system restore is back, but other things not

Hi,
We noticed our first problems with our computer (using Windows XP) when my husband was using ebay and he couldn't open some of the pages because of something called yieldmanager. The volume control button keeps disappearing from the taskbar and when I go into volume contol none of the buttons are able to be clicked. The email wasn't working before I did some of the scans, but it is back, for now. The homepage kept getting changed from google.com to microsoft.com. It appears okay now. I also couldn't use the search function, it showed up as a half white and half blue page with a brown dog on it. It appears to be okay for now. I couldn't use the printer. It appears to be okay for now. I would try to open up system restore, but it only opened as a white box. Now it shows up. I would open up User Accounts in Control Panel and it would be a white box. Now it is back. I don't know what has happened to make the good changes, but I'm also afraid that it can just as quickly go back the other way.
Here is what I have done:
I removed programs that I no longer use.
I used CCleaner and removed items and fixed the registry.
I downloaded and installed ComboFix and had it do a log for me.
I downloaded and installed MGtools.exe and had it do a log for me.
I downloaded and installed Superantispyware and had it do a log for me.
I only have ZoneAlarm as the only thing in my taskbar.
I used Diskeeper Lite and defragged my computer.
I removed any malware using Add/Remove.
I uninstalled Sun Java and downloaded the most recent Sun Java.
I set MSConfig to normal startup.
I emptied the recycle bin.
I enabled viewing of hidden files.
Please let me know if I had done what I needed to do to get my computer back working like it should. It has been terribly slow. When I would enter my password on my account and open my account, it would take about 3 minutes to do that. I tried to really pay attention to what I needed to do from information recieved from Major Geeks.
I'm so thankful that you all are here and albe to help. It sure means alot to someone like me who tries to "first do no harm" to my computer.
Thank you for any help that you can offer.
Ruth Ann Crossett

 

Dear chaslang,
I did as you asked in your last post.
I did the fix that you asked me to do in HJT.
I copied the bold text and saved it to fixme.reg and then I ran the MGtools and attached the file. Almost at the end of the scan an exception appeared and it said:
Process DLL.exe- Common Language Runtime Debugging Services.
Application has generated an exception that could not be handled.
Process id= Oxb28 (2856), Thread id=Oxa6O (2656).
Click OK to terminate the application.
Click CANCEL to debug the application.
I clicked Cancel.
Then the following box appeared:
Process DLL.exe- No debugger found.
Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0X2 (2). Please check computer settings.
cordbg.exe !a OxcdO
Click on retry to have the process wait while attaching a debugger manually.
Click on Cancel to abort the JIT debug request.
I clicked Cancel.
I am still having trouble with the volume control shortcut disappearing from the taskbar every time the computer is turned off or accounts changed. When I go into the Control Panel and check the volume icon, I'm not able to click on anything. So, we don't have sound.
Can I safely run SUPERantispyware, Adware 2007 and Spybot Search and Destroy with Zone Alarm Internet Security Suite 2007?
You had asked before what order I did some of the computer clean up because you said that it mattered. Here is the order that I remember to the best of my ability:
I did the computer maintenance first.
I checked Add/Remove for any game or utility or toolbar I wasn't using and I removed it.
I cleaned the hard drive and removed invalid registry issues using CCleaner.
I defragged the hard drive using Diskeeper Lite
I rechecked Add/Remove for the list of Malware on Major Geeks-none were shown.
I uninstalled all old Sun Java versions and update it.
I used msconfig to set startup mode to normal instead of selective.
I couldn't find any quarantine files to remove.
I emptied the recycle bin.
Since I had already downloaded CCleaner, I just ran it again but I hate to say that I just now saw that I needed to log into the other accounts on my computer.
I enabled viewing of hidden, system files and file extensions.
Followed the Windows XP Cleaning Procedure:
Downloaded SUPERAntispyware
Downloaded Spybot-Search and Destroy
Downloaded combofix.exe
Downloaded MGtools.exe
Installed SUPERAntispyware, ran it and got the log.
Installed Spybot-S&D and ran it.
Ran Combofix and got the log.
Ran MGtools and got the log.
Does my computer look any better to you? Is there any way to get the Windows Vista files off the computer. You asked what was installed on 2-24-08 because you saw GoBit Games and Cat's Eye Games. I'm sure that came from me because I had gone to Big Fish Games and was trying a 1 hour tryout of a game called Lucky's Rainbow. I certainly didn't want those two things installed and I also didn't know that they had been installed. Is there any way to get rid of them too?
Thank you so much for your expertise. It means so much to be able to ask someone for help and be able to trust what information that they give.
Ruth Ann Crossett

 

I'm probably not doing this the right way, but I have gone onto 4 other accounts on my computer and I'm not able to use the search function on any of them or the system restore. They show up as white boxes. I'm also not able to download CCleaner to clean those other accounts in each account.
Don't know what is going on here.
Thanks for any information you can give me.
Ruth Ann Crossett

 

Chaslang,
I copied and pasted each of the items you asked me to and after the last one I got this message box:
mshtml was loaded, but the DllRegisterServer entry point was not found.
mshtml does not appear to be a .DLL or .OCX file.
It hasn't made a difference in the sound properties coming back, also I'm the only account out of the 6 accounts on our family computer that has the ability to use the search function. Everyone else just has the half blue and half white box that shows up.
It does appear that our computer is working alittle faster. Thanks to you!
Since you say that it is not a malware problem, but a OS problem, were you saying that you wanted me to start posting to the Software forum? I'm not sure I want to leave your expertise, but I will if you want me to.
You asked why I edited my earlier posts and deleted the logs because you couldn't refer to my previous log for ComboFix or see anything else that has changed....I didn't even know that had happened. I'm really sorry.
You also asked about Ewido AntiSpyware. I don't see it in my Add/Remove. We used to use some free AVG stuff awhile ago, but this was news to me that it is running on our computer. I didn't know and I also don't want it running.
I really do appreciate all that you have been doing to help me. I also apologize for some of the things that I have ignorantly done that have made your job much harder.
Ruth Ann Crossett

