00 00   .......
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date:  3/11/2006
Time:  10:20:03 PM
User:  N/A
Computer: YOUR-XHTR8HVC4P
Description:
The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume
'HarddiskVolume2'.  It has stopped monitoring the volume.
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 00 00 04 00 4e 00   ......N.
0008: 00 00 00 00 01 00 00 c0   .......À
0010: 00 00 00 00 00 00 00 00   .......
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
 
S

SuPerB SainT

I have ran Norton, Spybot Search and Destroy, Spy Sweeper for MSN,
Microsoft Antispyware, and Ad-AwareSE....and so that can be ruled
out......none of the above found anything....well...a couple of tracking
cookies on Ad- Aware....but that was it.


Re: System Restore Won't Work

Group: microsoft.public.windowsxp.help_and_support Date: Tue, Mar 14,
2006, 9:14pm (CST+1) From: (e-mail address removed) (Bert Kinney)
I should have also added that this could also be caused by virus/malware
infection. This will need to be ruled out.
Virus and Spyware removal and prevention steps:
http://bertk.mvps.org/html/spyware.html
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
SuPerB SainT wrote:
System Restore won't work.
Whenever i try to go to a restore point i have created i get the message
"Restoration Incomplete. Your computer cannot be restored to (whatever
point it was i selected) Please choose another point.
  I choose another point....matter of fact....none of them i choose
will work.
I even turned off system restore...and then turned it back on....thereby
purging all restore points. When you do this an automatic restore point
is created. I tested this automatic restore point after one to two
days...and it works fine during that period....but after that......any
restore points i have created...or even that automatic one that was
generated when i turned system restore back on....none of the restore
points will work.
I even chatted with HP online....and they gave me a patch to install
saying this would solve the problem....this was the patch right here:
http://www.kellys-korner-xp.com/regs_edits/systemrestore.reg
It did not work.
I found out through some research of my own....that if i turn off my
computer....and boot it up tapping f8 and enter using safe mode...and
THEN go to system restore....that i am successfully able to restore my
computer........but this is impractical...and takes a long time to do!
Why does this work in Safe mode....and not like it is supposed to in
regular operating mode??
HP also told me that if the patch did not work....that my only
alternative would be to reformat my hard drive....and i REALLY don't
want to do that unless it is absolutely neccessary!!
What i am ultimately wanting....is for system restore to function
normally and consistently in the manner it is supposed to.
HELP!!! ......TIA!!
Larry
 
B

Bert Kinney

Hi,

SuPerB said:
Hi Bert....

I wish i would have seen your post a bit earlier......cuz i already
disabled System Restore....and i am trying out a product from
Stompsoft called PC BackUp.

I did go through the steps you suggested though when researching my
problem.....ya know about the eventvwr.msc and i couldn't make heads
or tails of it.

I even reinstalled system restore.....and i thought it had fixed
it....I tested it for the first couple of days to insure it was
working.....and i was almost ecstatic because i thought the problem
was resovled...only to get that same REstoration iNcomplete message
on the second day.....What was puzzling to me thought.....was i got
that message on a restore point that had previously worked the day
before......and later.....that same restore point gave me the
Restoration Incomplete.
Click to expand...

I believe something is corrupting the System Restore log. See my reply
to your next post.
I am not sure if I should enable System Restore while i have the PC
BACKUP program on my computer or not...... i will have to check the
manual and see what it says.
Click to expand...

Yes check the manual. You may also want to check there web site.
One Question......if i enable System Restore again.....i know it will
be fresh and have no restore points other that the one it generates
when you turn it back on.....but.....if i enable System Restore
again.....will all the old system restore logs still be viewable or
does that also get renewed?
Click to expand...

If you are referring to Event Logs, no they should still be there until
they are overwritten by newer ones.
If you are referring to System Restore logs located in the System Volume
Information folder, then no. They should be deleted at the time SR was
turned off.
 
