[Dinofish]

I have seen that with XP Pro but not on the Home Edition (or at least not the one that I have). But to answer your question, no I do not get that option. It just kicks me out.

[Advertisements]

But you did have System Restore enabled on that computer?
Or did I already ask that

[Metallica]

But you did have System Restore enabled on that computer?
Or did I already ask that

[Dinofish]

Yes system restore was enabled. Back in my first post I described the symtoms and the steps I took to get rid of this virus. I turned system restore off, ran the antivirus and then turned it back on. I thought I had it until I antivated Ad-ware. Somehow it attached itself to it and the process started again. I think that by uninstalling adware that's what killed the OS.(???)

I have also noticed that I have lost my rights to my "owner" account. Admin and all other accounts are okay. Probably all tied to the virus?

[Metallica]

Is the program you used called AdAware?
Hoping you miss-spelled it

In that case find:
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
and doubleclick it.

Click the icon with the lock and see if there is a backup availaable of the last cleaning run.

Select it and click Restore.

Let me know if that helps.

Regards,

[Dinofish]

I un-installed Lavasoft Ad-aware program, so I won't be able to activate it. But I'll double check for backups and let you know later tonite what I find.

[Dinofish]

All Ad-Aware programs including backups have been removed. I think even if they were still there, I could not use them because I can't get in.

A blip of a blue error screen is now appearing (again). When I was able to read this (in the beginning of the virus attack), I looked up the error message and it pertained to the registry being corrupt. Unfortunately I don't have enough time to read it before the system reboots.

[Dinofish]

Last night I think I narrowed my boot up problem to be the system hive. Because the virus deleted my repair\system hive, I loaded the bad hive to see what was there. There were 16 ControlSets (ControlSet000-ControlSet015) with no CurrentControlSet. ControlSet000's main objective pointed to the Lavasoft Ad-Aware program of which I uninstalled. Is there something I can do to manipulate this hive into jump starting my system?

[Dinofish]

Last night I think I narrowed my boot up problem to be the system hive. Because the virus deleted my repair\system hive, I loaded the bad hive to see what was there. There were 16 ControlSets (ControlSet000-ControlSet015) with no CurrentControlSet. ControlSet000's main objective pointed to the Lavasoft Ad-Aware program of which I uninstalled. Is there something I can do to manipulate this hive into jump starting my system?

[Dinofish]

Sorry 'bout the double post...

I'll be more careful next time

[Metallica]

No problem.

I'll have to ask if the option you proposed is a viable one and how to best proceed.

I'll get back to you.

Regards,

[Metallica]

Answer from one of our "supertechs"

The CurrentControlSet key is actually a copy of the ControlSetxxx, which was used to boot Windows, and it is not created until Windows does a successful boot.

You could try the following M$-KB article:
http://support.micro...kb;EN-US;307545

Keep us posted,

[Dinofish]

I have already tried this. The problem is I do not have a system hive in the repair folder. So therefore it does not work. I've even gone as far as pulling the hives from system volume information\snapshot, but these file do not go back far enough in time.

Do you think, if I were to get the hives from a different XP home edition box (same computer) that would work? I have tried to copy the XP Pro hive files over and I was only able to get into safemode. While in there, things did not look right. I did not feel I was truely in on the bad side, so I got out.

I haven't given up yet and I'm hoping you guys can still help. Otherwise I'll probably have to reformat.

[Metallica]

One of the Trusted Techs said we should have replaced all the registry hives.

http://support.micro...kb;en-us;307545

Note Make sure to replace all five of the registry hives. If you only replace a single hive or two, this can cause potential issues because software and hardware may have settings in multiple locations in the registry.

Since you didn't find all of them, this may be a mission impossible.

Regards,

[Dinofish]

I would replaced all 5 if I had them.

So are you saying I have to reformat? There is nothing left to try?

[Metallica]

Let's wait for a few more suggestions from the Trusted Techs.

This is not a field I excell in, so I'm hoping someone will come up with a good idea.

Regards,