can't restore

  • Thread starter Thread starter Andreas
  • Start date Start date
A

Andreas

I was using the online webscanners from Trend Micro
HouseCall and Panada Security. Now, my winXP is
screwed and I can't get things back.

When I try using the Restore function, nothing happens.
I select the date, click Next, get a popup message
about certain drives being disabled [which I've done],
click OK, then I get to the confirmation screen. I
click Next, but nothing happens. I keep trying and
trying and still nothing.

Would anyone have any suggestions on what I should do next.

Thanks

Andy
 
I was using the online webscanners from Trend Micro
HouseCall and Panada Security. Now, my winXP is
screwed and I can't get things back.
When I try using the Restore function, nothing happens.
I select the date, click Next, get a popup message
about certain drives being disabled [which I've done],
click OK, then I get to the confirmation screen. I
click Next, but nothing happens. I keep trying and
trying and still nothing.
Click to expand...

Reboot your pc and see if this fixes your problem. If not check this:
Click 'Start' then click 'Run...' then type (or copy/paste) "devmgmt.msc"
(w/out quotation marks) into the box, then click the 'OK' button.
In the 'Device Manager' panel check 'Device status' of any drive which may
be disabled (left-click then click 'Properties').

Good luck :)

FYI and future reference:
There aren't any 'good' on-line scanners out there! On-line scanners are
the most unsafe and next to useless. Because by the time you've started
your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.

Other reasons to stay away from on-line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.
3.Scanning should be performed while off-line.
4.Vulnerabilities in several virus scanners
http://www.heise-online.co.uk/secur...n-several-virus-scanners-Update--/news/112301

Also, according to Trend Micro, a surfer using a search engine such as
Google, with a search string such as, ´free online virus scan by Trend
Micro¡, can end up on a spoofed version of HouseCall by clicking the link
returned by Google. Not surprisingly, the spoofed site informs users their
computers are infected with malware, and then teases them to purchase a
fake anti-virus application in order to remove the fake threat.

Therefore:
'Stand-Alone' Anti-Virus scanning tools are *impressively better and
safer*, because you don't have to be on-line to use them (they have no
dependencies on using a web browser to perform their function), and they
also can be used in Safe Mode.

Good-quality applications:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2

Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

a-squared Free or a-squared Command Line Scanner
http://www.emsisoft.com/en/software/download/

BitDefender10 Free Edition
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/

NOTE:
Kaspersky® Virus Removal Tool, Dr.Web CureIt!®' the free version of
Malwarebytes© and SuperAntispyware are not capable for real-time protection
of your computer.
Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

The free version of Malwarebytes© and SuperAntispyware have an update
feature, keep them installed in addtion to your resident AV/A-S
applications and scan frequently.

This can also be useful:
HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

Happy New Year :)
 
Andreas said:
I was using the online webscanners from Trend Micro
HouseCall and Panada Security. Now, my winXP is
screwed and I can't get things back.

When I try using the Restore function, nothing happens.
I select the date, click Next, get a popup message
about certain drives being disabled [which I've done],
click OK, then I get to the confirmation screen. I
click Next, but nothing happens. I keep trying and
trying and still nothing.

Would anyone have any suggestions on what I should do next.
Click to expand...

Required reading: "System Restore - Restoration Failed"
http://bertk.mvps.org/html/srfail.html
 
well, it's likely that you
were
experiencing some issues
and you had a preconceived
notion that your system was
infected.

perhaps, it was a fair
assumption
on your part.

however, instability of the
o.s. is not always attributed
to an infection.

perhaps, what you are
experiencing
at this time is simply the
problem
that is progressing.

further, if you had an
installed
a.v. and then utilize another
a.v. in addition to the one
you
have, then it may have placed
a strain on your failing file
system.

in any event you should
utilize
safe mode to focus on
correcting
the issues with your system.

in safe mode you can try a
restore.
however, some a.v.'s prevent
the
system restore feature from
running
and modifying the system.

perhaps, the best step above
is to uninstall your current
a.v.
as it may be attributing to
some
of the issue.

then also try a defrag and
a check disk.

but if safe mode proves to be
futile, then you will need to
utilize
a winxp cd to go directly the
disk prompt via the repair
console "or" initiate a repair
installation.

--

db·´¯`·...¸><)))º>


"Andreas"
<[email protected]>
wrote in message
news:[email protected]...
 
