blank restore screen-malke please

[Guest]

i'm unable to use for reply link on the previous question. i ran the
hijackthis and configuration startup list. here are those logs and then maybe
you will see something i need to change or fix. thanks for your time.
Logfile of HijackThis v1.99.1
Scan saved at 3:06:48 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Baseline Security Analyzer\mbsa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\PROGRA~1\CAMUNZ~1\cuz.exe
C:\DOCUME~1\MYLENE~1.000\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program
Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
Online, Inc. - C:\WINDOWS\wanmpsvc.exe


23 Free Solitaire
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Anonymizer Toolbar
AOL Instant Messenger
AT&T Connection Services Manager
Avance AC'97 Audio
Bazooka Adware and Spyware Scanner
Bejeweled Deluxe 1.6z
BigFix
BPS Data Shredder 1.3.0.0
CAM UnZip
chocRiver Screen Saver
CNET Download Manager
CompuServe
Conexant SoftK56 Modem(M)
Error Nuker
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hoyle Classic Games
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HyperLoad
ICQ
Intel(R) Extreme Graphics Driver Software
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Data Access Components KB870669
Microsoft Office PowerPoint Viewer 2003
Microsoft Windows Journal Viewer
Microsoft Works 6.0
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
Netscape 6 (6.2.1)
Photo Story 3 for Windows
PicPerk 5.0
Post-it® Software Notes Lite Version 2
PowerDVD
Privacy Guardian 3.2
QuickTime
RealArcade
RealPlayer
Registry Medic 2.99.2 (Build 526)
SECRETMAKER
Sierra Utilities
Spybot - Search & Destroy 1.3
SpyHunter
Spyware Doctor 3.1
Support.com Web Controls
The Oregon Trail
Turbo Lister
Ultimate Mahjongg 5
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger

 

[Malke]

pips99 wrote:

See my comments inline:

i'm unable to use for reply link on the previous question.

You need to learn to use a newsreader. Since you didn't post to your
original thread, I really have no idea who you are, what your problem
was, or what has already been suggested. There are many good
newsreaders for Windows, but you can use Outlook Express since you
already have it.Once you get your computer straightened out, here is
information on using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlookexpressnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/default.aspx?scid=/support/news/howto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm

http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

i ran the
hijackthis and configuration startup list. here are those logs and
then maybe you will see something i need to change or fix. thanks for
your time.

The reason I said *not* to post your HijackThis log here (and I know I
said that because I always include that in my malware removal steps) is
because going through HJT logs is a time-consuming process and you
simply will not get the attention and intensive help that is necessary.
I will make a few comments about some of the entries, but you need to
post your HJT log at *one* of these fora:

http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

This is from RealPlayer - legit but unnecessary

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

If you use MSN Messenger constantly, fine. Otherwise don't have it
running

C:\Program Files\MSN Messenger\msnmsgr.exe

This is Internet Explorer. Were you using IE when you ran the scan? You
shouldn't have been, because you are supposed to do all scans in Safe
Mode, so something is wrong here

C:\Program Files\Internet Explorer\iexplore.exe

In fact, it doesn't look like you ran this scan in Safe Mode at all,
because otherwise none of these items would be running

C:\Program Files\Microsoft Baseline Security Analyzer\mbsa.exe
C:\WINDOWS\system32\wscntfy.exe

No reason to be using this

C:\Program Files\BigFix\BigFix.exe

Or this registry cleaner - bad idea

C:\Program Files\Error Nuker\bin\ErrorNuker.exe

Does CAM Unzip ring a bell? Why should it be running?

C:\PROGRA~1\CAMUNZ~1\cuz.exe

You've got a lot of cr*p installed on your hard drive. It looks like you
clicked on every "optimize, anonymize, and screw up your pc" banner
that came your way. Things I'd question:

23 Free Solitaire - Is this shareware? Supported by ads?
Adobe Download Manager 2.0 (Remove Only) - unnecessary
Anonymizer Toolbar - Is this shareware? Supported by ads?
BigFix - unnecessary
BPS Data Shredder 1.3.0.0 - Is this shareware? Supported by ads?
CAM UnZip - I'm unfamiliar with this program. Is this shareware?
Supported by ads?
chocRiver Screen Saver - Is this shareware? Supported by ads? Did it
install spyware? Was there a EULA?
CNET Download Manager - unnecessary
Error Nuker - registry cleaners are unnecessary and sometimes harmful
HyperLoad - Is this shareware? Supported by ads?
PicPerk 5.0 - Is this shareware? Supported by ads?
Privacy Guardian 3.2 - Is this shareware? Supported by ads?
Registry Medic 2.99.2 (Build 526) - see comments about registry cleaners
above
SECRETMAKER - Is this shareware? Supported by ads?
SpyHunter - see MVP Eric Howes' comments about this program here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#de-listed
Spyware Doctor 3.1 - not familiar with this, was it shareware? Supported
by ads?

For someone who is apparently concerned with covering his tracks, you've
certainly downloaded a lot of questionable programs. You need to run
HijackThis in *Safe Mode* and post your log to one of the fora. I
highly recommend the AumHa forum, but all of the links I gave you are
good.

Malke