1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System restore fails

Discussion in 'Windows XP' started by machinist60, Feb 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    For the past couple of months system restore has been failing. I get the
    helpful message that my 'computer cannot be restored' to the selected time.
    There are some 10 restore points available and none seem to work. I have
    Win XP Pro sp3 fully updated. I have attempted a clean boot but always
    encounter the error 'access denied' when trying to disable or enable
    services. I have run sfc /scannow with no change.

    Any help gratefully received. John.

    ps this was also posted to microsoft.public.windowsxp.help_and_support

    sysinfo
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, x86 Family 15 Model 75 Stepping 2
    Processor Count: 2
    RAM: 2942 Mb
    Graphics Card: NVIDIA GeForce 6150SE nForce 430, 512 Mb
    Hard Drives: C: Total - 100000 MB, Free - 68335 MB; D: Total - 138472 MB, Free - 51229 MB; E: Total - 349999 MB, Free - 85170 MB; F: Total - 365402 MB, Free - 17616 MB; G: Total - 699996 MB, Free - 661005 MB; H: Total - 1207730 MB, Free - 825879 MB;
    Motherboard: ASUSTek Computer INC., NARRA
    Antivirus: AVG Internet Security 2013, Updated: Yes, On-Demand Scanner: Enabled
     
  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,635
    Hi and welcome.
    Download Security Check by screen317
    http://screen317.spywareinfoforum.org/
    Save it to your Desktop.

    Double click the install icon.
    A command Prompt window will open.
    Let it scan the Pc - press any key when asked.
    It should now open in Notepad - and will save a log called checkup.txt.
    Post the result of the scan here.
     
  3. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    Thank you. Here is the log:

    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG Internet Security 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 1%
    ````````````````````End of Log``````````````````````
     
  4. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,635
    Your system restore points may be corrupted.
    Are you having a problem that you need to use system restore?

    Turn off System Restore - restart your Pc and then turn on System restore.
    It will automaticlly set a restore point or you can set one yourself.
    How to turn off and turn on System Restore in Windows XP
    http://support.microsoft.com/kb/310405

    You already have MalwareBytes installed.

    MalwareBytes
    Start Malwarebytes Anti-Malware.
    Let it update first.
    Click on Scanner > then quick scan > then Scan.
    Any infections or problems will be highlighted in red.
    After the scan is finished - Click - Show Results.
    Check that all entries are selected.
    Click - Remove Selected.
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start Malwarebytes again.
    Click on the Logs Tab.
    Highlight the scan log entry.
    Click - Open.
    The scan log will appear in Notepad.
    Copy and paste it in your next post.

    SuperAntiSpyware
    Let it update first.
    Select the Quick Scan option.
    Click Scan your Computer.
    Any infections or problems will be highlighted in red.
    After the scan is finished.
    Click Continue.
    Check that everything is listed.
    Click Remove Threats.
    Click OK - then click Finish
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start SuperAntiSpyware again.
    Click View Scan Logs.
    Highlight the scan log entry.
    Click - View Selected Log.
    The scan log will appear in Notepad.
    Copy and paste in your next post.
     
  5. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    Here are the two scan logs:

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.16.03
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    John :: JOHNS-PC [administrator]
    Protection: Disabled
    2/16/2013 11:03:32 AM
    mbam-log-2013-02-16 (11-03-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 270988
    Time elapsed: 3 minute(s), 16 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    and