B

Bert Kinney

Hi,

The last two event logs are helpful. Good work. I appears that the file
'_filelst.cfg' is interfering with the SR filter. And that
'_filelst.cfg' is located on a partition or drive other than the one
Windows is installed on. I would suggest disabling SR on all
drives/partition other than the one Windows is installed on.
 
S

SuPerB SainT

Hi Bert!!...thanks for your reponse!

YOu know when i chatted with HP i asked them about that partition
drive....and they said to leave it monitored......matter of fact that is
how it comes on the machine by default???....although i couln't
understand why....as that is the recovery partition and why should it be
monitored??....I am thinking if it is a recovery partition it should
never be change??

Anyway, i have disabled the D drive that it is on.....and i will give SR
another try in a couple of days to see if the Restoration Incomplete is
goine.....as that is how long it takes after i make a change to
it.....before it starts to fail.

I will post back by findings here....

Thanks so much for your help!!!....it is greatly appreciated!!!

Larry


Re: System Restore Won't Work-EVENT LOG

Group: microsoft.public.windowsxp.help_and_support Date: Wed, Mar 15,
2006, 11:23am (CST+1) From: (e-mail address removed) (Bert Kinney)
Hi,
The last two event logs are helpful. Good work. I appears that the file
'_filelst.cfg' is interfering with the SR filter. And that
'_filelst.cfg' is located on a partition or drive other than the one
Windows is installed on. I would suggest disabling SR on all
drives/partition other than the one Windows is installed on.
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
SuPerB SainT wrote:
Bert....i was able to find the event logs where it gave me Restoration
Incomplete.
I posted two instances of them below.....also....there is an instance
where you can see where i disabled System Restore.
Like i said earlier though.....i can't make heads or tails of the
information in the log.
  Event Log
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 3/14/2006
Time: 6:07:23 AM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
A restoration to "System Checkpoint" restore point failed. No changes
have been made to the system.
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 116
Date: 3/14/2006
Time: 6:11:55 AM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
System Restore monitoring was disabled on all drives.
Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 3/11/2006
Time: 10:09:33 PM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file '_filelst.cfg' on the volume
'HarddiskVolume2'. It has stopped monitoring the volume.
Event Source: sr
Event Category: None
Event ID: 1
Date: 3/11/2006
Time: 10:20:03 PM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume
'HarddiskVolume2'. It has stopped monitoring the volume.
 
S

SuPerB SainT

Well NO-GO Bert.... :(

I thought that might have been the answer about turning off system
restore......reenabling it....and then turning off the monitoring on the
D drive (where the recovery partition is)......but i still get
Restoration Incomplete???

This is the log file of the Restoration i just tried a half hour or so
ago.....there is not a lot of facts about it in the log....only that it
failed and an event ID number.

One last question.....is there any harm in using System Restore when you
need it all the time in Safe Mode??....I wouldn't think so....but i
really don't know.....that is why i ask.

Thanks for your time Bert....I appreciate it very much!!

Larry

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date:  3/16/2006
Time:  2:19:21 AM
User:  N/A
Computer: YOUR-XHTR8HVC4P
Description:
A restoration to "System Checkpoint" restore point failed.  No changes
have been made to the system.
 
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
 
B

Bert Kinney

SuPerB said:
Hi Bert!!...thanks for your reponse!

YOu know when i chatted with HP i asked them about that partition
drive....and they said to leave it monitored......matter of fact that
is how it comes on the machine by default???....although i couln't
understand why....as that is the recovery partition and why should it
be monitored??....I am thinking if it is a recovery partition it
should never be change??
Click to expand...

HP is wrong. The recovery partition should not be monitored by System
Restore.
Anyway, i have disabled the D drive that it is on.....and i will give
SR another try in a couple of days to see if the Restoration
Incomplete is goine.....as that is how long it takes after i make a
change to it.....before it starts to fail.

I will post back by findings here....

