Solved

sytem restore not accessible

Posted on 2004-08-17
19
1,872 Views
Last Modified: 2007-12-19
Hello, I'm looking for help on these topics :
I am running Win XP PRO SP1 and i have different problems with this machine which has been infected. I hope to have cleaned them out, but i still have several things not working :
1 - i cannot open system restore; when i click on START>HELP AND SUPPORT, nothing happens
2 - when i boot up i get the message : "IE 6 has been removed from this computer. Do you want to erase your personal settings? " When i click no, i get the message "you must remove your current language version of IE before you install a new language version. To do this....." I removed IE and reinstalled it several times, but i keep getting these error messages. IE6 seems to work more or less (i can surf)
i tried  already fixing the registry with registry checkup, but it did not help for those topics
any help is appreciated

any ideas
0
Comment
Question by:nobus
  • 11
  • 7
19 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818357
Download
FixWinXPHelp.reg

from here

http://toniarts.com/dwnloads.htm

or

http://www.dougknox.com/xp/scripts_desc/fixwinxphelp.htm
download the fixwinxphelp.vbs file
http://www.dougknox.com/xp/scripts/fixwinxphelp.vbs

or

start > Run helpctr -regserver
-----------------------------

Both the above do the same thing and this is to set certain registry values.
To use them just double click on the file or run it like you do any of your programs or files.


this is the changes it makes


HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0

\win32
@=C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\1

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0

\HELPDIR
@=C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0

\win32
@=C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\2

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0

\HELPDIR
@=C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 350 total points
ID: 11818362
How the System Restore Utility Uses Drive Letters
http://support.microsoft.com/default.aspx?scid=kb;EN-US;287505

Information on System Restore and Password Restoration
http://support.microsoft.com/default.aspx?scid=kb;EN-US;295050

System Restore Suspended on System Drive Although Enough Space
http://support.microsoft.com/default.aspx?scid=kb;EN-US;299904

System Restore and Hard Disk Space
http://support.microsoft.com/default.aspx?scid=kb;EN-US;300044
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818367
Repair System Restore

Right click on C:\Windows\Inf\SR.inf and select
0
 
LVL 91

Author Comment

by:nobus
ID: 11818495
hello Crazyone ! thanks for the quick response - you're not sleeping !
answers to your suggestions :
http://toniarts.com/dwnloads.htm = bad link
http://www.dougknox.com/xp/scripts_desc/fixwinxphelp.htm  = engine not found
start > Run helpctr -regserver   = did nothing for me
Right click on C:\Windows\Inf\SR.inf and select    = ?? what ??
found nothing in the other links up to now

nobus
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818575
>>>http://www.dougknox.com/xp/scripts_desc/fixwinxphelp.htm  = engine not found

I am not having the problem of getting this web site and downloadin the said file

>>>Right click on C:\Windows\Inf\SR.inf and select    = ?? what ??

Select INSTAll

0
 
LVL 91

Author Comment

by:nobus
ID: 11818624
hey Crazy1,
>>>http://www.dougknox.com/xp/scripts_desc/fixwinxphelp.htm  = engine not found

I am not having the problem of getting this web site and downloadin the said file  <<<

that is ok, read carefully, it was the link above
I installed the sr.inf and it still does not open the help and support

nobus



0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818667
Ah ok it comes across as virus, try this

Double Check for viruses
Online Scanners

 Norton Web Services  
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.

When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK

======================
 Trend Micro HouseCall        
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.

If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818670
And/or

Check for adware and sypware and browser hijackers. The following link is a list of tools to try out.
http://crazyone.tekmasters.com/malwaretools.html
0
 
LVL 91

Author Comment

by:nobus
ID: 11818705
As i sai in my first post, i cleaned them out, as good as possible with all the necassary tools; i ran Hijackthis and i found no malware, but you can check it - maybe i missed something :
and when i tried to run the onlinescan from ravantivirus.com it went to the page, but did not download the engine, so i could not run it

Logfile of HijackThis v1.98.2
Scan saved at 9:53:18, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Henri\Mijn documenten\Mijn eBooks\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteoonline.be/Belgiee.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.versateladsl.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .ssc: C:\WINDOWS\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://www.ing.lu/multisecure/smartstart/retail/Win32/SmartStartSetup.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

nobus
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818755
>>>As i sai in my first post, i cleaned them out

So what? So you think that means you are clean? Huh don't bet on it. Run Spybot and AdAware and I do mean run both of them. Then run at least two online AV's. If that doesn't help then give this a try.

