i usually use my system restore about once a week, but i havent used it in about a month. in that months time ive downloaded game demos, patches, mods, and video; all pretty much related to pc gaming. now when i go to use system restore it seems like its not working. i have 2 restore points for November, that were system checkpoints, and i cant go to any previous months to be able to restore from an earlier time. i may have some sort of virus. what do i do?

thanks
Dave

Welcome to the PC Guide forums!
I moved this to Windows forum for now. If you think your PC is infected, you should try an online scan at Housecalls and download Ewido Suite free trial.
http://housecall.antivirus.com/housecall/start_corp.asp
http://www.ewido.net/en/

thanks, will do that.

Dave

Hi and welcome to the great and wonderful PC discussions forums a place to find all the answers you will ever need. However, I do not know the answer to your boggle except that you may have a virus :confused:


Suenote :)

Write to PrntRd he has a Biography in Network+Certified he can have the answer to your problem, I am sure of it :)

ok i tried the two links you provided, only the 2nd one worked (ewido). it got rid of a lot of spyware and other malicious programs. but then i check my system restore, to see if i can go to the previous months, again no luck. can anybody cycle through their months? im wondering when its a new month, can you only restore from the month you are in? i dont think thats whats going on, i should be able to view all the previous months. maybe the ewido program didnt get rid of the virus. any ideas on what i should do next?

Thanks
Dave

First you have to get the infection cleaned, then delete the infected system restore points, then make new restore points.

On the Housecalls link, you should be using IE only.

umm, IE?

Dave

Using Internet Explorer browser...

Also download a small program called HiJackThis v 1.99.1 from here:
http://www.lurkhere.com/~nicefiles/index.html

HJT comes as a zip file, you unzip it into a folder, then click the exe file. You scan the PC with HJT, and make a log into NotePad. Copy and paste that log here in sections if necessary. This will help us see what is going on in your PC.
Do wait for the expert readers to examine the log and do not try fixing anything with HJT as most items are necessary to Windows function.

i am using IE. i tried the 1st link u provided and now its doing the scan now. i will probably not have time tonight to do the HiJackThis program, but i will try tomorrow.

Thanks
Dave

You are welcome, post back here with what Housecalls found and the HJT log.

you might wanna try spybot S&D and/or AdAware to check for more spyware. They are easily obtained at www.download.com (http://www.download.com)

Actually, using Spybot and/or Ad-Aware is not a bad idea, but please use the direct links in my signature rather than a mirror site...

first of all i would suggest you to update ur anti-virus definitions, then i would suggest you to disable the option to automatically create a restore point, boot in safe mode and then i would recommend you to perform the system restore, try and let us know !!

This is what i got from HJT. the housecalls scan was taking too long.

Dave

Logfile of HijackThis v1.99.1
Scan saved at 5:06:45 PM, on 11/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 6.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\dave\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 6.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icwpcEXE] C:\PROGRA~1\IMAGEC~1\icwpc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - [url]http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/137ccacb8e73ce2e0405/netzip/RdxIE601.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

This seems to be the only bad item in the log... Please open an HJT scan and put a check by:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/137ccac...ip/RdxIE601.cab

Close all open windows except HJT and press Fix checked....

If HouseCall was taking a long time, that may be because it was finding problems... How long was it running?? The item noted is unlikely to cause a problem with System Restore... Did you reset System Restore??

There are other scans that may need to be run, but I would finish that HouseCall scan first....

how do i reset sys restore? Dave

Turn off System Restore
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Turn on System Restore
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

well i "reset" system restore. for november i had 2 restore points, now its december i can cycle between the two. but since i reset sys rest. it erased the two i had for november, now i believe that all the other restore points were lost as well. now its pretty much pointless to try and restore back to those previous dates where my computer was working properly. i guess i have to reformat. yay!!

Dave

You had to clear out System Restore because it was infected... If we can get you cleaned up now, you can set a clean Restore Point...

Are you still having problems?? If so, please provide details... You never answered my earlier questions... We can probably clean this up without having to reformat/reinstall, but you need to help us understand what you have done and what is happening with your computer...