Jump to content


Photo
- - - - -

System Restore is blank page

system restore blank page

  • This topic is locked This topic is locked
38 replies to this topic

#21 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 January 2013 - 10:34 AM

Just so you know, I did not ask nor did I intend for you to do any IRC.

I cannot help you much on notifications, beyond what I said before.

Let me know How that system is now ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#22 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 12 January 2013 - 03:57 PM

While you are in Control Panel >> Add-or-remove programs
also uninstall the following obsolete & insecure apps
Java 6 Update 26
Java 7 Update 4

Coupon Printer for Windows <--- is questionable

BTW, Fixpolicies is not a cure-all & was not intended as a total fix. The utility is only a partial fix to restore some abilities that malwares obstruct.

There will be much, much more to follow.
Confirm for me after you have removed Bittorrent.

After you have completed the above items..... then do the following.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

This is a report only. It is not a cure-all. There will be more to do later.


I removed the two outdated Java updates (6 & 7), then downloaded and ran the FSS.exe file, and here's the report:

Farbar Service Scanner Version: 05-01-2013
Ran by HP_Administrator (administrator) on 12-01-2013 at 15:54:23
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(6) IPSec(4) kltdi(10) NetBT(5) PSched(7) Tcpip(3)
0x0900000008000000040000000100000002000000030000000A000000050000000600000007000000

**** End of log ****

#23 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 12 January 2013 - 04:03 PM

Checkmark the box (line) Auto follow topics I reply to
and select immediate notification (IIRC)

also on the topic itself, make sure you are subscribed.

That is about all you can do.

Just so you know, I did not ask nor did I intend for you to do any IRC.

I cannot help you much on notifications, beyond what I said before.

Let me know How that system is now ?


Maurice,

Sorry for any miscommunication; however, you'll see in your response that you instruct me to "Checkmark the box (line) Auto follow topics I reply to
and select immediate notification (IIRC)", along with "make sure you are subscribed", and if you'll notice my screen image for Notification Options, there isn't an "Immediate (IIRC)" option to select, just "Immediate"; therefore, I had assumed (and you and I know what "assume" means!) that there must be such an option such as "Immediate (IIRC)", but that it won't show unless I'm "subscribed" as you instructed. Anyway, just to let you know, I still am not getting any notifications to my email at all.

#24 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 January 2013 - 04:20 PM

A) when replying, please do not use the Quote button --- unless there's a critically important bit.
b) I meant immediate notfication via forum generating -email - to you

IIRC was my way of saying, If I Remember Correctly

c) Let's forget that.

Use Start >> Run

type in
services.msc

and press Enter to get into Services console.

Review closely. Look for System Restore service and make sure it is NOT "disabled".

NEXT
Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:

    Posted Image
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:

    Posted Image

  • Next, go to the Start Repairs tab and click the Start button.

    Posted Image
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    Posted Image
  • Click on the box next to the Restart System when Finished. Then click on Start.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#25 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 12 January 2013 - 09:04 PM

Maurice,

Although I had previously checked services.msc, I did it again and it shows System Restore is “Starte” and “Automatic”. A huge “bone of contention” I have with most freeware download sites is the fact that when directed to them, such as the Windows Repair, the website is filled with “misleading” download buttons that is so frustrating! It was a feat just to download Windows Repair from the majorgeeks.com site! Then, after it installs the program, it informs me that “v1.9.5 is available” and states that I should use the latest version, and asks if I want to install it, which I click “Yes”. Well, guess what? Instead of installing, or upgrading, the latest version, it redirects me to the very same exact download button I just used! So, I just stuck with what I got. Sorry, had to get that off of my chest!

It instructed to reboot her computer to run “Step 2”, and then instructed to reboot after running “Step 3”, which I did. I then clicked the “Start Repair”, which prompted me for creating a System Restore Point and to back up the registry, and asked me if I wanted to do both, and I clicked “Yes”, and it did both before starting the repair (great thing, since the whole point of this issue is that I can’t create a System Restore Point!).

