System Restore Won't Work

[SuPerB SainT]

Ok....i will do just that. Thanks for all your help...i do appreciate
it!!!


Re: System Restore Won't Work-HijackThis File Log

Group: microsoft.public.windowsxp.help_and_support Date: Fri, Mar 17,
2006, 2:32pm (CST+1) From: (e-mail address removed) (Bert Kinney)
Hi,
You will want to post the HJT log on the AumHa Forums. The folks there
specialize in reading these logs.
http://aumha.net/viewforumphp?f=30
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
SuPerB SainT wrote:
Bert....i did the 6 steps that were on that page.....and below is the
hIjack this log:
Logfile of HijackThis v1.99.1
Scan saved at 6:16:00 AM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common
Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program
Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program
Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program
Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\DownloadFilesC\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us9.hpwis.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208}
-
C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF
Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO:
SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: Norton
Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2
- BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar:
1-Click Answers -
{7754C418-F62E-44aa-B169-E719E718BCFD} -
C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: HP View
- {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program
files\hewlett-packard\digital imaging\bin\hpdtlk02.dll O3 - Toolbar:
SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program
Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Norton Internet
Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar:
Norton AntiVirus -
{C4069E3A-68F1-403E-B40E-20066696354B}
- C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run:
[gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 -
Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click
Answers\answers.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt
7\SnagIt32.exe
O8 - Extra context menu item: Answers... - file:C:\Program
Files\1-Click
Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 -
Extra context menu item: Download Flash with Flash Capture - C:\Program
Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context
menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Open
Link Target in Firefox - file://C:\Documents and
Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra
context menu item: View This Page in Firefox - file://C:\Documents and
Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\v478dy8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
-
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Run
WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button:
MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
-
C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button:
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
-
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF:
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16
- DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) -
http://www.powerleap.com/cab_files/InSPECS3_0.cab O16 - DPF:
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF:
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base
Module) -
https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107133395609
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136951222022
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 -
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5)
- http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 -
Winlogon Notify: OPXPGina - C:\Program
Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 -
Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service:
Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver
Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod
Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus
Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner -
C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norton
Protection Center Service (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation
- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 -
Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service:
Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Group: microsoft.public.windowsxp.help_and_support Date: Thu, Mar 16,
2006, 12:15pm (CST+1) From: (e-mail address removed) (Bert Kinney) Hi,
You could post a HiJackThis log here to confirm that the system is clean
of virus/malware infection.
Make sure to read the Announcement post at the top of the forum page
before posting the log.
AumHa Forums
http://aumha.net/viewforumphp?f=30

 

[Guest]

Hi,

I am also unable to use System Restore, in fact *never* been able to utilize
it. I have it turned on. I have tried several different restore points
(System Checkpoint and Software Distribution) without success. I also tried
System Restore from Safe Mode, but that did not work either.

I am running Norton System Works 2006, and followed directions to turn off
the "Protect my Product" feature in NAV, before attempting the above restores.

I followed your directions to gather SR logs. Only found four instances of
"srservice", no "sr" event was found.

I used to manually set restore points once or twice a week, however since I
could not get SR to work, I stopped setting them manually. I am running
Windows XP Home SP2. Any assistance would be much appreciated.

 

[Bert Kinney]

Hi,

I am also unable to use System Restore, in fact *never* been able to utilize
it. I have it turned on. I have tried several different restore points
(System Checkpoint and Software Distribution) without success. I also tried
System Restore from Safe Mode, but that did not work either.

I am running Norton System Works 2006, and followed directions to turn off
the "Protect my Product" feature in NAV, before attempting the above restores.

Completely uninstalling NSW is the first step in troubleshooting System Restore.

Symantec Removal
http://basconotw.mvps.org/SymRem.htm

I followed your directions to gather SR logs. Only found four instances of
"srservice", no "sr" event was found.

Post the contents of the logs.
Event Viewer Help:
http://bertk.mvps.org/html/source.html