No, I've used them in the past [with win98] and never
had a problem. Now, with xp, I do.
 
Thanks for the help Kayman, but there was nothing
unusual in devmgmt.msc. Everything was fine.

As for online scanners: I've used them in the past with
no problems. Then again, I was using win98 at the
time. I have a direct link to micro trend so I don't
have to worry about those phishing site.

I've also run many of the antispyware programs and have
no problem there.
I was using the online webscanners from Trend Micro
HouseCall and Panada Security. Now, my winXP is
screwed and I can't get things back.
When I try using the Restore function, nothing happens.
I select the date, click Next, get a popup message
about certain drives being disabled [which I've done],
click OK, then I get to the confirmation screen. I
click Next, but nothing happens. I keep trying and
trying and still nothing.
Click to expand...

Reboot your pc and see if this fixes your problem. If not check this:
Click 'Start' then click 'Run...' then type (or copy/paste) "devmgmt.msc"
(w/out quotation marks) into the box, then click the 'OK' button.
In the 'Device Manager' panel check 'Device status' of any drive which may
be disabled (left-click then click 'Properties').

Good luck :)

FYI and future reference:
There aren't any 'good' on-line scanners out there! On-line scanners are
the most unsafe and next to useless. Because by the time you've started
your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.

Other reasons to stay away from on-line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.
3.Scanning should be performed while off-line.
4.Vulnerabilities in several virus scanners
http://www.heise-online.co.uk/secur...n-several-virus-scanners-Update--/news/112301

Also, according to Trend Micro, a surfer using a search engine such as
Google, with a search string such as, “free online virus scan by Trend
Micro”, can end up on a spoofed version of HouseCall by clicking the link
returned by Google. Not surprisingly, the spoofed site informs users their
computers are infected with malware, and then teases them to purchase a
fake anti-virus application in order to remove the fake threat.

Therefore:
'Stand-Alone' Anti-Virus scanning tools are *impressively better and
safer*, because you don't have to be on-line to use them (they have no
dependencies on using a web browser to perform their function), and they
also can be used in Safe Mode.

Good-quality applications:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2

Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

a-squared Free or a-squared Command Line Scanner
http://www.emsisoft.com/en/software/download/

BitDefender10 Free Edition
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/

NOTE:
Kaspersky® Virus Removal Tool, Dr.Web CureIt!®' the free version of
Malwarebytes© and SuperAntispyware are not capable for real-time protection
of your computer.
Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

The free version of Malwarebytes© and SuperAntispyware have an update
feature, keep them installed in addtion to your resident AV/A-S
applications and scan frequently.

This can also be useful:
HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

Happy New Year :)
Click to expand...
 
Andreas

What security software is installed?

These Articles are a little dated in that there are now more security
programmes causing problems:
http://bertk.mvps.org/html/healthy.html

http://bertk.mvps.org/html/createrp.html

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~Andreas said:
Oh man, now I think I've royally screwed things up. I
no-longer have restore functions. There are no
previous restore points, and when I try to set one, I
get a message saying that its unable to create them and
to reboot. I've done this many, many times.

I've followed the advices here:
http://social.technet.microsoft.com/Search/en-US/?Query=System+Restore&resultsLang=en-US
and here: http://bertk.mvps.org/html/reinstall.html,
all with no luck.
I was using the online webscanners from Trend Micro
HouseCall and Panada Security. Now, my winXP is
screwed and I can't get things back.

When I try using the Restore function, nothing happens.
I select the date, click Next, get a popup message
about certain drives being disabled [which I've done],
click OK, then I get to the confirmation screen. I
click Next, but nothing happens. I keep trying and
trying and still nothing.

Would anyone have any suggestions on what I should do next.

Thanks

Andy
Click to expand...
Click to expand...
 
Thanks Gerry, but I think I've fixed my problem now. I
followed the instructions on all sites about fixing the
restore function, but none worked. Then I remembered I
had an old tweaking program installed called X-Setup
Pro. I went into that, and went to Enable System
Restore. It was already checked, but I checked it
again, rebooted, and now things are working. I managed
to make a couple of test restores, and *they worked*.

So, thanks everyone for all your help. I've found a
lot of great helpful sites, eventhough they are old,
_some_ of the stuff still works.

