Unable to use system restore

I got the dreaded blue screen the other night (had it a month or two ago and ran system restore).

Computer keeps asking me to put in a disk for Microsoft Office XP with Frontpage. System restore no longer available. Start menu ---> Programs will not come up.

Not sure if this is virus or what?

 

Thank you. Ran S&D and here is the log that Hijack This generated.

Not sure what else to say about what's working and what's not.

Logfile of HijackThis v1.99.1
Scan saved at 10:14:16 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\WINDOWS\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EC3FCEC-2C86-44F5-8B18-C4A4A08DF484} (ROVAUpdate Class) - http://www.ras.ml.com/rovacompany/ml/updates/rovaup2-4-116e.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189737460984
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5090/mcfscan.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\WINDOWS\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\WINDOWS\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program Files\ROVA Update\rovasrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

Welcome to WindowsBBS catwmandu

Do you recall the error message you got on the BSOD?

Lets use another tool to take a better look at things.


Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of both logs.

 

Disregard. Downloaded and about to run, thank you.

 

Deckard's System Scanner v20070905.67
Run by Stacy on 2007-09-15 11:17:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
70: 2007-09-11 23:50:01 UTC - RP388 - Software Distribution Service 3.0
69: 2007-09-11 00:44:42 UTC - RP387 - System Checkpoint
68: 2007-09-09 13:28:06 UTC - RP386 - System Checkpoint
67: 2007-09-08 09:03:18 UTC - RP385 - Installed Java(TM) 6 Update 2
66: 2007-09-07 22:45:42 UTC - RP384 - System Checkpoint


-- First Restore Point --
1: 2007-06-15 00:09:23 UTC - RP319 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Stacy.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-15 11:18:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TEMP.STACY-LAPTOP\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ShStatEXE] "C:\WINDOWS\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EC3FCEC-2C86-44F5-8B18-C4A4A08DF484} (ROVAUpdate Class) - http://www.ras.ml.com/rovacompany/ml/updates/rovaup2-4-116e.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189737460984
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} () - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5090/mcfscan.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - "C:\Program Files\iPod\bin\iPodService.exe "
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - "C:\WINDOWS\Program Files\Network Associates\VirusScan\Mcshield.exe "
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - "C:\WINDOWS\Program Files\Network Associates\VirusScan\VsTskMgr.exe "
O23 - Service: Neoteris Setup Service - Juniper Networks - "C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe "
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Unknown owner - C:\Program Files\ROVA Update\rovasrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 dsNcAdpt (Juniper Network Connect Adapter) - c:\windows\system32\drivers\dsncadpt.sys <Not Verified; Juniper Networks; Network Connect>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>

S3 AlcrFilt (Alcor Micro Corp) - c:\windows\system32\drivers\alcrfilt.sys <Not Verified; AlcorMicro; AlcorMicro AlcrFilt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 WscNetDr (MWL Filter Miniport) - c:\windows\system32\drivers\wscnetdr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 dsNcService (Juniper Network Connect Service) - c:\program files\juniper networks\common files\dsncservice.exe <Not Verified; Juniper Networks; Network Connect>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\windows\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 Neoteris Setup Service - "c:\program files\neoteris\installer service\neoterissetupservice.exe" <Not Verified; Juniper Networks; Neoteris Setup Service Module>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 ROVA_Srvc (ROVA Service) - c:\program files\rova update\rovasrvc.exe
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp


