Help: Several problems I believed caused by an infection long ago

[Dr Jay]

1. Right-click the My Computer icon on the Desktop and click Properties.
2. Click the Performance tab.
3. Click the File System button.
4. Click the Troubleshooting tab.
5. Remove the check mark next to Disable System Restore.
6. Click OK.
7. Click Yes when prompted to restart.


Then, please try the process above again.

[SkaterGirl91]

Sorry, but I don't see a Performance tab..  I see General, Computer Name, Hardware, Advanced, Automatic Updates, Remote? I'm right clicking My Computer, than properties than I'm missing something?

[Dr Jay]

1. Right-click the My Computer icon on the Desktop and click Properties.
2. On the System Restore tab, uncheck Disable System Restore.

See if that helps

[SkaterGirl91]

There isn't a system restore tab, I'm logged in as an Administrator. I don't know why its not there?

[Dr Jay]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:filefind
rstrui.exe


• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[SkaterGirl91]

ok, here it is.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:43 on 11/06/2010 by Rachell (Administrator - Elevation successful)

========== filefind ==========

Searching for "rstrui.exe"
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe   --a--c 380416 bytes   [08:02 16/10/2008]   [19:00 04/08/2004] 4375CD59161C0A033DF68D9510D1F8CF
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe   --a--c 380416 bytes   [17:31 29/08/2008]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\dllcache\rstrui.exe   --a--c 380416 bytes   [19:01 07/08/2004]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\Restore\rstrui.exe   --a--- 380416 bytes   [19:01 07/08/2004]   [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD

-=End Of File=-

[Dr Jay]

Please open Notepad and enter in the following:

Windows Registry Editor Version 5.00

[HKLM\Software\Policies\Microso­ft\Windows NT\SystemRestore]
"DisableSR"=-

Then, click File > Save as...
Save as enableSR.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on enableSR.reg.


Then, restart your computer.

Then, look in the System Properties window again for the System Restore tab.

[SkaterGirl91]

Sorry for just now writing back, long weekend... I did what you said and it asked if I wanted to add it to my registry I said yes and it said it had. I restarted and still no system restore tab. Also I get the same message still if I try to open System restore.

[Dr Jay]

We Need to Diagnose a Possible Problem with WGA

• Please download MGADiag and save it to your desktop.
  
• Double click the icon on your desktop.
  
• Push
  
• Push
  
• Go to Start -> Run and type in "Notepad"
• Go to Edit -> Paste in notepad.
• x out all of the numbers and letters in the line beginning with "Windows Product Key:"
• Copy and paste that log here.

[/list]

[SkaterGirl91]

Ok, here it is

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-XXXXX-XXXXX-XXXXX
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 76477-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-1273659944-3790613762-3211983470</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>PL382AA-ABA A706N</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.11</Version><SMBIOSVersion major="2" minor="3"/><Date>20040902000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>21DD39AF0184205F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>Pavilion</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>606A581CC1FD930</Val><Hash>FEOgdhbkAmkHjihJ9UWrNxearM4=</Hash><Pid>70141-152-3817414-56318</Pid><PidType>10</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 106DD:Compaq Computer Corporation|106DD:Compaq Computer Corporation|106DD:Hewlett-Packard Company|10859:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION

OEM Activation 2.0 Data-->
N/A

[Dr Jay]

-Click Start, and then click My Computer.
-On the Tools menu, click Folder Options.
-On the View tab, click Show hidden files and folders.
-Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
-Clear the Use simple file sharing (Recommended) check box.
-Click OK.
-Right-click the System Volume Information folder in the root folder, and then click Properties.
-Click the Security tab.
-Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.

-Then, navigate to C:\SystemVolumeInformation right click on it, and click on Rename.

-Rename it to SystemVolumeBAK

-Restart your computer.

Tell me if you can see the Restore tab.

[SkaterGirl91]

Ok, Can you explain ''-Right-click the System Volume Information folder in the root folder'' I don't know where/what those are exactly? Sorry when I got to that step I was unsure of what to do. I did the first stuff already though. Clicked Show hidden files and folders already, Hide protected operating system files (Recommended) was already unchecked and there is no Use simple file sharing (Recommended) check box.

[Dr Jay]

c:\SystemVolumeInformation

[SkaterGirl91]

It's not there and if I try to RUN it says Windows can not find 'c:\SystemVolumeInformation'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search. 

[Dr Jay]

Do you have a Windows XP CD??

We need to do a system in-place upgrade, which is a data-safe process to fully repair Windows.


However, if you do not feel comfortable with this, there are alternative routes to be able to take to backup your system configuration, like ERUNT program.