Thanks so much for your help!!!....it is greatly appreciated!!!
Click to expand...

You're welcome.
 
B

Bert Kinney

SuPerB said:
Well NO-GO Bert.... :(

I thought that might have been the answer about turning off system
restore......reenabling it....and then turning off the monitoring on
the D drive (where the recovery partition is)......but i still get
Restoration Incomplete???
Click to expand...

Leave the recovery partition unmonitored.
This is the log file of the Restoration i just tried a half hour or so
ago.....there is not a lot of facts about it in the log....only that
it failed and an event ID number.
Click to expand...

Yes, that event log is of no help.

I suspect that there is an application interfering with System Restore's
function.

The next step would be to use the clean boot process to identify the
culprit.

Are there any Norton products installed on the system?

How to perform a clean boot in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310353

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/Default.aspx?kbid=316434

How to troubleshoot by using the System Configuration utility in Windows
XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310560
One last question.....is there any harm in using System Restore when
you need it all the time in Safe Mode??....I wouldn't think so....but
i really don't know.....that is why i ask.
Click to expand...

The only difference in restoring a system in Safe Mode is that there is
no UNDO restore point created in the process. So create a new restore
point before restoring the system.
Thanks for your time Bert....I appreciate it very much!!
Click to expand...

You're welcome Larry.
 
S

SuPerB SainT

Bert....i did the 6 steps that were on that page.....and below is the
hIjack this log:


Logfile of HijackThis v1.99.1
Scan saved at 6:16:00 AM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\DownloadFilesC\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} -
C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} -
C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
- C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click
Answers\answers.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt
7\SnagIt32.exe
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click
Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Flash with Flash Capture -
C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Link Target in Firefox -
file://C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View This Page in Firefox -
file://C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) -
http://www.powerleap.com/cab_files/InSPECS3_0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107133395609
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136951222022
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
- http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program
Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet
Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Group: microsoft.public.windowsxp.help_and_support Date: Thu, Mar 16,
2006, 12:15pm (CST+1) From: (e-mail address removed) (Bert Kinney)
Hi,
You could post a HiJackThis log here to confirm that the system is clean
of virus/malware infection.
Make sure to read the Announcement post at the top of the forum page
before posting the log.
AumHa Forums
http://aumha.net/viewforumphp?f=30
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
SuPerB SainT wrote:
I have ran Norton, Spybot Search and Destroy, Spy Sweeper for MSN,
Microsoft Antispyware, and Ad-AwareSE....and so that can be ruled
out......none of the above found anything....well...a couple of tracking
cookies on Ad- Aware....but that was it.
Re: System Restore Won't Work
Group: microsoft.public.windowsxp.help_and_support Date: Tue, Mar 14,
2006, 9:14pm (CST+1) From: (e-mail address removed) (Bert Kinney) I should have
also added that this could also be caused by virus/malware infection.
This will need to be ruled out. Virus and Spyware removal and prevention
steps: http://bertk.mvps.org/html/spyware.html
 
S

SuPerB SainT

Ok Thanks!!...did disable monitoring of the D drive (recovery partition)
and left it unmonitored.

I will also check out the links you provided me below.....many thanks!!!