Andy
 
Yes, I think I've found another. I have 7 different
drives and 2 of them are NTFS while the rest are FAT.
I also have a couple of defraggers like UltimateDefrag,
AusLogics, Defraggler, Diskkeeper Light, and a couple
of others. Ultimate, Diskkeeper, and Defraggler crash
on the NTFS drives. I've had to use the Command line
option for JkDefrag and it tells me that "this is not a
FAT or NTFS disk." Yikes!!!! AusLogics is the only
one that works.

When I perform a disk check on the two drives, I get an
error message of "windows was unable to complete the
disk check."

Oh good grief . . . I wonder whats next!?
 
Andreas

Try HD Tune it only gives information and does not fix any
problems.

Download and run it and see what it turns up. You want HD Tune
(freeware) version 2.55 not HD Tune Pro (not Freeware) version 3.00.
http://www.hdtune.com/

Select the Info tabs and place the cursor on the drive under Drive
letter and then double click the two page icon ( copy to Clipboard )
and copy into a further message.

Select the Health tab and then double click the two page icon ( copy to
Clipboard ) and copy into a further message. Make sure you do a full
surface scan with HD Tune.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Hi Garry:

I tried that and it says everything is fine, except on
one of the hard drives, there was a yellow on the
ST340014A drive for Spin Retry Count. Below are the
results.

The scan disk was normal.

Now I've found another problem with my printer. I was
told that winspool.drv could not be found, but I have 3
of them under C:\windows\system and system32, and
servicepackfiles\i386. I try to reinstall the printer
drivers and the drivers could not be installed.

My next one is windows update won't work.

Something serious is happening, and I'm dead in the
water. I'm afraid to run another program.

xxxxxxxxxxxxxxxxxxxxxxxxxxxx

HD Tune results:

the main hard drive

INFO:

HD Tune: WDC WD1600AAJS-75PSA Information

Firmware version : 05.06H05
Serial number : WD-WMAP94838704
Capacity : 149.0 GB (~160.0 GB)
Buffer size : 8192 KB
Standard : ATA/ATAPI-7 - SATA II
Supported mode : UDMA Mode 6 (Ultra ATA/133)
Current mode : UDMA Mode 5 (Ultra ATA/100)

S.M.A.R.T : yes
48-bit Address : yes
Read Look-Ahead : yes
Write Cache : yes
Host Protected Area : yes
Device Configuration Overlay : yes
Automatic Acoustic Management: yes
Power Management : yes
Advanced Power Management : no
Power-up in Standby : yes
Security Mode : yes
Firmware Upgradable : yes

Partition : 1
Drive letter : C:\
Label :
Capacity : 152578 MB
Usage : 10.32%
Type : NTFS
Bootable : Yes


HEALTH:

HD Tune: WDC WD1600AAJS-75PSA Health

ID Current Worst
ThresholdData Status
(01) Raw Read Error Rate 200 200 51
0 Ok
(03) Spin Up Time 160 158 21
2958 Ok
(04) Start/Stop Count 100 100 0
858 Ok
(05) Reallocated Sector Count 200 200 140
0 Ok
(07) Seek Error Rate 200 200 51
0 Ok
(09) Power On Hours Count 95 95 0
3909 Ok
(0A) Spin Retry Count 100 100 51
0 Ok
(0B) Calibration Retry Count 100 100 51
0 Ok
(0C) Power Cycle Count 100 100 0
856 Ok
(C0) Power Off Retract Count 200 200 0
40 Ok
(C1) Load Cycle Count 200 200 0
858 Ok
(C2) Temperature 111 106 0
32 Ok
(C4) Reallocated Event Count 200 200 0
0 Ok
(C5) Current Pending Sector 200 200 0
0 Ok
(C6) Offline Uncorrectable 100 253 0
0 Ok
(C7) Ultra DMA CRC Error Count 200 200 0
0 Ok
(C8) Write Error Rate 100 253 51
0 Ok

Power On Time : 3909
Health Status : Ok

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

other hard drive with ntfs:

INFO:

HD Tune: ST340014A Information

Firmware version : 3.06
Serial number : 3JX3HDQN
Capacity : 37.3 GB (~40.0 GB)
Buffer size : 2048 KB
Standard : ATA/ATAPI-6
Supported mode : UDMA Mode 5 (Ultra ATA/100)
Current mode : UDMA Mode 5 (Ultra ATA/100)

