System Restore... Won't

keygolf,

Disable System Restore (Start|Control Panel|System|Sytem Restore tab) and reboot. Return and enable System Restore. Try creating a manual restore point and restoring to it. If your restore database is currently corrupted the process can display the symptoms you describe.

Denny:

Thanks a bunch. I was able to create a restore point for today, but I couldn't find a way to get back to a time when my machine was functioning better. Is there  any way to do that?

My system hangs a lot. (It's doing it right now). I type something and have to wait several seconds for it to appear. Outlook Express functions slowly. So does IE6. All systems appear to hang. I've got the programs to "fight" adware. I've got the trojan fighters, the antivirus. I've defragged regularly. I'm and editor for ODP. But everything is running slowly and "hanging."  I had a laptop with windows 95 and it was faster than my XP. So I thought I'd try to get back to a time when I knew it was moving "sanely." Tried. No deal.

Thanks for your help.

I`m afraid the only way to turn back the clock is with system restore. Since you don`t have any old restore points you can`t do it.

Why do you want to go back? What`s wrong with your system?

If it used to run faster, go get HijackThis and post back the Log it creates

http://mjc1.com/mirror/hjt/   

Keygolf Posting hijack this

Logfile of HijackThis v1.97.6
Scan saved at 7:41:20 PM, on 5/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\tsccda.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\EdoPSbNx.exe
C:\WINDOWS\System32\Jwej.exe
C:\Program Files\AD Killer\adkiller.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Carey Mumford\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADKILL~1\NAMESP~1.DLL
O3 - Toolbar: (no name) - {C4370071-9FF8-4442-B9C7-F849AC0789CA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [PopupBlock] C:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [0SfRse] C:\documents and settings\carey mumford\local settings\temp\0SfRse.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Oval63H.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [2FnO37P] C:\WINDOWS\System32\tsccda.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [AD Killer] C:\Program Files\AD Killer\adkiller.exe
O4 - HKCU\..\Run: [WTSI] C:\WINDOWS\System32\wapisvit.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Energizer FileSaver.lnk = ?
O4 - Global Startup: Turbo Surfer 2.0.lnk = ?
O8 - Extra context menu item: &Anonymization - C:\WINDOWS\System32\sys32.htm
O9 - Extra 'Tools' menuitem: &AD Killer (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Anonymization.Net (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1252c83741d5a169ef22/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37918.3211342593
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

keygolf,

Something dunedin should have mentioned is that the HijackThis experts expect to find logs in the Virus Information and Removal board. Can you post another copy there? You should include a description of the problems you're experiencing.

I spotted a couple of suspicious-looking programs. Hopefully they'll be able to help get things fixed up for you.

Jim

Message Edited by jimw on 05-13-2004 07:16 PM

OK,

It`s way past my bedtime so haven`t had too much time.

Here`s my first reading, so see how you are running after fixing.  If you still have problems post another log tomorrow

You`ve got the Peper trojan     “Bazooka”will kill it.
http://www.kephyr.com/spywarescanner/?source=bottomlink

Run HijackThis again and tick the following for it to fix

O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1252c83741d5a169ef22/netzip/RdxIE601.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Reboot and delete
C:\WINDOWS\System32\IEHost.exe

It might not be totally clean yet but the worst ones will be gone hopefully.

 

dunedin:

Removed the files you indicated. I think it's slightly better, but it's still inclined to "hang."

Thanks for the help.

keygolf

There may be more, as I was pretty tired  so late last night

Won`t do any harm to run it again and post another log.

It looks like you are not supposed to post it here, so put it in the right forum

dunedin:

Thanks. I think I'll give it a couple of days, since it seems better, and then if it goes "south" again, I'll put it over in the "Virus" cat. (I did post the first one there after I saw the other note). Apologies for not knowing it should have gone there to begin with.

keygolf

 

I`m quite new to this forum and I did not know either. 

It may be OK now as we got rid of a few nasties, so here`s hoping.......