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 02/16/2013 at 11:19 AM
    Application Version : 5.6.1014
    Core Rules Database Version : 10017
    Trace Rules Database Version: 7829
    Scan type : Quick Scan
    Total Scan Time : 00:02:54
    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator
    Memory items scanned : 410
    Memory threats detected : 0
    Registry items scanned : 34260
    Registry threats detected : 0
    File items scanned : 7333
    File threats detected : 65
    Browser Hijacker.Favorites
    C:\Documents and Settings\John\Favorites\Favorites\Music and Movies
    C:\Documents and Settings\John\Favorites\Pharmacy
    Adware.Tracking Cookie
    C:\Documents and Settings\John\Cookies\H10R3B2E.txt [ /liveperson.net ]
    C:\Documents and Settings\John\Cookies\JVWM7IM9.txt [ /a.intentmedia.net ]
    C:\Documents and Settings\John\Cookies\BMF3E1PL.txt [ /ads.creative-serving.com ]
    C:\Documents and Settings\John\Cookies\3IBKT3QJ.txt [ /xiti.com ]
    C:\Documents and Settings\John\Cookies\QS3K0MXK.txt [ /accounts.google.com ]
    C:\Documents and Settings\John\Cookies\XE0KG6XT.txt [ /ads.fhserve.com ]
    C:\Documents and Settings\John\Cookies\97FBJVCK.txt [ /amazon-adsystem.com ]
    C:\Documents and Settings\John\Cookies\BMG8C1NW.txt [ /toplist.cz ]
    C:\Documents and Settings\John\Cookies\SITQA9WG.txt [ /accounts.google.com ]
    C:\Documents and Settings\John\Cookies\O3N309B2.txt [ /adtechus.com ]
    C:\Documents and Settings\John\Cookies\X9HK33SW.txt [ /dmtracker.com ]
    C:\Documents and Settings\John\Cookies\2C0UHLM2.txt [ /liveperson.net ]
    C:\Documents and Settings\John\Cookies\UHC78CHE.txt [ /ads.xda-developers.com ]
    C:\Documents and Settings\John\Cookies\D1APBVFZ.txt [ /7.rotator.wigetmedia.com ]
    C:\Documents and Settings\John\Cookies\BNEHCX1Z.txt [ /ads.ad4game.com ]
    C:\Documents and Settings\John\Cookies\WPQ30TMX.txt [ /histats.com ]
    C:\Documents and Settings\John\Cookies\ZPEB85NQ.txt [ /collective-media.net ]
    C:\Documents and Settings\John\Cookies\4AJP3TXO.txt [ /stats.paypal.com ]
    C:\Documents and Settings\John\Cookies\PPR45I49.txt [ /network.realmedia.com ]
    C:\Documents and Settings\John\Cookies\RNAIQF2O.txt [ /in.getclicky.com ]
    C:\Documents and Settings\John\Cookies\WVUTE6FZ.txt [ /yadro.ru ]
    C:\Documents and Settings\John\Cookies\G0728PV1.txt [ /msnportal.112.2o7.net ]
    C:\Documents and Settings\John\Cookies\UBSHITIU.txt [ /at.atwola.com ]
    C:\Documents and Settings\John\Cookies\8YLFJU0H.txt [ /e-2dj6wjlicjcjafp.stats.esomniture.com ]
    C:\Documents and Settings\John\Cookies\45K96EOY.txt [ /mediainfo.sourceforge.net ]
    C:\Documents and Settings\John\Cookies\H9RALT0I.txt [ /atdmt.com ]
    C:\Documents and Settings\John\Cookies\ZM04KLPY.txt [ /ads.pubmatic.com ]
    C:\Documents and Settings\John\Cookies\HBNJ411X.txt [ /ads.ookla.com ]
    C:\Documents and Settings\John\Cookies\ZLO1ALXK.txt [ /myroitracking.com ]
    C:\Documents and Settings\John\Cookies\FQ5UZXLN.txt [ /atdmt.combing.com ]
    C:\Documents and Settings\John\Cookies\Q4XXLJZF.txt [ /clicksor.com ]
    C:\Documents and Settings\John\Cookies\T8T3FT8C.txt [ /7.rotator.trafficbee.com ]
    C:\Documents and Settings\John\Cookies\BPGFM2EL.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\John\Cookies\IE9G5IAI.txt [ /ad.propellerads.com ]
    C:\Documents and Settings\John\Cookies\3FLMVWDU.txt [ /mm.chitika.net ]
    C:\Documents and Settings\John\Cookies\9TLWKTAK.txt [ /ads.opensubtitles.org ]
    C:\Documents and Settings\John\Cookies\YHBSU5WR.txt [ /media6degrees.com ]
    C:\Documents and Settings\John\Cookies\PPP9DA3X.txt [ /ox.ads4clicks.com ]
    C:\Documents and Settings\John\Cookies\9WH5YE94.txt [ /realmedia.com ]
    C:\Documents and Settings\John\Cookies\0TAR2GFX.txt [ /solvemedia.com ]
    C:\Documents and Settings\John\Cookies\IWXV3O3X.txt [ /ads.wsrs.net ]
    C:\Documents and Settings\John\Cookies\0L0BKHNP.txt [ /toplist.eu ]
    C:\Documents and Settings\John\Cookies\N68W13CV.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\John\Cookies\BK2D7B70.txt [ /ad.360yield.com ]
    C:\Documents and Settings\John\Cookies\332X8BW6.txt [ /msnbc.112.2o7.net ]
    C:\Documents and Settings\John\Cookies\FS5NYBJT.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\John\Cookies\ATTPHULO.txt [ /invitemedia.com ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\T7D1JGYA.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\SVWW9F34.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\ISC6WZO8.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\4L4VPQV4.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\OFAX1ENM.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\6WJG62N2.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\SM453I3H.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\WXHY4JJ6.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\X5MNQK8D.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\I1LSV5W4.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\STLBW02L.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\MVZTMVBT.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\EDLRWFEQ.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\JOHN\Cookies\4DH6OJZ1.txt [ Cookie:[email protected]/adsense/support ]
    C:\DOCUMENTS AND SETTINGS\JOHN\Cookies\JBQ3GX0U.txt [ Cookie:[email protected]/adServe ]
    C:\DOCUMENTS AND SETTINGS\JOHN\Cookies\R5KKWZEI.txt [ Cookie:[email protected]/adsense/ ]


