Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
This topic is locked
I need to find out how to go back to a restore point on a non bootable drive in windows vista home premium. I can boot and read it with another drive that I am temporarily booting from. Here is a link to my post in the HJT thread and more details about the problem. TIA.
http://www.bleepingcomputer.com/forums/ind...st&p=987252
I am in deep trouble after running Combofix as instructed by Billy O'Neal!!! I really appreciate your help. Apparently, I am the 1 in 100 and my computer will not boot.
It gives me a message such as "A recent hardware change" damaged your computer. "1. Insert windows installation disk and restart your computer. 2. choose your language. 3. Repair computer. File:Windows\system 32\config\system. Status: OXC000014C Regestry file missing or corrupt."
I do not have a windows vista home premium system disk as it came preinstalled with my month old Acer computer. Using their utility restores it to factory and deletes all my programs.
I did replace the 250 GB hard disk with a 1 TB, which fortunately was cloned. However I have installed a lot of new programs after the clone.
So I temprarilly removed my data/programs install disk 500MB and rebooted from the original Acer drive. I can access the 1TB drive, which will not boot.
I need to find out how to restore the 1TB drive to the restore point that ComboFix set. Log follows.
I did do a Malbytes Anti-Malware scan on the Acer drive and unfortunately it too was infected. I had all removed. Log follows
Combofix.Txt:
ComboFix 08-10-25.01 - Les 2008-10-26 15:32:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1670 [GMT -4:00]
Running from: C:\Users\Les\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
----------------------------------------------------------------
alwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6001 Service Pack 1
10/26/2008 5:16:07 PM
mbam-log-2008-10-26 (17-16-07).txt
Scan type: Quick Scan
Objects scanned: 43744
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Thanks for your help!!!!!
http://www.bleepingcomputer.com/forums/ind...st&p=987252
I am in deep trouble after running Combofix as instructed by Billy O'Neal!!! I really appreciate your help. Apparently, I am the 1 in 100 and my computer will not boot.
It gives me a message such as "A recent hardware change" damaged your computer. "1. Insert windows installation disk and restart your computer. 2. choose your language. 3. Repair computer. File:Windows\system 32\config\system. Status: OXC000014C Regestry file missing or corrupt."
I do not have a windows vista home premium system disk as it came preinstalled with my month old Acer computer. Using their utility restores it to factory and deletes all my programs.
I did replace the 250 GB hard disk with a 1 TB, which fortunately was cloned. However I have installed a lot of new programs after the clone.
So I temprarilly removed my data/programs install disk 500MB and rebooted from the original Acer drive. I can access the 1TB drive, which will not boot.
I need to find out how to restore the 1TB drive to the restore point that ComboFix set. Log follows.
I did do a Malbytes Anti-Malware scan on the Acer drive and unfortunately it too was infected. I had all removed. Log follows
Combofix.Txt:
ComboFix 08-10-25.01 - Les 2008-10-26 15:32:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1670 [GMT -4:00]
Running from: C:\Users\Les\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
----------------------------------------------------------------
alwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6001 Service Pack 1
10/26/2008 5:16:07 PM
mbam-log-2008-10-26 (17-16-07).txt
Scan type: Quick Scan
Objects scanned: 43744
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Thanks for your help!!!!!
This post has been edited by 4me2know: 26 October 2008 - 05:10 PM
Back to top
