Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another 'I ran combofix without supervision' problem


  • This topic is locked This topic is locked
281 replies to this topic

#1 TonyCman

TonyCman

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 21 November 2012 - 12:29 PM

Hi all

Yes I know I screwed up big time so I apologise in advance for asking you to help me with this when the warnings against doing what I did are all over the place - unfortunatley I found them too late. So I am pretty desperate and I hope someone will overlook my stupidity and spend some time trying to help me sort this out.

The gory details are in this post

http://www.bleepingcomputer.com/forums/topic475838.html

I have now got a DDS log file from the affected machine and this I am posting below

I have attached attach.txt as per the usual instructions - really hope you guys can help me out - here goes:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by elizabeth halberg at 17:11:07 on 2012-11-21
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [Getca] c:\program files\belkin usb wireless monitor\InfoMyCa.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:33554432
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\elizabeth halberg\application data\mozilla\firefox\profiles\ji0icg2x.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R? avast! Antivirus;avast! Antivirus
R? GT72NDISIPXP;GT 72 IP NDIS
R? GT72UBUS;GT 72 U BUS
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service
S? GtDetectSc;GtDetectSc
S? sentemul;sentemul
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 17:11:52.67 ===============

Over to you!!!

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 22 November 2012 - 07:31 PM

Greetings Tony and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I know you can not get online and some programs no longer work but could you please describe in detail any other symptoms you are experiencing. Once I have the full picture we can proceed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 November 2012 - 02:54 AM

Hi Gary

Thanks for the quick reply hope you can help me out with this

Looking forward to hearing from you

TC

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 23 November 2012 - 09:00 AM

Hi Tony,

I think this part of my post may have gotten lost in greetings.

I know you can not get online and some programs no longer work but could you please describe in detail any other symptoms you are experiencing. Once I have the full picture we can proceed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 24 November 2012 - 03:54 AM

Hi Gary

Yes sorry I missed that bit!

When the laptop is booted up it is in the active desktop recovery mode

There is a Windows warning box containing the message ‘Cannot access volume control’

It cannot connect to the internet

It seems as though all of the ‘guts’ have been stripped out of the programs that were on the hard drive. There used to be some software called MaxSea Utilities and Total Tides which are marine applications and can give you tidal information and charts for every ocean in the world. Although the folders are still there in Program Files the size of each folder is MaxSea Utilities 194mb and Total Tide 72.5 mb

I am really worried that all this expensive software has been trashed forever - I hope it can be retrieved otherwise I don't know what I will do

When it first rebooted after running Combofix it wouldn’t launch Explorer.exe, but I got it back through Task Manager File/NewTask(run)

Thanks for your help

Tony

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 24 November 2012 - 02:49 PM

Hi Tony,

Thank you for the detailed explanation. We are going to attempt to revert back a bit to time before you ran Combofix. I hope we can make some progress this way but time will tell.

Please do this for me.


===================================================


Create XP Recovery Console from Artellos

--------------------

  • Please click here to go to the ARCDC download page
  • Right click on Latest EXE Download and select Save Link As...
  • Save it to your desktop as ARCDC.exe
  • Double click ARCDC.exe, select Run, then OK
  • You see 6 options. Please pick: Windows Professional SP2 & SP3 (If you do not have SP2 & SP3 installed please select the option that applies (i.e. SP2) . <<< IMPORTANT)
  • Click Yes on the License Agreement
  • Select Use Default Files
  • It is normal to see numerous black screens flash and disappear
  • Click Burn on the Your ISO is created! screen
  • A BurnCDCC window will open
  • The File Image box should automatically be populated with the XPRC.iso file path on your desktop. If not, browse to the file and double click it
  • The Device box should list your CD/DVD
  • Insert a CD into the CD device then click Start
  • Once completed close the program and remove the CD
  • Insert the newly created XP Recovery Console CD in the computer's optical disk drive tray
  • Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If you don't get this you have to change the boot order from the BIOS)
  • When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have just one Windows installation (typical), type 1 and press enter. If you have multiple Windows installations (less typical), it will list each one. Enter the number associated with the operating system of concern
  • You will be prompted for the Administrator's password. If there is no password simply press ENTER. If a password is required but you don't know it see this.
  • Please continue with the following steps once you are presented with a C:\Windows> prompt. If you do not see this prompt, stop here and advise me of that fact

===================================================


Restoring ERUNT Registry Back-up Via the Recovery Console in Windows XP

--------------

  • Type the following after the Recovery Console command prompt and press Enter

    cd erdnt\hiv-backup
  • Type the following and press Enter

    batch erdnt.con
  • The erunt backups will begin copying
  • When completed type the following and press Enter

    exit
  • Windows will now begin loading

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were you able to boot into Normal Mode?

