try to restore system by clicking restart in ms-dos to run scanreg /restore but system stops
1. The article [Q183887] explains that when a computer is started successfully, the Windows Registry Checker tool (Scanreg.exe) creates a backup of system files and registry configuration information (including user account information, protocol bindings, software program settings, and user preferences) once daily. Files backed up include, System.dat, User.dat, System.ini, and Win.ini. To use the Windows Registry Checker tool with the /restore parameter, the tool must be run from a command prompt (booted to) outside of Windows, where one of up to five registry backup files may be chosen from the list to restore.
a. If invalid registry entries are detected, Windows automatically restores a previous day's backup, equivalent to running the scanreg /autorun command from a command prompt.
b. If no backups are available, Windows tries to make repairs to the registry, equivalent to running the scanreg /fix command from a command prompt.
2. System files for Win98 are backed up each new day for five consecutive days by default (set in the BackupDirectory key, SCANREG.INI file [Backup=1]), and stored in the \Sysbckup folder.
Note: The SCANREG.INI file may be editing in NotePad or WordPad to change the default number of cabinets saved to a smaller number, adding other files to be included, or changing the default save location to somewhere else when drive space is at a premium -- mine is located entirely on a separate drive. (Use Help Scanreg for further details). FWIW, I've added the following files:
a. Setting the Backup= line to 0 (zero) in the SCANREG.INI file will circumvent backups and is not recommended.
Caveat: "Registry Is Not Backed Up Automatically at Startup (Q198864)." Also, please read Q183603 listed in the supplemental references below.
b. The cabinets are named RB00x.CAB (where "x" is a number from 0 to 5). Next to each CAB file are the words Started or Not Started.
(1) Started means that the file has successfully started Windows, and is a known good file.
(2) Not Started means that the file has never been used to start Windows, so it is not a known good file.
c. Increasing the number of stored cabinets may be useful but be aware they require a lot of drive space. Even though stored in compressed form, each could still require between 700kb to a couple of megs or more.
Warning: When used, the Windows Registry Checker displays only the five oldest files regardless of the number set in the SCANREG.INI file and available in the backup folder. This does not mean to count the zero file and assume there are four others between it and five for a total of six, not true. You'll find only five files inside this folder. Look closely at the file dates and you'll find that perhaps #3 may be the older, or perhaps #1. The number in a cabinet file name does not denote which file is newest or oldest. Always look at the file dates when performing a restore.
Caveat: A user may find the presence of a Rbbad.cab file with a date stamp near the date Internet Explorer 5 or later was installed. The presence of this file simply means there was a setup problem with IE at the date of creation. IMHO, if everything is works properly now, delete this file. Otherwise, please read, "Blank Desktop or Illegal Operations Error Message After You Install Internet Explorer (Q249191)." Please note there may be other times when you will find the existence of an Rbbad.cab file.
3. To perform a PARTIAL restore of files contained in the compressed cabinets: (Windows must be running but if you're versed, it can be done at the MS-DOS prompt should Windows refuse to boot)
a. First, determine the appropriate cabinet to be used from the Sysbckup folder.
b. Second, right-click and select View from the context menu.
c. Right-click the file wanted and then select Extract from the resulting context menu, placing the file where it belongs. For instance. Located in the cabinets on my system, I have: Autoexec.bat, Config.sys, Msdos.sys, Scanreg.ini, System.dat, System.ini, User.dat, and Win.ini. Any of which I can simply extract and place at their default location.
d. Click the tiny x in the URHC of the current screen(s) to close - denoted in the color bar at the top.
4. The CabView file [for Windows 9x -- both for first and Second Edition (cabinet Win98_29.CAB)] allows users to view and extract files without having to use the Extract.exe program.
a. After installation CabView, contents can be viewed by double-clicking a cabinet file. A new window -- very similar to the Microsoft Windows Explorer window, appears listing the cabinet contents, and file(s) can be extracted as follows:
(1) Right-click the file wanted and click Extract in the dialog. In the Browse For Folder dialog box, click the folder where the files will go, and then click OK.
(2) Drag the file from the cabinet window to the desktop or to any specific folder.
b. To determine the CabView version installed:
(1) On the Start menu, point to Find, and then click Files Or Folders.
(2) In the Named box, type Cabview.dll. Then, click Find Now.
