Problems with System Restore 1

[travelingman]

It would be much appreciated if someone could lead me in the right direction. After returning home from a business trip...the family computer has not been operating properly (and nobody has confessed to any wrong doing). All my end-user programs are shutting off in the middle of their operations and for some reason, I cannot connect to the internet using my SBC Home-portal. I`ve tried to run the system restore to correct any subterfuge that may have occured during my absence, but I am unable to restore my computer to any of the prior dates indicated on the system restore calender. The funny thing is....is that the system restore function goes through the whole process...it tells me that the computer is being restored to the settings of the specified date, and that it must shutdown in order for these settings to be recognized. Once the computer reboots, I get a reading that indicates (the computer is unable to restore these settings to the date selected, please choose another date). Any Einstein`s out there who might have a clue of what I am dealing with?

System specs: Pentium4 (2.26GHz) 512MB of RAM, Operating System: Microsoft WindowsXP version 2002. I am also running the latest version of Mcafee virus scan

 

[SYAR2003]

?
Setup restricted users

 

[linney]

System Restore will not be able to restore your system to any point (or time) where your computer configuration is/was faulty. It can only restore to a fault free configuration.

Q302796 - Troubleshooting System Restore in Windows XP

http://support.microsoft.com/support/kb/articles/q302/7/96.asp

http://msdn.microsoft.com/library/d...y/en-us/dnwxp/html/windowsxpsystemrestore.asp

If System Restore is unable to help you try these alternatives.

Try running ChkDsk to check your drive for errors. Right click your Drive icon/ Properties/ Tools/ Error Checking.

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

HOW TO: Verify Unsigned Device Drivers in Windows XP

http://support.microsoft.com/support/kb/articles/q308/5/14.asp

If they don't work you could try repairing windows itself by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

http://support.microsoft.com/support/kb/articles/q315/3/41.asp

You can remove all your restore points except the most recent restore point by running the Disk Cleanup tool and selecting "More Options". A repair installation may remove them anyway.

Lastly, follow "SYAR2003" excellent advice.

 

[bcastner]

Start your computer in Safe Mode, no networking.

NOTE : You must log on as the administrator or a user that has administrator rights.

Start, Run, CMD
c:\windows\system32\restore\rstrui.exe

Follow the instructions on the screen to begin restoring your computer.

If no joy, I honestly suspect you have caught a trojan/worm/virus or some other malware.

Download and then copy to floppy disk or CD Rom Hijack This! (it can easily fit on a floppy):

http://www.spywareinfo.com/articles/hijacked/#removal

Install it from floppy or CD to the problematic system, run the scan, and accept the fixes suggested.

Reboot. See if you can access the internet now.

 

[travelingman]

Hey Techi`s
Thanks for all your input

 

[bioboy]

I am having the same problem after my son's PC has been crashing sporadically. Downloaded Hijack This, which produced the following log:
Anybody see anything dodgy? Thanks for any help.

 

[bioboy]

Whoops! Here's the log from Hijack This!
Logfile of HijackThis v1.97.7
Scan saved at 15:48:19, on 06/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Saitek\Software\Profiler.exe
D:\Program Files\Saitek\Software\SaiSmart.exe
D:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\WildTangent\Apps\GameChannel.exe
D:\WINDOWS\wt\updater\wcmdmgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\System32\ctfmon.exe
D:\Documents and Settings\Jack Ling\Desktop\HijackThis.exe
D:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.runescape.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Profiler] D:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] D:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WT GameChannel] D:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] D:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GameSpot] "D:\Program Files\Kontiki\bin\kontiki.exe" -s GameSpot -q
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration-Studio 8.lnk = D:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: D:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://207.188.7.150/03dfac29cccae38a3f14/netzip/RdxIE601.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -

http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37681.0505787037

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -

http://www.wildtangent.com/install/wdriver/ddc/gamespy/virtualwarfare/wtinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[SYAR2003]

You have a lot of stuff here on your system, could you first please run Spybot. Ensure that it is up to date. Then run a scan and fix any problems. When you have done this please reboot and run a fresh HijackThis scan. Once done please post the log here.

http://www.spywareremove.com/spyboot/spyboot.html

 

[dataccount]

I came across this thread while looking for the reason my own system restore was not working. After trying many different methods, "BCASTNER" provided the solution that worked for me - SAFE MODE!

Thanks, and here's a belated star for your input.

 

[iron32]

You may have an issue with spyware or adware. I've seen some nasty spyware and spyware has been known to cause conflicts with your other programs. I would recommend downloading Spybot search and destroy, security.kolla.de, and scan your system for spyware. You can also try ad-aware, a similar program, from

http://www.lavasoftusa.com

to try and remove spyware. Also if you go to start menu, then run, type in msconfig . This will bring up a properties box with tabs pertaining to what loads during startup of windows. Click on the startup tab on the far left of the box, and look through the list of programs that are loading at startup. If anything is loading that does not have a proper name or just shouldn't be loading uncheck it. Especially remove things like realplayer, quicktime, and etc. those really slow down a PC and are unneeded at startup. Hope this helps.

 

[bcastner]

dataccount,

Glad you got System Restore sorted.

Malware is usually not a cause of a system restore failure, but system restore certainly plays a role if recovering from malware.

My FAQ discusses this and other issues, and is a reasonable starting point faq608-4650

 

[mindful]

It worked for me as well. My boss phoned me with problems getting system restore to work on her home PC, same symptoms as Travellingman. Once I'd talked her into safe mode it worked like a dream. Thanks Bcastner.

Chris.

 

[bcastner]

mindful,

A very warm welcome to Tek-tips.

In safe mode, with System Restore disabled, just do faq608-4650

It really bothers me the amount of malware floating around at the moment, and it makes me happy that you found for your boss at least some relief.

Best wishes,
Bill Castner

 

[tjw2005]

Bill,

I'm having the same problem with System Restore.

Regarding:

In safe mode, with System Restore disabled, just do FAQ608-4650

When I click the link I get this message:

The page you tried to access was not found on the server. It may have been moved or deleted.

Could you please repost FAQ 608-4650 or let me know how to access it?

Thank you.

Ted

 

[bcastner]

tjw2005,

I am so sorry the link does not resolve, try:

http://www.tek-tips.com/faqs.cfm?spid=608&sfid=4650

Sometimes the site has a hiccup, and a link will not resolve. The link worked for me as I just tested it.

I used a thirty day trial offer for a web meter utility to watch references to that FAQ and some others. I was stunned to see it report between 10-to-15 thousand links per month. It needs updating, and a decent spell check.

But other than abashed, my original links should work.

Best,
Bill Castner