System restore probs, am I still infected?

Status
Not open for further replies.

daveki

Posts: 18   +0
Hi

I followed ur 8 steps for removal after being infected with a virus and this seemed to stop the fake alerts I was getting, but wen I click on system restore imediately I get this message in a box "system restore is not able to protect you computer, please restart ur computer then run system restore again." I followed wat it said but keep getting the same....ive attatched my logs from my scans, hope you can help

cheers
 

Attachments

  • hijackthis.log
    14.6 KB · Views: 5
You need to update the programs before scanning

Please update Malwarebytes and run another Quick scan and provide the log

Also, Bitdefender looks like it may have missed a few things too
Please run an online scan with Eset: http://www.eset.com/onlinescan/
But disable your installed Antivirus first

Provide the new logs after doing so
 
hi

thanks....the malaware log was from a scan i did a couple of days ago when i was infected....the log from a scan i did today is attatched but found no threats. im just doing the online scan now and will attatch when complete.
 
Hi again

scan is complete this is what it found and deleted. I will now reboot and try system restore.
 

Attachments

  • esetlog.txt
    859 bytes · Views: 6
just tried system restore still doing the same as before....does that mean im still infected?
 
kimsland, do you mind if I intervene here?

daveki, the main problem you are having is due to your Host files being hijacked: All of your searches are being sent to IP 82.98.231.89 which is for Cyber Technology BVBA/SPRL
descr: Belgium
country: NL

They have noting to do with Microsoft in spite of microsoft.com entry.

Much of the malware infection was found in files from oceans32 This is a legitimate file protection driver from Oreans Technology, that if disabled, will stop the correct operation of legitimate software. Unfortunately, this driver can also be installed by malware that is packed by it.

Before proceeding any further, I would like you to do this:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


Please attach that log to your next reply. The contents will determine what comes next.
Are you in agreement kimsland?
 
thanks bobbye

ive scanned the files you requested and attatched the results!

what did you mean by my searches are being sent to another ip address in belgium? and why would they do this?

thanks for all your help!

VirSCAN.org Scanned Report :
Scanned time : 2009/12/06 17:55:25 (GMT)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/478fbe1dbe65f783fb833eef2a555d65.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091206090244 2009-12-06 4.31 -
AhnLab V3 2009.12.06.01 2009.12.06 2009-12-06 0.95 -
AntiVir 8.2.1.92 7.10.1.170 2009-12-05 0.38 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.12 -
Arcavir 2009 200912060734 2009-12-06 0.03 -
Authentium 5.1.1 200912051639 2009-12-05 1.20 -
AVAST! 4.7.4 091206-0 2009-12-06 0.01 -
AVG 8.5.288 270.14.96/2548 2009-12-06 0.30 -
BitDefender 7.81008.4699032 7.29329 2009-12-07 4.04 -
CA (VET) 35.1.0 7158 2009-12-04 6.96 -
ClamAV 0.95.2 10114 2009-12-05 0.01 -
Comodo 3.13 3157 2009-12-06 0.91 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.04 -
Dr.Web 4.44.0.9170 2009.12.06 2009-12-06 7.45 -
F-Prot 4.4.4.56 20091205 2009-12-05 1.19 -
F-Secure 7.02.73807 2009.12.05.02 2009-12-05 0.15 -
Fortinet 11.130- 11.130 2009-12-06 0.21 -
GData 19.9192/19.608 20091206 2009-12-06 5.57 -
ViRobot 20091204 2009.12.04 2009-12-04 0.41 -
Ikarus T3.1.01.74 2009.12.06.74658 2009-12-06 4.16 -
JiangMin 13.0.900 2009.12.02 2009-12-02 4.14 -
Kaspersky 5.5.10 2009.12.06 2009-12-06 0.11 -
KingSoft 2009.2.5.15 2009.12.6.18 2009-12-06 0.52 -
McAfee 5.3.00 5824 2009-12-06 3.29 -
Microsoft 1.5302 2009.12.06 2009-12-06 6.32 -
Norman 6.01.09 6.01.00 2009-12-05 4.01 -
Panda 9.05.01 2009.12.06 2009-12-06 1.76 -
Trend Micro 9.000-1003 6.674.05 2009-12-06 0.03 -
Quick Heal 10.00 2009.12.05 2009-12-05 1.25 -
Rising 20.0 22.24.06.04 2009-12-06 0.96 -
Sophos 3.02.0 4.48 2009-12-07 2.73 -
Sunbelt 3.9.2381.2 5547 2009-12-06 1.83 -
Symantec 1.3.0.24 20091206.005 2009-12-06 0.05 -
nProtect 20091203.01 6487164 2009-12-03 3.64 -
The Hacker 6.5.0.2 v00086 2009-12-05 0.74 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.28 -
VirusBuster 4.5.11.10 10.115.1/2003653 2009-12-05 2.38 -