Now, after a lengthy time to complete the registry backup, I clicked on the “Start” button, where the window opens displaying all of the “Repair Options”. In your post, you stated to make sure that “ONLY items seen in the image below are ticked as indicated (they’re all checked by default)”; however, in your image the “Reset File Permissions” is checked, but the default for v1.9.4 has that option as unchecked. I went ahead and checked it. Additionally, I had to uncheck the following items to match your settings:

· Repair MDAC/MS Jet

· Repair Hosts File

· Repair Icons

· Repair CD/DVD Missing/Not Working

· Repair Volume Shadow Copy Service

· Repair File Associations (see comment below)*

· Repair Windows Safe Mode (see comment below)*

* Now, in this version of Window Repair, it doesn’t have the “Repair .lnk (Shortcuts) File Associations”, but has an expandable “Repair File Associations” that expands to show another dozen check boxes. Since you show the “Repair .lnk (Shortcuts) File Associations” as unchecked, I unchecked this one, which unchecked all dozen boxes. Also, this version has a “Repair Windows Safe Mode”, which I also unchecked (see image below):

Posted Image

Another thing about this version, unlike your image, this one has in bold red letters the statement “Disable your Antivirus......”, which I did prior to clicking the “Start” button.

After the reboot, I tried to access System Restore, but still can’t. Waiting for your response.

#26 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 January 2013 - 10:52 AM

Let's go back to insure there's no malwares.
RKILL is a straight-forward tool. Please run it.
It is not an all-inclusive tool, but good to run.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Step 2
Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Full Scan. Posted Image

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.
Tell me, How is the system ?

Re-enable your antivirus program.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#27 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 15 January 2013 - 05:26 PM

She uses a current up-to-date paid subscription of Kaspersky Internet Security 2013 for her anti-virus, which ran a full scan just 24 hours ago.


Step 2
Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Full Scan. Posted Image

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.
Tell me, How is the system ?

Re-enable your antivirus program.


Maurice,

Just checking what you wanted me to do next on my relative's computer (I plan on visiting tomorrow), and I noticed your instructions above. She does NOT have MBAM installed, just Kaspersky Internet Security 2013.

#28 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 16 January 2013 - 10:55 AM

<soapbox> Can you please not always use Quote'd sections when they are not really needed?

As long as it is for personal use, you may get the MBAM setup and then run it to install.
I'd suggest in this case, that you un-check {decline} the Trial option.
Get mbam setup from here
http://download.blee...1.70.0.1100.exe

You need to turn off K.I.S. before running a scan with MBAM.
When done turn K.I.S. back on
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#29 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 16 January 2013 - 01:22 PM

Maurice,

Here's the
Rkill.txt:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 01/16/2013 01:19:35 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\WINDOWS\system32\HPZipm12.exe (PID: 1680) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/10/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 01/16/2013 01:20:51 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)

#30 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 16 January 2013 - 04:00 PM

Here's the MBAM log.txt file:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.16.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-55E5F9E3D2 [administrator]
Protection: Enabled
1/16/2013 1:49:59 PM
mbam-log-2013-01-16 (13-49-59).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372242
Time elapsed: 1 hour(s), 49 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#31 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 17 January 2013 - 09:44 AM

The MBAM scan result is good.
Can your friend start a full scan with the installed Antivirus and tell us the result?

Is there still an anomoly with System Restore?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#32 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 17 January 2013 - 01:38 PM

As of 8:00 pm last night, system restore page still comes up blank. I'll see if they can start another scan, but at the very beginning of this issue, I had informed you that it had just finished a complete scan less than 23 hrs prior to my post and found nothing.

#33 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 17 January 2013 - 02:03 PM

Have you checked in MSCONFIG to insure System Restore service is Checked

and in SERVICES.MSC
that System Restore service is -not-disabled ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#34 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 17 January 2013 - 04:11 PM

Have you checked in MSCONFIG to insure System Restore service is Checked

and in SERVICES.MSC
that System Restore service is -not-disabled ?


Yes, you and I have already checked that, too, and all is well with that.

#35 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 January 2013 - 10:55 AM

It would appear this system (somewhat like your other) does not have a malware infection issue.
Let's take a look at the system event log. It "may" shed some light "if" a service is at issue.

download VEW by Vino Rosso and save it to your desktop >> from here <<.

Double click on VEW.exe to start the program.

In the Select log to query section, check (tick):
  • Application
  • System
In the Select type to list section, check:
  • Critical (not XP)
  • Error
  • Information
  • Warning
In the Number or date of events section, check:
Number of events... then enter 20 in the entry box beside it.