    I turned off restore, rebooted, enabled restore, removed a couple of infrequently used programs and tried to restore, it still fails.

    John.
     
  6. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,635
    Post a Hjt log - to see what is running on your system.
    Hijack this 2.04
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Also post the uninstall log from Hjt log
    Start HiJackThis.
    At the bottom right - Other Stuff
    Click on Config > Misc Tools.
    Click > Open Uninstall Manager.
    Click > Save List.
    Save the uninstall list file on your desktop.
    It will then open in Notepad.
    Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.
     
  7. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    Thanks for your continuing help, here is the HijackThis log:
    ____________________________________________________

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:50:46 PM, on 2/20/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\AVG\AVG2013\avgfws.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\NetLimiter 3\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\PeerBlock\peerblock.exe
    C:\Program Files\NetLimiter 3\NLClientApp.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\DVD Flick\dvdflick.exe
    C:\Program Files\DVD Flick\bin\ffmpeg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 161.58.195.155 tempdomainname.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349479870484
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
    O18 - Protocol: linkscanner - (no CLSID) - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
    O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    --
    End of file - 8840 bytes
    ____________________________________________________

    and the HijackThis_uninstall_list
    ____________________________________________________

    µTorrent
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe AIR
    Adobe Community Help
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Digital Editions 2.0
    Adobe Flash Player 11 ActiveX
    Advanced System Optimizer
    Advanced SystemCare 6
    Advertising Center
    Angry Birds
    Angry Birds Rio
    Angry Birds Seasons
    Angry Birds Space
    Angry Birds Star Wars
    AVG 2013
    AVG 2013
    AVG 2013
    AviSynth 2.6
    calibre
    CCleaner
    ConvertXtoDVD 4 english manual
    ConvertXtoDVD 4.1.18.363
    Copernic Agent Personal
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diskeeper 2011
    DolbyFiles
    DVD Flick 1.3.0.7
    DVDStyler v2.3.4
    FBReader for Windows
    Folder Size for Windows
    Free FLAC to MP3 Converter 1.0
    FreeOCR v4.2
    HandBrake 0.9.8
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    HP Photosmart, Officejet and Deskjet 7.0.A
    ImageGrab 5.0.6 en
    ImgBurn
    Junk Mail filter update
    K-Lite Codec Pack 9.3.0 (Full)
    KROSS
    Malwarebytes Anti-Malware version 1.70.0.1100
    MediaInfo 0.7.61
    Menu Templates - Starter Kit
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 2.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Movie Templates - Starter Kit
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MTP Porting Kit
    Nero 9
    Nero BurnRights
    Nero ControlCenter
    Nero ControlCenter
    Nero CoverDesigner
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero MediaHome 4
    Nero MediaHome 4 Essentials
    Nero MediaHome 4 Help
    Nero Online Upgrade
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    NetLimiter 3
    NVIDIA Drivers
    OpenVPN 2.3.0-I001
    PDF ePub DRM Removal
    PDF Settings CS5
    PeerBlock 1.0+ (r484)
    Realtek High Definition Audio Driver
    RegClean Pro
    Registry Reviver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2744842)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype Click to Call
    Skype™ 6.0
    SoundTrax
    Spybot - Search & Destroy
    Subtitle Edit 3.2.8
    SUPERAntiSpyware
    TAP-Windows 9.9.2
    Unlocker 1.9.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    VobSub 2.23
    Winamp
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Mail
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    WinRAR 4.20 (32-bit)
    XMedia Recode version 3.1.4.1
    XviD4PSP 5.0
    Youtube Downloader HD v. 2.9.5
    ____________________________________________

    Thanks, John.
     