VirSCAN.org Scanned Report :
Scanned time : 2009/12/06 17:59:37 (GMT)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/6cb1385fdd78131422112f9550ac430d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091206090244 2009-12-06 9.77 -
AhnLab V3 2009.12.06.01 2009.12.06 2009-12-06 1.09 -
AntiVir 8.2.1.92 7.10.1.170 2009-12-05 0.47 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.12 -
Arcavir 2009 200912060734 2009-12-06 0.07 -
Authentium 5.1.1 200912051639 2009-12-05 2.22 -
AVAST! 4.7.4 091206-0 2009-12-06 0.05 -
AVG 8.5.288 270.14.96/2548 2009-12-06 0.31 -
BitDefender 7.81008.4699032 7.29329 2009-12-07 4.04 -
CA (VET) 35.1.0 7158 2009-12-04 17.37 -
ClamAV 0.95.2 10114 2009-12-05 0.22 -
Comodo 3.13 3157 2009-12-06 0.96 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.11 -
Dr.Web 4.44.0.9170 2009.12.06 2009-12-06 7.66 -
F-Prot 4.4.4.56 20091205 2009-12-05 2.22 -
F-Secure 7.02.73807 2009.12.05.02 2009-12-05 8.77 -
Fortinet 11.130- 11.130 2009-12-06 0.27 -
GData 19.9192/19.608 20091206 2009-12-06 6.30 -
ViRobot 20091204 2009.12.04 2009-12-04 0.44 -
Ikarus T3.1.01.74 2009.12.06.74658 2009-12-06 4.18 -
JiangMin 13.0.900 2009.12.02 2009-12-02 16.18 -
Kaspersky 5.5.10 2009.12.06 2009-12-06 0.07 -
KingSoft 2009.2.5.15 2009.12.6.18 2009-12-06 0.80 -
McAfee 5.3.00 5824 2009-12-06 3.47 -
Microsoft 1.5302 2009.12.06 2009-12-06 10.13 -
Norman 6.01.09 6.01.00 2009-12-05 2.01 -
Panda 9.05.01 2009.12.06 2009-12-06 10.71 -
Trend Micro 9.000-1003 6.674.05 2009-12-06 0.04 -
Quick Heal 10.00 2009.12.05 2009-12-05 1.89 -
Rising 20.0 22.24.06.04 2009-12-06 0.58 -
Sophos 3.02.0 4.48 2009-12-07 2.74 -
Sunbelt 3.9.2381.2 5547 2009-12-06 3.73 -
Symantec 1.3.0.24 20091206.005 2009-12-06 0.09 -
nProtect 20091203.01 6487164 2009-12-03 4.77 -
The Hacker 6.5.0.2 v00086 2009-12-05 0.75 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.52 -
VirusBuster 4.5.11.10 10.115.1/2003653 2009-12-05 2.62 -




VirSCAN.org Scanned Report :
Scanned time : 2009/12/06 17:27:13 (GMT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/399cd3208fd60943834c6cb2db66e0a9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091206090244 2009-12-06 4.03 -
AhnLab V3 2009.12.06.01 2009.12.06 2009-12-06 0.99 -
AntiVir 8.2.1.92 7.10.1.170 2009-12-05 0.41 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.12 -
Arcavir 2009 200912060734 2009-12-06 0.03 -
Authentium 5.1.1 200912051639 2009-12-05 1.20 -
AVAST! 4.7.4 091206-0 2009-12-06 0.00 -
AVG 8.5.288 270.14.96/2548 2009-12-06 0.31 -
BitDefender 7.81008.4699032 7.29329 2009-12-07 4.02 -
CA (VET) 35.1.0 7158 2009-12-04 8.14 -
ClamAV 0.95.2 10114 2009-12-05 0.01 -
Comodo 3.13 3157 2009-12-06 0.91 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.04 -
Dr.Web 4.44.0.9170 2009.12.06 2009-12-06 7.41 -
F-Prot 4.4.4.56 20091205 2009-12-05 1.20 -
F-Secure 7.02.73807 2009.12.05.02 2009-12-05 0.10 -
Fortinet 11.130- 11.130 2009-12-06 0.19 -
GData 19.9191/19.608 20091206 2009-12-06 6.12 -
ViRobot 20091204 2009.12.04 2009-12-04 0.50 -
Ikarus T3.1.01.74 2009.12.06.74658 2009-12-06 4.14 -
JiangMin 13.0.900 2009.12.02 2009-12-02 4.19 -
Kaspersky 5.5.10 2009.12.06 2009-12-06 0.07 -
KingSoft 2009.2.5.15 2009.12.6.18 2009-12-06 0.52 -
McAfee 5.3.00 5824 2009-12-06 3.27 -
Microsoft 1.5302 2009.12.06 2009-12-06 6.57 -
Norman 6.01.09 6.01.00 2009-12-05 4.00 -
Panda 9.05.01 2009.12.06 2009-12-06 6.40 -
Trend Micro 9.000-1003 6.674.05 2009-12-06 0.03 -
Quick Heal 10.00 2009.12.05 2009-12-05 1.25 -
Rising 20.0 22.24.06.04 2009-12-06 0.99 -
Sophos 3.02.0 4.48 2009-12-07 2.70 -
Sunbelt 3.9.2381.2 5546 2009-12-05 3.78 -
Symantec 1.3.0.24 20091206.005 2009-12-06 0.05 -
nProtect 20091203.01 6487164 2009-12-03 3.78 -
The Hacker 6.5.0.2 v00086 2009-12-05 0.73 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.17 -
VirusBuster 4.5.11.10 10.115.1/2003653 2009-12-05 2.37 -
 