(3) Right-click the Cabview.dll, and on the shortcut menu, click Properties. Click the Version tab. The version and file size for the Cabview.dll file are listed in the "Microsoft DLL Help Database."
5. The article [Q184023] describes the command-line switches which can be used when either the MS-DOS version (Scanreg.exe) or the Windows version (Scanregw.exe) of the Registry Checker tool is run.
6. The article [Q186909] explains that when Windows starts, the Registry Checker tool may display the following message and can occur if there is defective memory that has damaged the registry in memory. If OK is clicked, the same message is received when Windows restarts:
Windows registry is damaged. Windows will restart and try to fix the problem.
Note: When this issue occurs, Scanregw.exe detects that the registry is damaged in memory and marks the registry as damaged so that the real-mode Scanreg.exe is run the next time the computer starts. This article describes two Methods to identify whether defective memory chips are possible the cause and should be used to help troubleshoot the problem.
7. Supplemental reading:
a. "Registry Backup Not Listed in Registry Checker Tool (Q182841)."
b. "How to Customize Registry Checker Tool Settings (Q183603)."
c. "Description of the Windows Registry Checker Tool (Scanreg.exe) (Q183887)."
d. "Command-Line Switches for the Registry Checker Tool (Q184023)."
e. "Error Message: Restore Operation Failed (Q22087."
f. "Scanreg.exe Does Not Back Up User.dat Files When Using User Profiles (Q245147)."
8. Please note, the following links are provided which pertain to the Windows Millennium Edition. Information contained in the above guidance may not otherwise match when troubleshooting:
a. "Error Message Occurs When Attempting to Use System Restore (Q261680)".
b. "System Restore Removes Files During a Restore Procedure (Q261716)".
c. "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder (Q263455)".
d. "Description of the System Restore Utility in Windows Millennium Edition (Q267951)".
e. "Error Message: System Restore Cannot Run Until You Restart the Computer (Q274092)".
f. "Computer May Not Restart After Unsuccessful System Restore with Drive Overlay Software Installed (Q274460)".
g. "Checkpoints That You Create After September 8, 2001 Do Not Restore Your Computer (Q290700)".
a. In addition to creating restore points before certain events, System Restore in WinME provides users with the ability to restore to other specific days and times. Automatic System CheckPoints are created for every 10 hours of computer up time but only after the computer has been idle for 2 minutes. If this criterion is not met, then a System CheckPoint will be created once every 24 hours after the system has been idle for 2 minutes.
b. The Restore Point and System CheckPoint files that are created under the above conditions are stored in compressed (.cab) format and are located in the _Restore folder (also known as the "Data Store") on the drive on which WinME is installed. The Data Store cannot be moved or modified. Each fixed disk on your computer will also contain a _Restore folder for indexing and monitoring purposes and each of these folders will contain a file called Srdiskid.dat.
used windows update recently and at some point did a virus check coming up with a trojan horse
WARNING: As always, make sure every utility you use is fully updated.
1. First, please read the article concerning "Unsolicited Commercial Software."
2. Second, perform as a minimum the first five items listed below.
Note: If you try using CWShredder, HijackThis, as well Spybot S&D, Ad-aware and several other anti-spyware utilities and a trojan is installed which prevents their running, download PepiMK's "CoolWWWSearch.SmartKiller" removal tool, uncompress the zip file and run the program.
b. 'Adaware." Your attention is invited to "Unable to Log On To Windows XP After Removing wsaupdater.exe."
c. "Spybot S&D."
Note: Should you perhaps receive a warning similarly labeled "DSO Exploit: Data source object exploit . ., please access the S&D site and read the information at this link.
d. "CWShredder" - 1 or "CWShredder" - 2.
Note: Posting a log concerning #f should only be at the direction of a forum moderator IMO. For your reading pleasure, "Hijack Removal", "Malware Removal", and the Viruses and Security Alerts Forum moderator's message concerning "HiJackThis log postings."
e. "McAfee AVERTStinger."
f. "Hijack This" - 1 or "Hijack This" - 2.
Note: Posting a log concerning #f should only be at the direction of a forum moderator IMO. For your reading pleasure, "Hijack Removal."
3. Please reply to our input that each and every one of the five were used and the result if you require further input.