S.M.A.R.T : yes
48-bit Address : yes
Read Look-Ahead : yes
Write Cache : yes
Host Protected Area : yes
Device Configuration Overlay : yes
Automatic Acoustic Management: no
Power Management : yes
Advanced Power Management : no
Power-up in Standby : no
Security Mode : yes
Firmware Upgradable : yes

Partition : 1
Drive letter : E:\
Label : OLDWIN98 7C
Capacity : 19077 MB
Usage : 57.51%
Type : FAT32
Bootable : Yes

Partition : 2
Drive letter : G:\
Label : Other Vids
Capacity : 19077 MB
Usage : 97.86%
Type : NTFS
Bootable : No


HEALTH:

HD Tune: ST340014A Health

ID Current Worst
ThresholdData Status
(01) Raw Read Error Rate 72 64 6
92533723 Ok
(03) Spin Up Time 98 98 0
0 Ok
(04) Start/Stop Count 97 97 20
3610 Ok
(05) Reallocated Sector Count 100 100 36
0 Ok
(07) Seek Error Rate 82 60 30
182835495 Ok
(09) Power On Hours Count 84 84 0
14577 Ok
(0A) Spin Retry Count 100 100 97
0 Ok
(0C) Power Cycle Count 96 96 20
4814 Ok
(C2) Temperature 30 49 0
30 Ok
(C3) Hardware ECC Recovered 72 64 0
92533723 Ok
(C5) Current Pending Sector 100 100 0
0 Ok
(C6) Offline Uncorrectable 100 100 0
0 Ok
(C7) Ultra DMA CRC Error Count 200 199 0
1 Ok
(C8) Write Error Rate 100 253 0
0 Ok
(CA) TA Counter Increased 100 253 0
0 Ok

Power On Time : 14577
Health Status : Ok

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
Hi Garry:

I tried that and it says everything is fine, except on
one of the hard drives, there was a yellow on the
ST340014A drive for Spin Retry Count. Below are the
results.

The scan disk was normal.

Now I've found another problem with my printer. I was
told that winspool.drv could not be found, but I have 3
of them under C:\windows\system and system32, and
servicepackfiles\i386. I try to reinstall the printer
drivers and the drivers could not be installed.

My next one is windows update won't work.

Something serious is happening, and I'm dead in the
water. I'm afraid to run another program.
Click to expand...

<snip for brevity>

How to perform disk error checking in Windows XP
http://support.microsoft.com/kb/315265

Hardware Troubleshooting
http://www.elephantboycomputers.com/page2.html#Hardware_Tshoot

Crucial System Scanner tool
http://www.crucial.com/

Troubleshoot Windows XP driver problems with the File Signature
Verification Utility
http://articles.techrepublic.com.com/5100-6346-6042127-2.html

How Do I Install Windows XP
Preparation is the key for successful installation.

1.How to Slipstream Windows XP Service Pack 3 to Create an Integrated XP
Setup Disk with SP 3
http://www.howtohaven.com/system/slipstream-xp-service-pack-3.shtml
--or (maybe more user friendly)--
Create a Slip Stream version of Windows XP
http://www.webtree.ca/windowsxp/slipstream.htm
--and--
WinUpdatesList v1.23
http://www.nirsoft.net/utils/wul.html
--also--
Change the Boot Order in BIOS (good illustration)
http://pcsupport.about.com/od/fixtheproblem/ss/bootorderchange.htm

2.Clean Install Windows XP
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand
--and--
http://www.michaelstevenstech.com/cleanxpinstall.html
--or even better because its illustrated and more reader friendly--
How Do I Install WindowsXP
http://xphelpandsupport.mvps.org/how_do_i_install_windows_xp.htm

Good luck :)
 
Andreas

Have a look in the System and Application logs in Event Viewer for
Errors and Warnings and post copies here. Don't post any more than 48
hours ago.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

On the subject of System Restore it should only be monitoring your
system (Windows) partition. It should be turned off for all other
drives.
http://bertk.mvps.org/html/healthy.html
http://bertk.mvps.org/html/drivedisable.html


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

loading screen 3
System restore problem 5
system restore 4
Active X ? 5
Need help; can't restore -- stops at confirm restore point 9
Restore fails to initiate 2
Can't get to System Restore 13
Can't Restore to Earlier Time 8

Back
Top