Press the Run button.
A Notepad report will open when done, please Copy >Paste the contents of this report.
It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#36 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 23 January 2013 - 12:46 PM

Good afternoon Maurice! Here's the report from Vino's Event Viewer:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 23/01/2013 12:45:34 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/01/2013 1:22:34 PM
Type: error Category: 0
Event: 7 Source: WindowsLiveMessenger
The event description cannot be found.
Log: 'Application' Date/Time: 30/12/2012 8:16:40 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 26/12/2012 11:14:43 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 25/12/2012 10:57:12 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 10.0.0.1270, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 25/12/2012 10:57:11 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 10.0.0.1270, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 25/12/2012 10:54:14 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 24/12/2012 7:57:48 AM
Type: error Category: 12
Event: 447 Source: ESENT
wlcomm (2156) A bad page link (error -338) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 42) of database C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{194429b2-6c9e-4cdf-9622-c3776354b2ea}\DBStore\contacts.edb (42 => 323, 324).
Log: 'Application' Date/Time: 22/12/2012 10:28:58 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 10.0.0.1270, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 22/12/2012 10:21:15 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application chrome.exe, version 23.0.1271.97, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 20/12/2012 5:04:39 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 19/12/2012 12:07:30 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application avp.exe, version 13.0.1.4210, faulting module avzkrnl.dll, version 4.39.0.6, fault address 0x001ae112.
Log: 'Application' Date/Time: 19/12/2012 7:13:04 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting module yahoomessenger.exe, version 10.0.0.1270, fault address 0x000482e8.
Log: 'Application' Date/Time: 17/12/2012 8:03:55 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module skypeieplugin.dll, version 6.5.0.11422, fault address 0x00012c87.
Log: 'Application' Date/Time: 10/12/2012 9:15:01 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 09/12/2012 2:32:11 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -1988463584.
Log: 'Application' Date/Time: 09/12/2012 2:31:20 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00012440.
Log: 'Application' Date/Time: 27/11/2012 9:53:09 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1895706856.
Log: 'Application' Date/Time: 27/11/2012 9:53:02 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1895706856.
Log: 'Application' Date/Time: 27/11/2012 9:52:48 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 10.0.0.1270, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 27/11/2012 9:52:31 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 10.0.0.1270, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/01/2013 10:23:26 AM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.
Log: 'Application' Date/Time: 23/01/2013 10:23:25 AM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.
Log: 'Application' Date/Time: 23/01/2013 10:22:25 AM
Type: information Category: 1
Event: 100 Source: SkypeUpdate
Service started.
Log: 'Application' Date/Time: 23/01/2013 10:02:04 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 23/01/2013 10:02:01 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 23/01/2013 10:01:53 AM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.
Log: 'Application' Date/Time: 23/01/2013 10:01:52 AM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.
Log: 'Application' Date/Time: 23/01/2013 9:59:53 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.
Log: 'Application' Date/Time: 23/01/2013 9:59:52 AM
Type: information Category: 1
Event: 100 Source: SkypeUpdate
Service started.
Log: 'Application' Date/Time: 23/01/2013 9:59:48 AM
Type: information Category: 0
Event: 4 Source: LightScribeService
The LightScribe Service started successfully.
Log: 'Application' Date/Time: 23/01/2013 9:59:48 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 6:02:03 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 6:02:00 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 1:02:06 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 1:02:01 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 8:11:31 AM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.
Log: 'Application' Date/Time: 22/01/2013 8:11:30 AM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.
Log: 'Application' Date/Time: 22/01/2013 8:10:30 AM
Type: information Category: 1
Event: 100 Source: SkypeUpdate
Service started.
Log: 'Application' Date/Time: 22/01/2013 8:02:04 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
Log: 'Application' Date/Time: 22/01/2013 8:02:01 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2013 9:14:45 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 16/01/2013 6:37:57 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 16/01/2013 6:37:57 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 16/01/2013 6:32:15 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 16/01/2013 6:32:14 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 13/01/2013 9:30:45 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 12/01/2013 8:31:49 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 12/01/2013 8:31:49 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 10/01/2013 1:54:11 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 09/01/2013 9:03:10 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 09/01/2013 12:35:56 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 09/01/2013 12:35:55 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Log: 'Application' Date/Time: 08/01/2013 5:25:40 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 08/01/2013 5:25:40 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 08/01/2013 2:28:59 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Log: 'Application' Date/Time: 08/01/2013 2:26:06 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 02/01/2013 10:17:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/12/2012 10:24:35 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-55E5F9E3D2\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/12/2012 10:24:34 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Log: 'Application' Date/Time: 22/12/2012 9:18:51 PM