-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-15 11:16:44 0 d-------- \Deckard
2007-09-15 11:16:44 0 d-------- \Deckard
2007-09-14 21:27:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-14 19:45:25 0 d-------- C:\Documents and Settings\Stacy\Application Data\Mozilla
2007-09-14 19:36:29 0 d-------- C:\Network Associates
2007-09-14 19:36:29 0 d-------- \Network Associates
2007-09-14 19:36:29 0 d-------- \Network Associates
2007-09-14 19:35:09 0 d-------- C:\WINDOWS\Program Files
2007-09-14 19:35:09 0 d-------- C:\WINDOWS\Common Files
2007-09-13 22:52:57 0 d-------- C:\WINDOWS\Microsoft Shared
2007-09-13 22:52:55 0 d-------- C:\WINDOWS\Internet Explorer
2007-09-12 20:40:14 536281088 --ahs---- \hiberfil.sys
2007-09-12 20:40:14 536281088 --ahs---- \hiberfil.sys
2007-09-12 19:16:38 0 d-------- C:\WINDOWS\system32\%programfiles%
2007-09-12 19:16:35 0 d-------- C:\WINDOWS\system32\%commonprogramfiles%
2007-08-22 07:24:49 0 d--h----- C:\WINDOWS\system32\WLANProfiles
2007-08-22 07:24:49 0 d--h----- C:\Settings
2007-08-22 07:24:49 0 d--h----- \Settings
2007-08-22 07:24:49 0 d--h----- \Settings


-- Find3M Report ---------------------------------------------------------------

2007-09-15 11:17:12 0 d-------- \WINDOWS
2007-09-15 11:17:12 0 d-------- \WINDOWS
2007-09-15 11:03:31 805306368 --ahs---- \pagefile.sys
2007-09-15 11:03:31 805306368 --ahs---- \pagefile.sys
2007-09-14 21:27:00 0 dr------- \Program Files
2007-09-14 21:27:00 0 dr------- \Program Files
2007-09-14 19:37:30 0 d-------- \Config.Msi
2007-09-14 19:37:30 0 d-------- \Config.Msi
2007-09-12 18:57:06 0 --a------ \usb2scsi.txt
2007-09-12 18:57:06 0 --a------ \usb2scsi.txt
2007-08-22 07:24:49 516 --a------ \Settings.ini
2007-08-22 07:24:49 516 --a------ \Settings.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\WINDOWS\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\automenu.exe

*Newly Created Service* - ENTDRV51



-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6362 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-09-15 11:21:19 ------------

 

Put main.txt in one post, then the extra.txt in another.

 

Contents of extra log:

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 511.37 MiB / 243.89 MiB
Pagefile Memory (total/avail): 1246.54 MiB / 971.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.73 MiB

C: is Fixed (NTFS) - 33.68 GiB total, 20 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 33.68 GiB - C:
\PARTITION2 - Unknown - 3.52 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\rundll32.exe "= "C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\WINDOWS\\system32\\dpvsetup.exe "= "C:\\WINDOWS\\system32\\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*isabled:Yahoo! FT Server "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*isabled:Yahoo! Messenger "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger "
"C:\\WINDOWS\\system32\\sessmgr.exe "= "C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*isabled:RealPlayer "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\TEMP.STACY-LAPTOP\Application Data
COMPUTERNAME=STACY-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TEMP.STACY-LAPTOP
LOGONSERVER=\\STACY-LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TEMP~1.STA\LOCALS~1\Temp
TMP=C:\DOCUME~1\TEMP~1.STA\LOCALS~1\Temp
USERDOMAIN=STACY-LAPTOP
USERNAME=Stacy
USERPROFILE=C:\Documents and Settings\TEMP.STACY-LAPTOP
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

TEMP.STACY-LAPTOP (admin)
TEMP (admin)
Stacy (admin)


-- Add/Remove Programs ---------------------------------------------------------

Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe "
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "


-- Application Event Log -------------------------------------------------------

Event Record #/Type2544 / Warning
Event Submitted/Written: 09/15/2007 11:20:17 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from STACY-LAPTOP IP 192.168.1.104 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type2543 / Warning
Event Submitted/Written: 09/15/2007 11:20:17 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from STACY-LAPTOP IP 192.168.1.104 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type2542 / Warning
Event Submitted/Written: 09/15/2007 11:20:17 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from STACY-LAPTOP IP 192.168.1.104 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type2541 / Warning
Event Submitted/Written: 09/15/2007 11:20:17 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from STACY-LAPTOP IP 192.168.1.104 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type2540 / Warning
Event Submitted/Written: 09/15/2007 11:20:17 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from STACY-LAPTOP IP 192.168.1.104 user SYSTEM running VirusScan Enter 8.0 OAS)

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type73536 / Error
Event Submitted/Written: 09/15/2007 11:04:55 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type73526 / Error
Event Submitted/Written: 09/15/2007 11:04:12 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%1114

Event Record #/Type73518 / Error
Event Submitted/Written: 09/15/2007 07:14:32 AM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0012F04302B4. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type73506 / Error
Event Submitted/Written: 09/15/2007 07:08:19 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type73492 / Error
Event Submitted/Written: 09/15/2007 07:07:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%1114

-- End of Deckard's System Scanner: finished at 2007-09-15 11:21:19 ------------

 

I don't see anything that would suggest an infection.