hi bobbye

ive posted the results twice but got a message saying a moderator needs to check them first

thanks for all your help
 
i tried to pm you the results but wont let me do that either, how can i get help if my results cant be posted


please help!

thanks
 
my results have been posted, can you please tell me where i go from here it will be much appreciated
 
Not to worry Dave. The mods grumble if a post is too long. I got is all and am glad to say you do not have the malware I suspected- it would have required a reformat/reinstall right up front. So now we remove what you do have.

Please do not attempt System Restore while we are cleaning. If the malware has gotten into any restore points and you happen to restore to that date, you will reinfect the system. I'll have you remove the old restore points when the system is clean and set a new, clean restore point.

what did you mean by my searches are being sent to another ip address in belgium? and why would they do this?

I mean that when you request a site, instead of taking you to that site, the malware takes you to a site in Belgium instead. Why? Because that's what some malware does!

It appears that you have a pirated version of WinAVI Video Converter 8.0. It will have to re moved from the system to continue.

Please reopen Hijackthis to 'do system scan only.' Check each of the following, if present:

O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O4 - HKLM\..\Run: [msav] C:\WINDOWS\system32\~TM5F.TMP
O4 - HKUS\S-1-5-19\..\Run: [fezoworepa] Rundll32.exe "C:\WINDOWS\system32\jopuhaya.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fezoworepa] Rundll32.exe "C:\WINDOWS\system32\jopuhaya.dll",s (User 'NETWORK SERVICE')


Close all Windows except HJT and click on "Fix Checked."

You also have malware called Spyware.Passwords. It is running and still active:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Access Windows Explorer: Right click on Start> Explore:

  • * First go up to Tools> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide system and protected files'> Apply> OK
    *Continue by checking My Computer> Local Drive- usually C> Click on Windows> then System 32
    * Look for TM5F.TMP> do a right click> Delete.

Go back and hide the files and folders.
Empty the Recycle Bin Close.

Some entries cannot be remove using HijackThis, so please do the following:

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attach new Combofix report to new reply.
Rescan with HijackThis and attach new log.

NOTE: I recommend that you change all of your passwords and monittor any online financial transactions you have.


Remind me to tell you how to get control of the tracking Cookies.
 
Dave, your thread is only 8 hours old. This is a busy forum. Please have patience. I was preparing my reply above when you said to 'hurry up'.
 
Not to mention > We don't need 4 email replies from you in a row (as you have quadruple posted !)

Yes it is a bad time when you are infected and you just want it solved right now
But the members here are supplying their support freely at a rate that is way faster than most other online boards (actually I think we are the fastest)

Instead of replying to yourself use EDIT to add to your post if your post is still the last post in the Topic (presently not)
 
Hi bobbye and kimsland

im sorry for seeming so impatient and rude I appreciate all your help and advice and cannot thank you enough. I followed ur instuctions and cudnot find any of the
01 entries on hijackthis....found all the 04 entries though and deleted these as instructed, everything went smoothly and I will attatch the logs and await ur replies patiently....once again thanks so very much for all your help

dave:grinthumb

forgot I need to remind you to tell me how to get control of the tracking cookies, thanks again
 

Attachments

  • ComboFix.txt
    22.3 KB · Views: 5
You did not address this:
It appears that you have a pirated version of WinAVI Video Converter 8.0. It will have to re moved from the system to continue.

You are also using a hacking tool DHCP Sniffer.

I'm going to ask someone else for help in reviewing the logs. I do not support either of the above..
 
hi bobbye

im sorry, i did remove winavi convertor and will move dhcp sniffer as i use neither of these programs, sorry for not addressing these...please continue i appreciate the help

dave
 
hi guys

im sorry for having these 2 programs and i think ive deleted every trace of these off my system, to be honest the winavi 8.0 ive never used and the dhcp sniffer i didnt even know what that was, i had a friend from work a couple of years ago who modded modems, he asked me to run this program and give him the results, i adnt a clue what it was for or what it did just thought i was doing him a favour as i am not clued up on what he was doing...please continue with your help as i am very grateful for the help so far and am definately not into hacking...

sorry if ive offended you in any way having these programs!

i await ur response eagerly

dave:(
 
Dave, it wasn't an offense- we just don't support pirated programs.