Type: warning Category: 52
Event: 4354 Source: EventSystem
The COM+ Event System failed to fire the StopScreenSaver method on subscription {3C1BF16A-73ED-4F5A-88B7-C5B44EB45973}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010100.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/01/2013 1:19:39 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 12/01/2013 7:19:02 PM
Type: error Category: 0
Event: 25 Source: VolSnap
The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
Log: 'System' Date/Time: 12/01/2013 7:18:55 PM
Type: error Category: 0
Event: 10 Source: VolSnap
The shadow copy of volume C: took too long to install.
Log: 'System' Date/Time: 12/01/2013 7:14:14 PM
Type: error Category: 0
Event: 12 Source: VolSnap
The shadow copy of volume C: became low on diff area space before it was properly installed.
Log: 'System' Date/Time: 08/01/2013 5:06:26 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 08/01/2013 2:38:52 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Log: 'System' Date/Time: 08/01/2013 2:37:25 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
Log: 'System' Date/Time: 08/01/2013 2:37:23 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Log: 'System' Date/Time: 08/01/2013 2:36:13 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KLIF kltdi kneps MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Log: 'System' Date/Time: 08/01/2013 2:36:13 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
Log: 'System' Date/Time: 08/01/2013 2:36:13 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
Log: 'System' Date/Time: 08/01/2013 2:36:13 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
Log: 'System' Date/Time: 08/01/2013 2:36:13 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
Log: 'System' Date/Time: 08/01/2013 2:35:35 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Log: 'System' Date/Time: 08/01/2013 1:13:53 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Log: 'System' Date/Time: 08/01/2013 1:13:30 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Log: 'System' Date/Time: 08/01/2013 1:12:37 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Log: 'System' Date/Time: 08/01/2013 1:12:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
Log: 'System' Date/Time: 08/01/2013 1:12:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Log: 'System' Date/Time: 08/01/2013 1:11:46 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/01/2013 12:34:28 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The MBAMSwissArmy service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 12:06:01 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 12:06:01 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 23/01/2013 12:06:01 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 23/01/2013 11:06:02 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 23/01/2013 11:06:02 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 11:06:01 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:23:26 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Skype Updater service entered the stopped state.
Log: 'System' Date/Time: 23/01/2013 10:22:25 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Skype Updater service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:22:25 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Skype Updater service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 10:20:59 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The HTTP SSL service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:20:58 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The HTTP SSL service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 10:20:50 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.
Log: 'System' Date/Time: 23/01/2013 10:20:43 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:20:42 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 10:20:39 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery Service service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:20:39 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SSDP Discovery Service service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 10:18:48 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Fast User Switching Compatibility service was successfully sent a start control.
Log: 'System' Date/Time: 23/01/2013 10:18:48 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Fast User Switching Compatibility service entered the running state.
Log: 'System' Date/Time: 23/01/2013 10:14:55 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/01/2013 7:48:46 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 22/01/2013 7:18:30 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 21/01/2013 8:42:30 PM
Type: warning Category: 0
Event: 240 Source: Win32k
A request to suspend power was denied by winlogon.exe.
Log: 'System' Date/Time: 12/01/2013 6:25:07 PM
Type: warning Category: 0
Event: 10 Source: W32Time
The time provider 'NtpClient' returned an error when asked for time samples. The error will be ignored. The error was: The handle is invalid. (0x80070006)
Log: 'System' Date/Time: 12/01/2013 6:13:37 PM
Type: warning Category: 0
Event: 7 Source: W32Time
The time provider 'NtpClient' returned an error while updating its configuration. The error will be ignored. The error was: Catastrophic failure (0x8000FFFF)

