Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win 7 unable to use or create restore point after fbi virus

19 Jul 2013   #11
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Please download MGADiag and save it to your desktop.

Double click icon on your desktop.

Click on the button

Click on the button

Paste the log inside the box . Highlight all of the text then code wrap by pressing on the # icon on the top .


My System SpecsSystem Spec
.
19 Jul 2013   #12
cottonball

Windows 7 Home Premium
 
 

johndd,

Please do not run the following fixlist:
Post #10: Win 7 unable to use or create restore point after fbi virus
This matter requires further research by VistaKing.

The above stems from the following entry showing in your FRST report:
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

There are Rootkit infections that turn off the driver integrity check by adding an entry to the Boot Configuration Data (BCD).

Please check on the following:
At the bottom right of the Desktop, does it say something like: "Test Mode, Windows 7, Build XXXX" ?

(X=number)


Edit:

As confirmed by VistaKing, there is no Rootkit driver present.

No "Test Mode, Windows 7, Build 7601" notice is present on the screen.

The entry: "testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!" appears to be a leftover from an infection, and needs removed from the BCD.

Proceed with the previous fixlist (Post #10) only after removing all illegal software and/or tools from the computer.

Let's hope the few unsigned drivers are not essential for booting...
My System SpecsSystem Spec
20 Jul 2013   #13
johndd

Windows 7 Ultimate 32 bit
 
 

Nothing on the bottom right.
My System SpecsSystem Spec
.

20 Jul 2013   #14
johndd

Windows 7 Ultimate 32 bit
 
 

Here is the fss file.


Attached Files
File Type: txt FSS.txt (648 Bytes, 4 views)
My System SpecsSystem Spec
20 Jul 2013   #15
johndd

Windows 7 Ultimate 32 bit
 
 

Here is the adw cleaner file. TDSSKiller reported no issues. Tried creating restore point got-Access Denied: (0x80070005).


Attached Files
File Type: txt AdwCleaner[S1].txt (305 Bytes, 4 views)
File Type: txt AdwCleaner[S2].txt (7.5 KB, 3 views)
My System SpecsSystem Spec
20 Jul 2013   #16
johndd

Windows 7 Ultimate 32 bit
 
 

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85614
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {C3464DE8-0B31-4A58-A2B1-76D58C38084E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130505-1534
TTS Error: T:20111207202007485-
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C3464DE8-0B31-4A58-A2B1-76D58C38084E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85614</PID><PIDType>5</PIDType><SID>S-1-5-21-2326662721-1753859907-3392161002</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-78LMT-S2P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>FB</Version><SMBIOSVersion major="2" minor="4"/><Date>20111017000000.000000+000</Date></BIOS><HWID>6CFB3D07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>B10K   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: U1BMRwEAAAAAAQAABAAAAEsQAAAAAAAAYWECAEj9FbNc9I+FR7XMAROJf9ybj7SsIEe8hMh9DOFKXc0xX1zar0ij2yw5TuEWOxCEM7UuNpzkgJsgBYnlgWOpCrmWo1Nepzt5+XJuKTMzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH/7uI1FTTozdREdrmsoB/1FYOzmhKxZJ+6Fp571HxQiozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:4:2012 05:36
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAIAAAABAAAAAQABAAEAeqhguP4LEDNU8uCoGIhOms5wrsD0AbjpFA8=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            GBT           GBTUACPI
  FACP            GBT           GBTUACPI
  HPET            GBT           GBTUACPI
  MCFG            GBT           GBTUACPI
  MSDM            GBT           GBTUACPI
  TAMG            GBT           GBT   B0
  SSDT            AMD           POWERNOW
  SLIC            DELL          B10K
My System SpecsSystem Spec
20 Jul 2013   #17
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Code:
File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Install this update, then create a new MGADIAG report and post it in your next reply.
My System SpecsSystem Spec
20 Jul 2013   #18
johndd

Windows 7 Ultimate 32 bit
 
 

Already installed update.
My System SpecsSystem Spec
20 Jul 2013   #19
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

My System SpecsSystem Spec
20 Jul 2013   #20
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Remove the software that you installed with the KeyGen . If you want further help .
My System SpecsSystem Spec
Reply

 Win 7 unable to use or create restore point after fbi virus




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Restore Point - Add "Create Restore Point" to Context Menu in Windows
How to Add "Create Restore Point" to Context Menu in XP, Vista, Windows 7, and Windows 8 This tutorial will show you how to add "Create Restore Point" to the desktop and folder window context menu in XP, Vista, Windows 7, and Windows 8. You must be signed in as an administrator to be able to...
Tutorials
Unable to create system image or restore point
I currently can't make a system image or restore point. The error I receive for the system image attempt is: The backup failed. Windows Backup timed-out before the shared protection point was created. (0x80780021) Additional Information: The creation of a shadow copy has timed out. ...
Backup and Restore
Long application installs, unable to create a restore point
Hi; My problem is that installing software or running Windows Update takes loads of time (6 minutes longer than usual) while the system otherwise appears to run quickly. Running Win7x64 and Security Essentials. Upon troubleshooting, I found that my computer cannot make System Restore...
Backup and Restore
Unable to Create Restore Point - Access is Denied
Running Windows 7 Ultimate 64-bit and I cannot create a restore point. I've been trying to figure it out for about a month with no success! Create Restore Point is definitely enabled for my C drive. I ran an elevated cmd prompt to reset all permissions to default using the following command:...
Backup and Restore
Help! Unable to Create Restore Point
I am getting this error on trying to create a restore point: 0x80042308 "The specified object was not found" No old RPs are available either. I've tried: Turning off and on System Protection, restarting VSS, all to no avail. Event log error: "The shadow copies of volume C: were aborted...
Backup and Restore
If you create a new restore point, is virus/malware still present?
I've been trying to get rid of some kind of redireect malware using search and destroy, malwarebytes, and a few others. I think its under control, then this morning I downloaded PC Wizard, started to run it and it froze at 60%. decided to uninstall, wouldn't, error message saying files are corrupt...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:23.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App