I do see something very odd that I've never seen before.... entries such as the ones below.

2007-09-15 11:16:44 0 d-------- \Deckard
2007-09-15 11:16:44 0 d-------- \Deckard
2007-09-15 11:17:12 0 d-------- \WINDOWS
2007-09-15 11:17:12 0 d-------- \WINDOWS
2007-09-15 11:03:31 805306368 --ahs---- \pagefile.sys
2007-09-15 11:03:31 805306368 --ahs---- \pagefile.sys
2007-09-14 21:27:00 0 dr------- \Program Files
2007-09-14 21:27:00 0 dr------- \Program Files
2007-09-14 19:37:30 0 d-------- \Config.Msi
2007-09-14 19:37:30 0 d-------- \Config.Msi
2007-09-14 19:36:29 0 d-------- C:\Network Associates
2007-09-14 19:36:29 0 d-------- \Network Associates
2007-09-14 19:36:29 0 d-------- \Network Associates
2007-09-12 18:57:06 0 --a------ \usb2scsi.txt
2007-09-12 18:57:06 0 --a------ \usb2scsi.txt
2007-08-22 07:24:49 516 --a------ \Settings.ini
2007-08-22 07:24:49 516 --a------ \Settings.ini


There are a number of files and folders showing as being duplicated, yet not a clear path.

Have you used any apps to work with the disk format or file system structure, partitioning tools, etc?

 

Does this log look different? The first Hijack this was me logged on under another user and not the one I normally do (administrative).

I thank you very much for your help.

I guess my main question is still why I seem to be unable to use my own programs? No longer able to use Powerpoint, and other Office apps. System Restore says something "Windows system restore can not save you" or something that does not sound nice or fuzzy.
___________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 4:52:28 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.ml.com:8083
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\WINDOWS\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EC3FCEC-2C86-44F5-8B18-C4A4A08DF484} (ROVAUpdate Class) - http://www.ras.ml.com/rovacompany/ml/updates/rovaup2-4-116e.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189737460984
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5090/mcfscan.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\WINDOWS\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\WINDOWS\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program Files\ROVA Update\rovasrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

That log appears clean as well. Would you run another tool for me and post the log please?

dsspaths

Save it to the drive and double click it. A log will open in just a few seconds. Please run it from both accounts.

Click Start>Run and type services.msc then hit enter. Scroll down the list to System Restore Service and double click the entry. It needs to be set as Automatic startup type and started. Let me know if it starts successfully, and any error messages if it doesn't.

 

Logs will be posted shortly. Here is the error message on the system restore:

Could not start the System Restore Service service on Local Computer. Error 1114: A dynamic link library (DLL) initialization routine failed.

 

Here is log from main account I use:

AppDataCommonDir = C:\Documents and Settings\All Users\Application Data
DesktopCommonDir = C:\Documents and Settings\All Users\Desktop
DocumentsCommonDir = C:\Documents and Settings\All Users\Documents
FavoritesCommonDir = C:\Documents and Settings\All Users\Favorites
ProgramsCommonDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu\Programs
StartMenuCommonDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu
StartupCommonDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu\Programs\Startup

AppDataDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Application Data
DesktopDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Desktop
MyDocumentsDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\My Documents
FavoritesDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Favorites
ProgramsDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu\Programs
StartMenuDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu
StartupDir = C:\Documents and Settings\TEMP.STACY-LAPTOP\Start Menu\Programs\Startup
UserProfileDir = C:\Documents and Settings\TEMP.STACY-LAPTOP

