Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Urgent - Please help hard disk won't boot after Combofix!

  • This topic is locked This topic is locked
1 reply to this topic

#1 4me2know


  • Members
  • 12 posts
  • Local time:10:54 PM

Posted 26 October 2008 - 05:04 PM

I need to find out how to go back to a restore point on a non bootable drive in windows vista home premium. I can boot and read it with another drive that I am temporarily booting from. Here is a link to my post in the HJT thread and more details about the problem. TIA.


I am in deep trouble after running Combofix as instructed by Billy O'Neal!!! I really appreciate your help. Apparently, I am the 1 in 100 and my computer will not boot.

It gives me a message such as "A recent hardware change" damaged your computer. "1. Insert windows installation disk and restart your computer. 2. choose your language. 3. Repair computer. File:Windows\system 32\config\system. Status: OXC000014C Regestry file missing or corrupt."

I do not have a windows vista home premium system disk as it came preinstalled with my month old Acer computer. Using their utility restores it to factory and deletes all my programs.

I did replace the 250 GB hard disk with a 1 TB, which fortunately was cloned. However I have installed a lot of new programs after the clone.

So I temprarilly removed my data/programs install disk 500MB and rebooted from the original Acer drive. I can access the 1TB drive, which will not boot.

I need to find out how to restore the 1TB drive to the restore point that ComboFix set. Log follows.

I did do a Malbytes Anti-Malware scan on the Acer drive and unfortunately it too was infected. I had all removed. Log follows

ComboFix 08-10-25.01 - Les 2008-10-26 15:32:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1670 [GMT -4:00]
Running from: C:\Users\Les\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

alwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6001 Service Pack 1

10/26/2008 5:16:07 PM
mbam-log-2008-10-26 (17-16-07).txt

Scan type: Quick Scan
Objects scanned: 43744
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Thanks for your help!!!!!

Edited by 4me2know, 26 October 2008 - 05:10 PM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:54 PM

Posted 26 October 2008 - 05:30 PM

You are still working with your HJT member. you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I am closing this topic.
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users