#37 chopperbob

chopperbob

    New Member

  • Members
  • Pip
  • 45 posts
  • Gender:Male

Posted 23 January 2013 - 05:35 PM

That's when I noticed that the System Retore screen would come up as a blank white screen. I googled the problem and I've done the following things to try to resolve the issue:

  • Attempted to start system restore in Safe Mode
  • Attempted to start system restore in Safe Mode with Command Prompt Option by typing %systemroot%\system32\restore\rstrui.exe in command window
  • Went to http://bertk.mvps.or...ml/tips.html#21 and followed all their suggestion, which were to install/activate by typing the following in the Start>Run window:
    regsvr32 jscript
    regsvr32 vbscript
    regsvr32 /i mshtml
  • Created a new registry file called KB909889.reg per Microsoft Support and ran it

Maurice, since I'm at my relative's house for several hours, I googled this issue and found some other examples that were successfully resolved, so am annotating those here for your knowledge, as well as other's who have this same issue, as one of these solutions might work for them! UNFORTUNATELY, none of them worked for me!!!

First off, I googled "system restore blank page", and after dismissing the dozen or so articles I had previously read prior to even posting this issue here, I came across http://www.computing...age/129223.html, where she posted:

gizzysmom March 3, 2005 at 15:58:10 Pacific
Specs: xp pro, p4 2.4 GHz 1 BG RAM


I could not access my IncrediMail with out turning off Norton firewall. This worked fine last night. I have Norton Internet Security . I tried some of the Norton fixes and then uninstalled the whole Norton Internet Security. When I go to start, search, files or folders I get a blank page, it has the little dog wagging his tail but that’s all. When I go to System Restore the Page is also blank.

Her issue was solved by HiJinx, who's solution was to fix a damaged Windows Script:

HiJinx March 3, 2005 at 16:55:15 Pacific

Reply: #6


That can happen if your scripting gets messed up. Try the link below...
Windows Script 5.6 for Windows 2000 and XP

Unfortunately, HiJinx's hyperlink no longer works, so I googled "windows script for xp sp3", and selected the very first posting http://answers.micro...b2-d2f0a3a57cd6 , which implied that a damaged Windows Script can cause several pages to be blank (to include System Restore):

KevinD872 asked on
February 1, 2010

Repair Windows Script Host (WSH/scripting) in XP SP3? (Need a true guru!)

I believe I may have a corrupted Windows Script Host installation, but I am not 100% sure. I'll try to provide as many details as possible. I try to keep my computer running smoothly and can usually fix most problems but this one is driving me nuts!

So anyway, I really suspect that something is corrupted. Whether it be files or keys in the registry I don't know. If I knew which registry keys are related to WSH and all of the files that are related, perhaps I could get this straightened out by comparing to another XP computer I have. It could be a corrupt IE installation, but I tried rolling back to IE6 and back again to IE8 so it seems unlikely. Also, other than the minor Pogo problem mentioned above, I don't have problems on websites. It seems to be related to the local scripting host (as opposed to server-side scripts on websites). Incidentally Pogo works on all of my other computers (running identicle service packs & updates) and it does work on this computer but only in Mozilla Firefox (which from what I understand uses its own scripting host rather than WSH).

I have looked on Microsoft's site and have seen downloads for Windows Script 5.7 (I think it was 5.7) but when I try to install it says that my service pack is higher than what it wants to install so it aborts. I have found articles on the Microsoft website that mention fixing or repairing WSH but they are for older OSs. I cannot find any way to repair my WSH installation on XP SP3 nor any advice on doing so manually.

The suggested solution that worked for KevinD872 was the following:

Click Start, Run. Type the following command one by one, and press enter after each command. **NOTE down the output message and include them along with your reply.

regsvr32.exe jscript.dll
regsvr32.exe vbscript.dll
regsvr32.exe wshom.ocx
regsvr32.exe msxml3.dll
regsvr32.exe -i shell32.dll
regsvr32.exe OLEAUT32.DLL

Restart Windows


As you know, I've already done the first two, so I did the rest, but it did not work.....