I'd like you to run Combofix again- please delete the previous report for this on your desktop, then run it again. Include new report in next reply. Here are directions again:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Then rescan with HijackThis and include that log also.
 
Okay, looks good. But I'd like you to delete the Eset logs you currently have and scan again:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
I'd like to make sure the system isn't hiding anything. Please include the log in next reply. If that's clean we'll check system restore-not yet though.

Here's some System Restore troubleshooting that you can read and check:

Q.What should I do if System Restore does not work?
A.Try these steps if System Restore does not appear to work:

1.Ensure the System Restore service is running. For more information, see: How can I verify that the System Restore services are running on my machine? (see site)

2.Verify that you have enough free space on all your drives as required by System Restore. If the free space on any partition system restore is monitoring falls below 50 MB, System Restore will suspend and purge out all restore points to free up disk space. It will automatically reactivate when 200 MB+ free space is available. For more information, see How the System Restore Tool Handles Hard-Disk Space Usage. (see site)

3.Examine event logs for any system restore-related errors that could help you identify the problem.

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx
 
hi bobbye

i did the online scan and have attatched the log!
in an earlier post you also told me to remind you how to get control of the tracking cookies.

thanks for all your help

dave
 
About the Tracking Cookies (thank): this needs to be done on accounts for both 'dave' and 'lee':

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

Now you can remove the cleaning tools and old restore points:


Uninstall ComboFix.exe And all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Remove all of the tools we used and the files and folders they created
  • DownloadOTCleanIt by OldTimer
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.


You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

The system will set new restore points once in about every 24 hours if the computer is on. You can also set your own any time you want. Wait a few days, then set a restore point for the day before. Next day, try restoring to that date to make sure it's working okay.

Let me know if I can be of further help.
 
hi bobbye

i followed your instructions cleaned all the files and folders used then had to reboot
then i started to create a new restore point as you said by Go to Start > All Programs > Accessories > System Tools and click "System Restore". at this point as before i get this message "system restore is not able to protect your computer, please restart your computer then run system restore again" why would this be the case? i thought it should run ok now, wat could be the reason for this?

thanks for all ur help

dave
 
System Restore Troubleshoot: Go through this please:

Q.What should I do if System Restore does not work?
A.Try these steps if System Restore does not appear to work:

1.Ensure the System Restore service is running. For more information, see: How can I verify that the System Restore services are running on my machine? (see site)

2.Verify that you have enough free space on all your drives as required by System Restore. If the free space on any partition system restore is monitoring falls below 50 MB, System Restore will suspend and purge out all restore points to free up disk space. It will automatically reactivate when 200 MB+ free space is available. For more information, see How the System Restore Tool Handles Hard-Disk Space Usage. (see site)

3.Examine event logs for any system restore-related errors that could help you identify the problem.

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
  • You can ignore Warnings and Information Events.
  • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
  • You don't need to include the lines of code in the box below the Description, if any.
  • Please do not copy the entire Event log.

Errors are time coded.

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx


Try this and see what you get:
Boot into Safe Mode: Start> Run> cmd> type in:
C:\Windows\system32\Restore\rstrui.exe

which is the Restore program, it will prompt with Create vs Restore and you can pick
a Restore point.
__________________
 
hi bobbye

her is my errors from the event log not sure what they mean, could do with your view if possible:

Application log:

Event Type: Error
Event Source: Intel(R) AMT
Event Category: UNS
Event ID: 2002
Date: 19/12/2009
Time: 23:33:04
User: N/A
Computer: DAVESLAPTOP
Description:
[UNS] Failed to subscribe to local Intel(R) AMT.

Event Type: Error
Event Source: LMS
Event Category: None
Event ID: 2
Date: 19/12/2009
Time: 23:33:01
User: NT AUTHORITY\SYSTEM
Computer: DAVESLAPTOP
Description:
LMS Service cannot connect to HECI driver

system:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 19/12/2009
Time: 23:33:07
User: N/A
Computer: DAVESLAPTOP
Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 19/12/2009
Time: 22:44:41
User: N/A
Computer: DAVESLAPTOP
Description:
The following boot-start or system-start driver(s) failed to load:
Beep

im going to try booting into safemode as you said and will be report back with the results

thanks once again! much appreciated

dave

hi bobbye

i tried in safemode like you suggested and still received the same message as before"system restore is not able to protect your computer, please restart your computer then run system restore again" have u any ideas whats causing this?

dave
 
Status
Not open for further replies.
Back