Larry

Re: System Restore Won't Work-NO GO :(

Group: microsoft.public.windowsxp.help_and_support Date: Thu, Mar 16,
2006, 12:08pm (CST+1) From: (e-mail address removed) (Bert Kinney)
SuPerB SainT wrote:
Well NO-GO Bert.... :(
I thought that might have been the answer about turning off system
restore......reenabling it....and then turning off the monitoring on the
D drive (where the recovery partition is)......but i still get
Restoration Incomplete???
Leave the recovery partition unmonitored.
This is the log file of the Restoration i just tried a half hour or so
ago.....there is not a lot of facts about it in the log....only that it
failed and an event ID number.
Yes, that event log is of no help.
I suspect that there is an application interfering with System Restore's
function.
The next step would be to use the clean boot process to identify the
culprit.
Are there any Norton products installed on the system?
How to perform a clean boot in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310353
How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/Default.aspx?kbid=316434
How to troubleshoot by using the System Configuration utility in Windows
XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310560
One last question.....is there any harm in using System Restore when you
need it all the time in Safe Mode??....I wouldn't think so....but i
really don't know.....that is why i ask.
The only difference in restoring a system in Safe Mode is that there is
no UNDO restore point created in the process. So create a new restore
point before restoring the system.
Thanks for your time Bert....I appreciate it very much!!
You're welcome Larry.
Larry
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 3/16/2006
Time: 2:19:21 AM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
A restoration to "System Checkpoint" restore point failed. No changes
have been made to the system.
 
H

Havelock

Hi - My Sys Res won't work either - if i knew how to uninstall XP + SP2
I'd do it and reinstall. Windows won't let me write original XP disc
over op. sys - says installed one is newer!

Havelock
 
B

Bert Kinney

Hi,

You will want to post the HJT log on the AumHa Forums. The folks there
specialize in reading these logs.
http://aumha.net/viewforumphp?f=30

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

SuPerB said:
Bert....i did the 6 steps that were on that page.....and below is the
hIjack this log:


Logfile of HijackThis v1.99.1
Scan saved at 6:16:00 AM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\DownloadFilesC\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208}
-
C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: 1-Click Answers -
{7754C418-F62E-44aa-B169-E719E718BCFD} -
C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{C4069E3A-68F1-403E-B40E-20066696354B}
- C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click
Answers\answers.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt
7\SnagIt32.exe
O8 - Extra context menu item: Answers... - file:C:\Program
Files\1-Click
Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Flash with Flash Capture -
C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Link Target in Firefox -
file://C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View This Page in Firefox -
file://C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
-
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
-
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
-
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0
Control) -
http://www.powerleap.com/cab_files/InSPECS3_0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107133395609
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136951222022
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5)
- http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program
Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet
Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner -
C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Protection Center Service (NSCService) -
Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation
- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Group: microsoft.public.windowsxp.help_and_support Date: Thu, Mar 16,
2006, 12:15pm (CST+1) From: (e-mail address removed) (Bert Kinney)
Hi,
You could post a HiJackThis log here to confirm that the system is
clean
of virus/malware infection.
Make sure to read the Announcement post at the top of the forum page
before posting the log.
AumHa Forums
http://aumha.net/viewforumphp?f=30
Click to expand...
 
B

Bert Kinney

Hi,

Depending on the type of Windows CD you have, you may be able to
Slipstream SP-2 and the original OP, and burn it to a CD.

How to use AutoStreamer to Slipstream Windows XP Service Pack 2
http://www.simplyguides.net/guides/using_autostreamer/using_autostreamer.html

As for System Restore, there are several reasons this may occur. Let's
take a look at Event Viewer for any System Restore logs that may have
been created recently that may help us diagnosing the problem.

Go to Start - Run and type eventvwr.msc and press enter.
Click on System in the left pane.
Click the gray title "Source" at the top of the source name column in
the right pane to sort by source name, look for "sr" and "srservice".
Double click on each of these events, then click on the button below the
two arrows in the upper right corner. This will copy the event
information to the clipboard. Paste the information for each of the two
event here. There's no need to post duplicate Event ID's.

How do I use the Event Viewer to search for System Restore logs?
http://bertk.mvps.org/html/tips.html#EventViewer

Here are some more links for troubleshooting System Restore.

System Restore Failures to restore:
http://bertk.mvps.org/html/srfail.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

old gateway running xp pro need directions how to use restore cds 6
System restore fails 5
System Restore Keeping Only One Restore Point 71
System restore points missing 2
System Restore failures 2
Re: Deleting the System Volume Information folder 1
Windows XP restore fails 7
System Restore question 7

Top