 

Chaslang,
Please find attached the Word document that shows all the information about mshtml.dll files on my computer. Let me know if what I sent was what you needed.
I also did as you asked about the Ewido anti-spyware. Good to have that gone!
I rebooted and here is the MGlogs log.
Thank you again for the time and brains that you have been spending in my behalf. I really appreciate it!
Ruth Ann Crossett

 

Chaslang,
I did as you asked to copy and paste each one at a time and nothing seems to have changed. After the last one, I got a message box with RegSvr32 as the title and it said," mshtml was loaded, but the DllRegisterServer entry point was not found. mshtml does not appear to be a .DLL or .OCX file. " I think that was the same message I got last time after I ran the last one.
I went around to the different members of my family last night and asked them if they were able to use the computer like they used to or if they were experiencing anything out of the ordinary.
About a month ago, our Internet Explorer icon disappeared off of everyone's desktop.
No one, except for me, has the ability to use the Search function.
We are able to open the Sound icon in Control Panel, but aren't able to click on anything. Our volume shortcut disappeared from the taskbar.
Our clock has just changed itself to a military 24 hour clock and it won't let me change it back.
Sometimes when Internet Explorer is opened and you go to a page to look at something, then at the bottom, one after another pages will begin to open by themselves, sometimes up to 30 or 40. There might have been more, but we never let it go that long.
Since I have absolutely no idea how these things have changed, I certainly have no idea how to change them back...but I am willing to work on it. Thanks again for your help!
Ruth Ann Crossett

 

Chaslang,
I have been out of town and have just now read your latest thread. I think the clock is now fixed...thank you! No one changed it, it just changed itself...how does that happen?
I also ran the sfc /scannow. It didn't ask me for my Windows XP SP2 CD and I'm glad, as I don't have one. I did reboot and nothing seems to have changed.
My account and time spent on internet explorer seems to be better than everyone else's account on my computer. They still don't have the ability to search for files.
As of this afternoon (the sound was was fine this morning), I don't have the ability to open the sound icon in control panel and it has disappeared from the taskbar. I also noticed that instead of what is normally listed in the boxes (SoundMAX Digital Audio) it now says Modem #7 line. This occurred without anyone using the computer.
My husband now says that his Windows Media Player 11.0 won't open. He did uninstall it and reinstalled it and it didn't help.
Everyone is complaining how slow the computer is and they are starting (and rather heatedly) to say that we ought to reinstall Windows XP on our computer. Isn't that done as a last defense? I didn't think it was the solution for a slow running computer that has lost some of it's functions.
I will continue to work on the computers problems as long as you need me to.
Thanks again for your help so far.
Ruth Ann Crossett

 

Chaslang,
I turned the computer off this afternoon and when it started, it started the CHKDSK on it's own when it came back on. It said it was checking the file system on C: The type of the file system is NTFS. The volume is dirty.
Does this mean anything important?
Ruth Ann Crossett

 

Chaslang,
For awhile our volume control button was on and staying in the taskbar where I wanted it to be. Now whenever I want sound on the computer I have to go to Add/Remove and remove "Conexant D850 56K V.9x DFVc Modem". Then I go to Add Hardware and the Add Hardware Wizard comes on and lists all the new hardware (sound) that I'm adding. It lists two things:
"Conexant D850 56K V.9x DFVc Modem" and "Modem Audio Device". Then the sound is back on the computer and in the control panel I can access the sound icon and make changes. Once I turn the computer off, the sound goes away until the next day when I have to do that process all over again or else use the computer without sound. Is this in any way related to the other problems that I'm having?
Thanks! Ruth Ann Crossett

 

Chaslang,
I did as you asked and was told that C: was not dirty.
I also looked at the Task Manager and it looks like the System Idle Process is the only one that is hogging CPU. It is usually above 80.
I don't know if that is what you needed.
Do you want me to move along to the Software forum?
You have been very helpful and have spent alot of time doing it. Thank you!
Ruth Ann Crossett

 

Chaslang,
It looks like:
Scanning Process is #1
MsMpEng.exe is #2
vsmon.exe is #3
MSASCui.exe is #4

Of course there is some fluctuation but for the most part that appears to be what is using the most CPU.
Ruth Ann Crossett

 

Chaslang,
I have no idea what Scanning Process is. I don't open Task Manager on a regular basis and of course I have no idea what is supposed to be there and what isn't.
I used Add/Remove and removed Windows Defender.
Are you saying that ZoneAlarm Internet Security Suite 2007 is resource greedy? Of course this is one of those things that my husband recently bought for our computer. It has an anti-virus program in it, so that is what we use. It also has it's own firewall.
I also don't know what a sticky thread is or how to get to "How to protect yourself" sticky thread. Please let me know how to get to it.
Thanks!
Ruth Ann Crossett

 

Chaslang,
I downloaded Process Explorer and I'm attaching the process list as you asked. I forgot to tell you that we are also getting the following message on a regular basis:
Generic Host Process for Win32 Services has encountered a problem
Does that mean anything?
Thank you for explaining about sticky notes. I printed off the 7 pages of how to protect yourself from malware and will sit down and read it. It is a great service that you are doing....I hope you know that.
Thanks again!
Ruth Ann Crossett

 

Chaslang,
Thanks so much again for all your help. I will now move along to the Software Forum knowing that I don't have Malware on my computer.
Ruth Ann Crossett