HomeDrive = C:
HomePath = \Documents and Settings\TEMP.STACY-LAPTOP
HomeShare =
LogonDNSDomain =
LogonDomain = STACY-LAPTOP
LogonServer = \\STACY-LAPTOP
ProgramFilesDir =
CommonFilesDir =
WindowsDir = C:\WINDOWS
SystemDir = C:\WINDOWS\system32
TempDir = C:\DOCUME~1\TEMP~1.STA\LOCALS~1\Temp
ComSpec = C:\WINDOWS\system32\cmd.exe

 

Lastly here is the 2nd account:

AppDataCommonDir = C:\Documents and Settings\All Users\Application Data
DesktopCommonDir = C:\Documents and Settings\All Users\Desktop
DocumentsCommonDir = C:\Documents and Settings\All Users\Documents
FavoritesCommonDir = C:\Documents and Settings\All Users\Favorites
ProgramsCommonDir = C:\Documents and Settings\Stacy\Start Menu\Programs
StartMenuCommonDir = C:\Documents and Settings\Stacy\Start Menu
StartupCommonDir = C:\Documents and Settings\Stacy\Start Menu\Programs\Startup

AppDataDir = C:\Documents and Settings\Stacy\Application Data
DesktopDir = C:\Documents and Settings\Stacy\Desktop
MyDocumentsDir = C:\Documents and Settings\Stacy\My Documents
FavoritesDir = C:\Documents and Settings\Stacy\Favorites
ProgramsDir = C:\Documents and Settings\Stacy\Start Menu\Programs
StartMenuDir = C:\Documents and Settings\Stacy\Start Menu
StartupDir = C:\Documents and Settings\Stacy\Start Menu\Programs\Startup
UserProfileDir = C:\Documents and Settings\Stacy

HomeDrive = C:
HomePath = \Documents and Settings\Stacy
HomeShare =
LogonDNSDomain =
LogonDomain = STACY-LAPTOP
LogonServer = \\STACY-LAPTOP
ProgramFilesDir =
CommonFilesDir =
WindowsDir = C:\WINDOWS
SystemDir = C:\WINDOWS\system32
TempDir = C:\DOCUME~1\Stacy\LOCALS~1\Temp
ComSpec = C:\WINDOWS\system32\cmd.exe

 

Error 1114 is a relatively common error, however, there is generally a particular dll named along with it. Without knowing which dll, it becomes very difficult to suggest what needs to be done. I'm researching it is about all I can say at this point.

In the mean time, do you have an XP cd? If so, click Start>Run and type (or copy and paste) sfc /scannow then hit enter. You may be prompted to insert the XP cd. When sfc completes, please restart the computer and see if the system restore service will start, and let me know if there's any change in the All Programs list.

 

I don't, I wish I did have one. The dell laptop I use came with only a few disks. I spoke with my work tech guy earlier in the week and he may have something I can use - however I am always pestering him and figured to see if I can fix this. Not having much luck am I?

Thanks again for your assistance.

 

See if you have a folder on the drive named I386 and give it's exact location if you do.

 

Are you familiar/comfortable with the registry editor?

 

i386 is right on C:

I've been walked through stuff with registry in the past but no, not knowledgeable in regards to it.

 

Good enough!

Click Start>Run and type regedit then hit enter. Click the + signs to expand the keys (folders) and navigate to the following key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

Click the Setup key to select it, then double click the SourcePath value in the right pane. Enter C:\ and click OK. This will make sfc look for any files it needs in the I386 folder rather than ask for the cd.

Now lets check something else.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

• Click the CurrentVersion key to select it.
• Look at the CommonFilesDir value in the right pane.
• It should be a Type REG_SZ have a Data value of C:\Programs Files\Common Files
• If it doesn't, double click the entry and enter it then click OK.
• Now check the ProgramFilesDir entry.
• Again, it should be a REG_SZ Type and have a Data value of C:\Program Files
• The ProgramFilesPath should be a REG_EXPAND_SZ Type and have a Data value of %ProgramFiles%

Let me know what you find there please.