How Do I Do a "Repair Installation"?
http://www.dougknox.com/xp/tips/xp_repair_install.htm

Repair
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315341

Visual aid to the above procedure
http://www.webtree.ca/windowsxp/repair_xp.htm
Click on How To Run a Repair Install

You May Lose Data or Program Settings After Reinstalling, Repairing, or Upgrading Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;312369

Data Loss May Occur After Reinstalling, Repairing, or Upgrading Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;312368
0
 
LVL 91

Author Comment

by:nobus
ID: 11818780
>>>As i sai in my first post, i cleaned them out

So what? So you think that means you are clean? Huh don't bet on it. Run Spybot and AdAware and I do mean run both of them. Then run at least two online AV's. If that doesn't help then give this a try.

Crazy1 : you misunderstood, that was the first thing i ran, both of them, updated and more of those checkers and cleaners. Thanks for the links on repairing, but that is not an option, as you loose all the program settings; i prefer in that case to loose some time and do a fresh install.

But i still hope somebody brings me the light though...

points go up and will be awarded A grade for any of both questions above
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818859
>>> you misunderstood

I don't think so since you did not mention it.

>>>Thanks for the links on repairing, but that is not an option, as you loose all the program settings

Nope you do not please read the those links I provided about reparis. I am curious though where you go this idea that you would loose PROGRAM settings. If you have a true XP CD then no you will not loose those settings.

0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818923
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=64&EID=0

Symantec's award-winning solution is compatible with a range of workstations, network servers, and mail servers, including Microsoft Windows® 2003, Exchange® 2003, and Domino™ Server 6.5. It also supports Netware® Secure Console and 64-bit Intel® Itanium™ 2 hardware. Like all Symantec products, Symantec AntiVirus Enterprise Edition is supported by Symantec Security Response, the world's leading Internet security research and support organization.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11818927
oops sorry I posted the my last comment in the wrong question.
0
 
LVL 91

Author Comment

by:nobus
ID: 11819061
Crazy1 : Sorry if i was not clear enough in my first post; i said i hoped i cleaned them out, which was not very clear; my apologies.
As for repairing, i had bad experiences, but that does not mean i'm not interested in your links, and certainly now i will give them a try, after a proper backup, to be on the safe side.
the bad experiences were that after running the repair, all the installed programs and links were gone; that is to say they were still on the computer, but removed from the program list. Well, surely there was something i missed there.
BTW, since you're not sleeping, do you reside in Europe? Wa can be neighbours...

nobus
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11819119
>>>BTW, since you're not sleeping, do you reside in Europe?

Ummm no USA, just having problems about not being able to sleep. :)


Yeah sometimes (very Rare) problems do happen when doing a Repair. I cannot guarantee that you won't run into problem but the chances if you follow the instructions are very slim that you should encounter the problem you stated.
0
 
LVL 91

Author Comment

by:nobus
ID: 11819186
thanks Crazy1 for all the effort you put in this post. and sorry for not being able to sleep; maybe you can try counting EE Questions instead of sheep??
Right now I'm preparing the backup, and if nothing useful comes up in the next few hours, i'll try first the repair, and if that does not work out, the full install. (I do not mind loosing some time, but i like to find out what is wrong)

so.... still waiting for the the brilliant suggestion

nobus
0
 
LVL 3

Expert Comment

by:G3m1n1
ID: 11825382
Were you able to get to System Restore?  It is also in Start -> Programs -> Accessories -> System Tools
Also, check in your registry in the keys:

HKLM:\Software\Microsoft\Windows\CurrentVersion\Run
HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Look for programs that you do not recognize and search them on google.  You might have a program that is starting up every boot that is not found or is not removable by ad-aware or spybot.
0
 
LVL 91

Author Comment

by:nobus
ID: 11828097
Points go to Crazyone; and the repair did not loose my program settings (one thing learned)
I was able to access system restore, and most thingies worked, except the NAV which i could not install, or uninstall; so i'm busy now reformatting the system.

Thanks Crazy1

nobus
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now