Now, I did find the "Windows Script Download and Repair Page at http://www.macropool.../scripting.html and followed its example of checking what version of vbscript.dll is on this computer, and it is newer than v. 5.7:

Posted Image

Anyway, I then googled "windows xp sp3 system restore blank" and went to http://www.computing...-oo/192537.html, where the poster's issue was solved by Chuck 2 when he suggested the following link http://support.micro...om/?kbid=831430 for Microsoft's solution:

SYMPTOMS
You may experience one of the following symptoms:

  • When you try to view any one of the following dialog boxes, the dialog box may appear to be empty or partly empty:
    • Search Companion
    • User Accounts
    • Windows Update
    • Help and Support
    • System Restore
  • When you try to start Microsoft Windows Media Player, you may receive an "An internal application error has occurred" (or a similar) error message.
  • Internet Explorer may not be able to print. When you click File, and then click Print, the Print dialog box does not appear. The print preview is blank.
CAUSE


This issue may occur if one or more of the Jscript registry key settings are incorrect. This issue may also occur if the Jscript.dll file is missing or damaged.

RESOLUTION


To resolve this issue, use the following methods in the order in which they are presented.
Method 1: Reregister Jscript.dll

  • Click Start, and then click Run.
  • In the Open box, type regsvr32 jscript.dll, and then click OK.
  • Click OK.
If the file does not register as expected, or if you receive an error message, the system file may be missing or damaged. To extract the missing file in Windows XP, follow these steps:
  • Click Start, and then click Run.
  • In the Open box, type msconfig, and then click OK.
  • Click Expand File.
  • In the File to restore box, type the name of the file that you want to restore.
  • In the Restore from box, type the path of the Windows XP .cab file where you want to restore the file, or click Browse From to locate the Windows XP .cab file.

    Note The Windows XP .cab files are stored in the I386 folder on the Windows XP CD.
  • In the Save file in box, type the path where you want to extract the new file, or click Browse To to locate the folder that you want.
  • Click Expand.
  • In the System Configuration Utility dialog box, click OK. If you are prompted to restart the computer, click Restart.
Open a dialog box that previously experienced the issue that is described in the "Symptoms" section of this article. If the issue recurs, go to the next method.
Method 2: Edit the registry
To do this, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
(http://support.micro....com/kb/322756/ )How to back up and restore the registry in Windows
  • Click Start, and then click Run.
  • In the Open box, type regedit, and then click OK.
  • Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 The (Default) value data should contain the following value:
    C:\WINDOWS\SYSTEM32\JSCRIPT.DLL If it does not, double-click Default, type C:\WINDOWS\SYSTEM32\JSCRIPT.DLL in the Value data box, and then click OK.
  • The ThreadingModel value data should contain the following value:
    Both If it does not, double-click ThreadingModel, and then type Both in the Value data box.
  • Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
  • Repeat steps 3 and 4 to edit this key, and then go to step 7.
  • Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
  • Repeat steps 3 and 4 to edit this key, and then go to step 9.
  • Exit Registry Editor.
Properties

Article ID: 831430 - Last Review: February 28, 2008 - Revision: 5.3

APPLIES TO
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

Since I had previously done "Method 1", I skipped to "Method 2", and the following photos show that all three (3) registries were correct:

Posted Image


Posted Image

Posted Image

Maurice, the result of my efforts today may assist others in solving a blank System Restore page, but I'm still unable to get it fixed, thus far.

#38 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 January 2013 - 10:34 AM

I appreciate the information.

You may want to consider reviewing and following this
HOW TO Rebuild the Window Management Instrumentation Repository (WinXP & Vista)
http://windowsxp.mvp...g/repairwmi.htm

I do not believe that the root-issue here is malware, so eventually need to refer you elsewhere and to close this thread.

You have seen Bert Kinney's website, a good reference.
If the SR issue is still unresolved, you may use the MS Technet forum or the PC Help forum here.

Use OTC to cleanup the tools used on this system:
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

IF we di not cover Java & Adobe Reader before this ......
Older versions of Java pose a security risk.
And if you do not need Java for the programs that you use, keep Java off your system .
How to disable Java in various browsers : http://blog.eset.com...r-way-to-browse
Also see No, Seriously, Just Disable Java in Your Browser Right Now

If you do need Java on your system, see Oracle releases new Java update to close security holes

Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe Reader.
Get latest Adobe Reader version
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#39 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 January 2013 - 10:52 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





Also tagged with one or more of these keywords: system restore, blank page

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users