Thread: master ide controller
View Single Post
  #6  
Old September 19th 04, 09:27 PM
Noel Paton
external usenet poster
  
Posts: n/a
Default
Annalee
Both those folders are perfectly normal
The one in the Windows\System branch is the active part of System Restore
The C:\_Restore folder is the archive folder for both System Restore and for
System File Protection.
DO NOT attempt to modify the files within either folder!!!

What is it that makes you think that the _restore folder is 'controlling'
your PC? - it's supposed to be rebuilt after resetting or disabling System
Restore - so as to keep System File Protection operating

The reason that System Restore never worked for you is almost certainly that
you never installed the 290700 patch for SR.....

Here's my standard post on the patch.

It's possible that you haven't installed the System Restore Patch - without
which any current restore points are just space fillers.
To check this, look for the file C:\Windows\System\SMGR.DLL - r-click on the
file, and select Properties.
What's the version number? - if it's v4.90.0.3003 then you have installed
the patch, and we have to look elsewhere for the problem
if it's v4.90.0.2533, then you need to install the patch.

To install the patch, either visit Windows Update, or go here, and download
the patch for offline install
http://support.microsoft.com/default...;en-us;Q290700
Run the installer, and windows should reset System Restore at the same time,
clearing your old restore points (which wouldn't have worked, anyhow), and
creating a single new one.
You should then reset the maximum allocation for SR by going to the
adjustment slider at System Properties | Performance | File System | Hard
Disk - most people find that 200-400MB is quite sufficient for most
purposes, unless installing/uninstalling large applications such as Office.


--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"annalee15" wrote in message
...
Hello Noel,

Sorry, but this is getting to me, I have disabled system restore once
again. It does not work either way, it never did work properly which was
why i installed go back.

What i found: I have two different system restore file folders on drive
c.
will list them both with files and programs in each listed . This first
one
is the one i believe is running and controlling computer. (it is the one
that was all hidden i managed to show files. folder still shows as hidden.
I
cannot delete any of the files in here access denied they are in use.

c:\_restore (1st five are folders)
archive
extract
logs
sfp
temp

files:
diskcfg.dat
dsinfo.dat
srdiskid
vxdmon.cfg
vxdmon.dat

second restore folder :

c:\windows\system (not hidden i can delete if i like)

cabbit.exe
datastor.ini
filelist.xml
rstrlfn.exe
rstrui.exe
srframe.mmf
statemgr.exe
stmgr.exe

What are my options? This computer is still under extended warranty, but I
know if i send it back to hp they are going to reformat anyway. Also I
was
told that if i do a regular reformat that I will not be able to use their
recovery disks? Is that true?
Debra

"Noel Paton" wrote in message
...
Annalee
No 'virus' in the System Restore archive can be active - so it cannot
affect your system. Look here for details....
http://support.microsoft.com/?scid=263455

The reason that the ultimateboot disk doesn't work is simple - you have
GoBack installed!! - it changes the MBR in such a way that neither the
conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the
drive
properly.
Look here for details...

http://service1.symantec.com/SUPPORT...sv=&os v_lvl=


Stinger is NOT an anti-virus program - it's a specific/targeted removal
tool, and needs to be manually replaced/updated before each use - it does
NOT sit in the background in the way that AV's do.

DO NOT attempt to modify any files within the SR archive - doing so will
certainly break SR until you manually reset it or clear the history!!!

PLEASE read what's written - either uninstall GoBack, or disable System
Restore. one or the other. Then post back

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"annalee15" wrote in message
...
Hi Noel,

thank you so much for the info, bookmarked the sites to check out when
i
have time. Here is what happened:

First off i cannot do a thing with my restore folder.

So I went further to the clear system restore and found out my ultimate
windows me boot up would not work, so i had no choice but to go and
create
one , booted up and tried to use the attrib command:

Drive c does not contain a valid fat or fat 32 partition. may need to
be
partioned. run fdisk from ms dos prompt (which i may end of having to
do
but do not want to do.) I would like to be sure of the trojan that
caused
this problem.

it went on to say "some viruses also cause drive c to not register.
which
i
am sure is what is happening here.

just for laughs I'm running stinger on it now but i know from past
experience it will not let any virus detection or scan register any
problems. and i saw for myself how it changed and renamed every file
in
restore.

Are you familiar with the revop trojan? this if i remember correctly
is
the
one that was in restore and i could not get rid of it. i have them all
written down on a paper . I looked this up to get info on it and could
not
find it listed anywhere as a trojan. different sites give different
names
to
them from what i understand.

i just tried once again to get into restore folder, unchecked hidden ,
then
hit reply and it will not let me change attributes. really
frustrating.
trying to bring to desktop and its saying dsinfo.dat in in use . since
i
ran the scan computer is busy at work (doing What?) not connected to
internet so not sending out info.

I wonder if it will even let me fdisk if I finally decide to give up
figuring this out?
Debra

"Noel Paton" wrote in message
...
Annalee
First, a word of warning - do NOT attempt to have System Restore and
GoBack
running at the same time!! They will conflict, and this can result in
them
both eating huge quantities of your HD space - with the possible
result
that
neither will actually work properly!

My recommendation would be to uninstall GoBack - it's a system hog -
then
make sure that System Restore is enabled and functioning properly.
(see
the
test procedure here -
http://www.btinternet.com/~winnoel/quiktipsr.htm)

then you need to ensure your PC is clean -
start with this procedure, and come back with the results.

download the Stinger from here and run it to make sure that
A-V-disabling
viruses are not present on your PC
http://download.nai.com/products/mca...rt/stinger.exe

- update your virus scanner and run a full system scan of all files.

Reboot to Safe Mode and run CWShredder - to remove variants of the
CoolWebSearch hijacker.
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool:
http://www.merijn.org/files/cwshredder.zip
http://www.merijn.org/files/CWShredder.exe
http://www.spywareinfo.com/downloads...CWShredder.exe
http://www.zerosrealm.com/downloads/CWShredder.zip

download AdAware from www.lavasoftusa.com, install, update, and run it
to
remove spyware, adware,
and other such nasties from your system.


--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to
NG's

"annalee15" wrote in message
...
My Windows Me computer was hit with trojans. Removed all but one.
It
ended
up turning restore system back on and putting itself in folder.
protected
all the files and using goback, it changed the master ide
controller.
It
also changed environments .

I tried to run hp recovery cd's and am told i have no hard drive or
loose
cables. I want to be able to reinstall operating system as it
renamed
all
the files in restore folder. i can use this computer but i have no
control
over it. Needless to say antivirus program will not work that was
first
program it took over, then zone alarm , and go back. I tried
deleting
the
vxd driver it has in there that is not signed by microsoft, and it
stopped
windows from loading in (stayed on splash screen). I had to use go
back
to
go back to prior setting.

go back of course will not work to go back to settings prior to the
master
ide controller change. I have tried to change thru device manager
and
it
tells me i have the best already installed.

any help other then a fdisk format greatly appreciated.
Debra