Edited by Oh My, 24 November 2012 - 10:21 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 November 2012 - 10:49 AM

Hi Gary

I have followed your instructions and all seems to have worked okay. I rebooted the machine and the Selective Startup warning box came up - when I clicked on the OK button, the System Configuration Utility started with the 'selective startup' button selected. The other boxes ticked were process system.ini file, process win.ini file, Load system services, Load startup items and Use Modified BOOT.INI

I ticked the 'normal startup' button and rebooted but I am still getting the 'Cannot access Volume COntrol warning, and it is still in Active Desktop Recovery mode so not sure what that means?

Thanks and best wishes

TC

Edited by TonyCman, 26 November 2012 - 10:59 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 26 November 2012 - 12:04 PM

Hi Tony,

I would like you to reproduce the Selective Startup screen. You may have to follow the initial steps again. This time I would like you to check Diagnostic Startup and let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 November 2012 - 04:16 PM

Hi Gary

I tried to reproduce the problem and instaed of writing up all of the messages etc I have taken some images of the desktop and attached them to this message.

Basically it starts with the first image which is the active desktop recovery page and the warning telling me that the volume control cannot be found.

Posted Image

I then see the 'System Configuration Utility' warning box

Posted Image

which once I click OK takes me to MSConfig utility (load Startup Items is greyed out)

Posted Image).

and if I try to click on the diagnostic startup option to reboot, I get the message telling me I need to sign in to an 'Administrator account' before making the changes that I am attempting (there is no administrator account set up on the machine!)


Posted Image

and then we see this

Posted Image

Hope this makes sense!

Thanks

TC

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 26 November 2012 - 05:02 PM

Hi Tony,

A picture is worth a thousand words!

Please do this for me.


===================================================


Unhide

--------------------

  • Please download Unhide and transfer it to your desktop
  • Double click the Posted Image icon
  • Once the program has completed a Windows alert will be displayed stating your files have been restored
  • Please reboot your computer
  • Please copy and paste the contents of the Unhide.txt document which will be created on your desktop

===================================================


Run Registry Batch (.bat) File

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy/paste the following text inside the code box into a new notepad document. Make sure that under Format menu Word Wrap is unchecked.


    REGEDIT /E C:\export.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\"
    start c:\export.txt
    
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input Active.bat.
  • Click Save.

    When done properly, the icon should look like this (or something similar) Posted Image on your desktop.
  • Close the Notepad.
  • Locate and double-click Active.bat on the desktop.
  • Notepad will open with some text in it. Copy and paste the contents in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Unhide.txt
  • Export.txt
  • Notice any changes?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 27 November 2012 - 05:07 AM

Hi Gary

I seem to have a new problem now!

I downloaded the programs and put them onto a USB memory stick to transfer them across to the stricken laptop. The memory stick is now not being recognised by the laptop, even though it was before.

Is there any way to sort this out?

Thanks and best wishes

TC

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 27 November 2012 - 11:35 AM

Hi Tony,

I am assuming you removed the USB, rebooted the computer and tried it again. If so, please go here, select Run now on the pop up window that should appear, and see if that fixes it. If not, there are additional troubleshooting steps on that page. It seems more time efficient to point you there than it would be for us to go back and forth.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 27 November 2012 - 04:32 PM

Hi Gary

Got it going by going to 'services' tab in msconfig and ticking eeverything!

Unfortunately I couldn't get them onto the destop so I ran them from the USB stick - hope that hasn't made too much of a difference

Logs as follows:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 11/27/2012 03:04:25 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 83871 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 1032 files processed.

The C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowRecentDocs was set to 0! It was set back to 2!

Program finished at: 11/27/2012 03:07:44 PM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 27 November 2012 - 06:06 PM

Hi Tony,

Thanks for figuring that out. Please do this for me.


===================================================


Registry Fix

-------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.

    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\]
    "DeskHtmlVersion"=dword:00000000
    
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Was the registry fix successful?
  • Were you able to boot to the normal desktop?
  • Please describe in detail the state of your computer.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 TonyCman

TonyCman
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 28 November 2012 - 11:38 AM

Hi Gary

The registry fix seems to have been successful and I can now boot into normal desktop!

As for the state of the computer it is still not right - some programs have just disappeared or simply won't start. For example I can start notepad by hitting the windows button + r and the typing 'notepad' but if I try to open it via the Start/All programs?Accessories?Notepad route, I get an error message saing 'Windows cannot access the specified device, path or file' etc.

Other than that it seems to be working quite well, not sluggish or doing anything out of the ordinary apart from the programs not working properly or at all.

I still can't use System Restore and get the message reading 'System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again.'

I looked in 'Services.MSC' and System Restore is showing as 'Automatic' but not started

Do you think it is going to be possible to somehow retrieve the lost data from the software/programs that were on his machine before this happened or is it too early to say?

Thanks again for your help so far

TC

Edited by TonyCman, 28 November 2012 - 11:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users