[greatmightypoo]

I recently went to open System Restore to create a manual backup when I was greeted with this message:

After I clicked on the "Click here" I got this:

And I have attached the log file that was created. Thank you for any help or guidance. By the way I have opened and ran system restore a while ago and it worked fine.

Attached Files

•  4671_appcompat.txt   7.06KB   126 downloads

[Advertisements]

Hi greatmightypoo!

Please right click this LINK, choose SAVE LINK AS or SAVE TARGET AS, and save it somewhere on your computer where you will remember where it is located. Then find the file on your computer and double-click it to run it. Click YES to the warning: Are you sure you want to add the information in FILE LOCATION HERE\sysrestoreenable.reg to the registry? Then reboot your computer and once rebooted see if System Restore works again.

Fenor

[Fenor]

Hi greatmightypoo!

Please right click this LINK, choose SAVE LINK AS or SAVE TARGET AS, and save it somewhere on your computer where you will remember where it is located. Then find the file on your computer and double-click it to run it. Click YES to the warning: Are you sure you want to add the information in FILE LOCATION HERE\sysrestoreenable.reg to the registry? Then reboot your computer and once rebooted see if System Restore works again.

Fenor

[greatmightypoo]

I added it to the registry successfuly, restarted, and tried it again and got the same error.

[Fenor]

Please go to START-->RUN and type sfc /scannow, noting the space between SFC and /SCANNOW. This will run the built-in System File Checker, which will check your operating system files to see if any are missing/corrupt. If it finds any, you may be asked to insert your Windows XP CD. Do so if so asked. Once the blue bar has gone away reboot your computer and post back how things are going and we will continue from there.

Fenor

[greatmightypoo]

Okay I ran through the system file checker. I had to keep hitting retry even though my XP disc was in there. Anyway the bar moved up slowly until it was at 100% and disappeared. I restarted Windows, logged in, and got the same error message when I tried to open it.

[Fenor]

Lets take a look at what is starting up when your computer does. Please download HiJackThis (from the link in my signature) Install it, and double-click on the HiJackThis.exe icon. On the first screen click on Open the Misc Tools Section...on the next screen, click on the Generate StartupList log button and post a copy of the log here. You need not check either of the boxes next to this button.

Fenor

[greatmightypoo]

Okay here it is:

StartupList report, 3/11/2006, 9:45:02 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Scott\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\avgamsvr.exe
D:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\avgcc.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Scott\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe
PowerReg Scheduler.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC = D:\PROGRA~1\AVG\avgcc.exe /STARTUP
A Verizon App = C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
Motive SmartBridge = C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Macro =

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ALLSAV~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\proxyspd.dll - {1DC9D850-044D-11E1-B3C9-00805E499D93}
(no name) - C:\WINDOWS\pxwma.dll - {58F07DD3-924D-4141-BC74-299F523A95F1}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

THX - WORLD'S DEEPEST BASS(Extreme Woofer test).job

--------------------------------------------------

Enumerating Download Program Files:

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = https://activatemyds...oad/tgctlcm.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 5,501 bytes
Report generated in 0.731 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Fenor]

Right-click MY COMPUTER and select PROPERTIES. In the new window that appears, click on the SYSTEM RESTORE tab. check the box that says Turn off System Restore on all drives. Then click APPLY and click YES to the warning about turning off System Restore. Then, with the same window still open, uncheck the turn off System Restore on all drives checkbox. Click APPLY again and OK.

Navigate to C:\Windows\System32 and rename ssrstr.dll to ssrstr.xxx.
Window File Protection should replace it.

Next navigate to C:\WINDOWS\system32\Restore and rename
rstrui.exe to rstrui.xxx. It should also be replaced.

Now try to start System Restore.

Fenor

[greatmightypoo]

I couldnt even get past the first step. As soon as I clicked on the system restore tab I got this:

Then after I clicked on the "click here" this came up:

and the error log to that has been attached.

Attached Files

•  cfb0_appcompat.txt   17.69KB   99 downloads

[Fenor]

Just do this part and don't bother with the disabled system restore part:

Navigate to C:\Windows\System32 and rename ssrstr.dll to ssrstr.xxx.
Window File Protection should replace it.

Next navigate to C:\WINDOWS\system32\Restore and rename
rstrui.exe to rstrui.xxx. It should also be replaced.

Now try to start System Restore.

Fenor

[greatmightypoo]

THANK YOU !!

Although I did not have the first file, when I renamed the second it created another rstrui.exe which worked!

Is there any reason why this all got messed up to begin with?

[Fenor]

It's possible that you have some kind of malware infection. If wouldn't be a bad idea to go to the Malware Forum and have one of the experts there check out your Hijackthis log.

Fenor

[greatmightypoo]

Allright thanks for all the help .