  8. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,635
    Advanced System Optimizer
    Advanced SystemCare 6
    RegClean Pro
    Registry Reviver
    All the above programs claim the clean the registry - these types of programs can and often do, cause more problems than they solve.
    Registry Cleaners.
    http://library.techguy.org/wiki/Registry_Cleaners
    http://miekiemoes.blogspot.co.uk/2008/02/registry-cleaners-and-system-tweaking_13.html

    uTorrent.exe
    Using the above can cause Malware to run on your system.

    Download AdwCleaner to your desktop.
    Close any browsers that may be open..
    Double click the adwcleaner.exe.

    Click on Search - the scan once finished, will open a notepad window.
    Post the logfile in the reply box below.
    The logfile is saved in C:\AdwCleaner[R1].txt.
    ---
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
     
  9. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    All good advice from Blues Harp, please follow what he has posted. I see you also have CCleaner which includes another Registry Cleaner, you should never use a Registry Cleaner unless you have in depth knowledge of the registry as they do make mistakes.

    Please answer the question asked by Blues Harp earlier, why do you want to use System Restore, is your PC suffering from any performance issues or are you just concerned that System Restore is not functioning correctly?

    A problem with System Restore can be a sign of an infection, please run this scan below which will check for any problem with the System Restore service and a few others.

    Please download Farbar Service Scanner and run it on the computer with the issue.

    • Put a check mark in all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  10. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    This all started because I wanted to do a restore after installing some HP software I didn't like (I have an HP printer) and wanted to remove it all by doing a restore but could not. I has since been removed in the normal way. I guess I have been a little free with registry cleaners but have been using them for some years without trouble, and they do indeed speed things up.

    Here is the AdwCleaner log:
    ___________________________________________________________________

    # AdwCleaner v2.112 - Logfile created 02/22/2013 at 20:30:52
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : John - JOHNS-PC
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\John\desktop\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\END
    Folder Found : C:\Documents and Settings\John\Local Settings\Application Data\Conduit
    Folder Found : C:\Program Files\Conduit
    ***** [Registry] *****
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\SmartBar
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\Software\Conduit
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [1572 octets] - [22/02/2013 20:30:52]
    ########## EOF - C:\AdwCleaner[R1].txt - [1632 octets] ##########
    ___________________________________________________________________

    and the Farbar Service Scanner log:
    ___________________________________________________________________

    Farbar Service Scanner Version: 20-02-2013
    Ran by John (administrator) on 22-02-2013 at 20:36:14
    Running from "C:\Documents and Settings\John\desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2012-10-04 20:45] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2008-04-14 05:42] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

    Extra List:
    =======
    Avgfwfd(8) Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) nltdi(10) PSched(7) Tcpip(4)
    0x0D000000050000000100000002000000030000000400000008000000090000000A0000000700000020490A00060000000B0000000C000000
    IpSec Tag value is correct.
    **** End of log ****

    I checked System restore service, it is started and automatic, and indeed system restore check points have been made daily for the past 6 days.
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The above logs look ok, but please run ADWCleaner again and this time click on the Delete button when you start to run it as there are a few items of Adware that need to be removed, post the log when done.

    You should always uninstall unwanted programs in the normal manor not use System Restore.

    How well is the system running now, any remaining performance issues?

    If you need to be convinced about the use of Registry Cleaners then read the following:

    IMPORTANT NOTE: Your log shows you are using a registry cleaner/optimizer. CCleaner. Although CCleaner is a usefull tool, please read this in respect of its Registry Cleaning function.

    I do not recommend the routine use of registry cleaners/optimizers for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry

    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Further, some vendors who offer registry cleaners use deceptive advertisements and claims which are borderline scams. They may alert you to finding thousands of registry errors which can only be fixed and improve performance if you use their product.

    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

    Unless you have a particular problem that requires a specific registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

    If you are still not convinced then please read the information in these following links.

    • Ed Bott's Weblog: Why I don’t use registry cleaners

    • Do I need a Registry Cleaner?

    • Registry Cleaners and System Tweaking Tools
     
  12. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    Mark many thanks for your post. After reading it and some of the links I will not use any registry cleaners/optimizers in the future. The system seems normal with the exception below but I still can't restore. I ran AdwCleaner, there was an update which AVG objected to but I ran the updated version anyway. After reboot I was able to save the log file then the system hung. A cold start was required. I had AVG scan AdwCleaner.exe again, now it is clean!
    Here is the log.

    # AdwCleaner v2.113 - Logfile created 02/25/2013 at 21:05:23
    # Updated 23/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : John - JOHNS-PC
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\John\desktop\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\END
    Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Program Files\Conduit
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\Software\Conduit
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [1701 octets] - [22/02/2013 20:30:52]
    AdwCleaner[S1].txt - [1662 octets] - [25/02/2013 21:05:23]
    ########## EOF - C:\AdwCleaner[S1].txt - [1722 octets] ##########


    John.
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, so System Restore remains an issue. Please run this scan below:

    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  14. machinist60

    machinist60 Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    7
    Restore failure still the issue. Here is the RogueKiller report:

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : John [Admin rights]
    Mode : Scan -- Date : 02/27/2013 21:36:14
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost
    161.58.195.155 tempdomainname.com
    127.0.0.1 www.applian.securesites.com
    127.0.0.1 3dns-2.adobe.com #192.150.22.22
    127.0.0.1 3dns-3.adobe.com #192.150.14.21
    127.0.0.1 3dns-4.adobe.com #192.150.18.247
    127.0.0.1 3dns-5.adobe.com #192.150.22.46
    127.0.0.1 adobe-dns.adobe.com #192.150.11.30
    127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
    127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
    127.0.0.1 adobe.activate.com #69.175.22.26
    127.0.0.1 activate.adobe.com #192.150.22.40
    127.0.0.1 activate.wip3.adobe.com #192.150.22.40
    127.0.0.1 activate.wip4.adobe.com #192.150.22.40
    127.0.0.1 activate-sea.adobe.com #192.150.22.40
    127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
    127.0.0.1 ereg.adobe.com #192.150.18.103
    127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
    127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
    127.0.0.1 practivate.adobe.com #192.150.18.54
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG SP2504C +++++
    --- User ---
    [MBR] d500251c14a4a7ed08da511fae98fca0
    [BSP] 6ab81512ed7b103b5f7d01d89b81ec91 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100000 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204800400 | Size: 138472 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive1: ST3750640AS +++++
    --- User ---
    [MBR] d68feb0e3dfcb46635e945aebb9260c0
    [BSP] a079e992e530c1aec2d012382ecbf9ab : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 349999 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 716799888 | Size: 365402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive2: ST2000DL003-9VT166 +++++
    --- User ---
    [MBR] 14024bc62e6f77bdb846bc5d213eb60f
    [BSP] 70de575101cb9a6b4cc9c6a9bc32551e : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 699996 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1433592405 | Size: 1207730 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_02272013_02d2136.txt >>
    RKreport[1]_S_02272013_02d2136.txt

    John.
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please follow all these instructions in the order listed. Please post all the logs requested in the instructions as directed.

    Uninstall the pirated Adobe product you are using.

    Uninstall Spybot S&D as it is no longer a recommended program and it can interfere with some of the tools we use. Check in Task Manager to see if the process Teatimer.exe is running, if it is Disable it and then uninstall the program. SuperAntiSpyware is adequate protection against Spyware and can be used to run regular scans.
    ==============================================================

    Please download OTM by OldTimer. Save it to your desktop.

    Double click OTM.exe to start the tool.

    • Copy the text in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    explorer.exe
    
    :Commands
    [createrestorepoint]
    [clearallrestorepoints]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [reboot]
    
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
    • Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
    • Even if that box does not appear the system should reboot as the command is included in the script.
    • When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

    -- Note: The logs are saved here: C:\_OTM\MovedFiles
    ===================================================================

    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.
    ====================================================================


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.


    ==============================================================

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089552

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice