Trying to help a friend

[FD]

I edited my post as you replied.  Please have a look at the edit, and if needed I'll try and follow your directions later on tonight or at some point tomorrow.

Thanks!
FD

[1972vet]

It's possible, but if it were, there should be something in your event viewer that indicates a problem there. Take a look...if nothing there, then I'd certainly consider malware.

[FD]

There is an 8206 error in the event log, I Googled it and it seems to be somewhat common.  I tried going into Safe Mode for the restore and struck out.

[1972vet]

If I knew the event source as well as the error code, I could look into it too. The error code by itself though, tells me nothing.

[FD]

Is there something I can do to tell you the event source?

[1972vet]

Yeah lol...tell me what it is. You must have looked it up from some text in the error message but the error itself, in the event viewer, can be double-clicked. When you do, a box opens that shows you the event ID number and the event source.

[FD]

I'm learning, as you can tell.  I'll have to do it later on tonight or first thing in the morning and will post back what I find.  Thanks for your time and patience hopefully we can get to the bottom of this.

FD

[FD]

Hopefully this will shed some light.

Log Name:      Application
Source:        System Restore
Date:          4/30/2012 6:43:36 PM
Event ID:      8206
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FD-PC
Description:
The restore point selected was damaged or deleted during the restore (test).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="System Restore" />
    <EventID Qualifiers="0">8206</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-30T22:43:36.000000000Z" />
    <EventRecordID>2052</EventRecordID>
    <Channel>Application</Channel>
    <Computer>FD-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>test</Data>
    <Binary>00000000AE0800009408000000000000CBC8392507000000000000000000000000000000</Binary>
  </EventData>
</Event>


Another
-------------------------------------------------------------------------------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-Search
Date:          4/30/2012 6:21:47 PM
Event ID:      9000
Task Category: Gatherer
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FD-PC
Description:
The Windows Search Service cannot open the Jet property store.

Details:
   0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
    <EventID Qualifiers="49152">9000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>3</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-30T22:21:47.000000000Z" />
    <EventRecordID>1680</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>FD-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ExtraInfo">

Details:
   0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
</Data>
  </EventData>
</Event>

[Hoov]

Go to a command prompt and type in vssadmin list shadows and see if there are any restore points that windows see's

[FD]

A black box quickly comes up and in a blink of an eye it disappears.

[FD]

I'll check back in the morning.  Thanks for the help.  Hopefully I'll get this sorted out.

FD

[Hoov]

You are running it from the run command? Go to the start button then all programs, accessories and then command prompt. Then type the command in the command prompt.

[FD]

Here is what I have.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\FD>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.

Contents of shadow copy set ID: {5655851b-c1fa-4113-bf5d-6dab05d76ff5}
   Contained 1 shadow copies at creation time: 1/5/2012 6:29:30 PM
      Shadow Copy ID: {130a7467-8bbb-4a9e-b5e1-c1e250dd08ac}
         Original Volume: (E:)\\?\Volume{624098ca-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: DataVolumeRollback
         Attributes: Persistent, No auto release, No writers, Differential

Contents of shadow copy set ID: {bddf4f47-0af3-44c6-85e6-708696979d97}
   Contained 1 shadow copies at creation time: 2/16/2012 5:32:44 PM
      Shadow Copy ID: {59739257-5b02-461f-9297-5af611f38fc9}
         Original Volume: (E:)\\?\Volume{624098ca-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: DataVolumeRollback
         Attributes: Persistent, No auto release, No writers, Differential

Contents of shadow copy set ID: {9ac6527d-c4a3-468a-9f83-892324e01c15}
   Contained 2 shadow copies at creation time: 4/30/2012 7:15:29 AM
      Shadow Copy ID: {689dc74f-43d9-4b2d-9889-71949d92b914}
         Original Volume: (C:)\\?\Volume{624098c8-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ClientAccessibleWriters
         Attributes: Persistent, Client-accessible, No auto release, Differentia
l, Auto recovered

Contents of shadow copy set ID: {a3606bc2-7428-4d6a-a4d8-83e88e361c61}
   Contained 1 shadow copies at creation time: 4/30/2012 6:33:18 PM
      Shadow Copy ID: {dd496387-cc49-4d4d-b0c9-38023a63e77c}
         Original Volume: (C:)\\?\Volume{624098c8-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ClientAccessibleWriters
         Attributes: Persistent, Client-accessible, No auto release, Differentia
l, Auto recovered

Contents of shadow copy set ID: {1e1684f3-a430-40c2-8c3f-a5c0e190d317}
   Contained 1 shadow copies at creation time: 4/30/2012 6:41:14 PM
      Shadow Copy ID: {95d50e61-f978-45de-81d5-e9efeb358c20}
         Original Volume: (C:)\\?\Volume{624098c8-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ClientAccessibleWriters
         Attributes: Persistent, Client-accessible, No auto release, Differentia
l, Auto recovered

Contents of shadow copy set ID: {149b47ab-5d53-4836-9e1c-b4230d660608}
   Contained 1 shadow copies at creation time: 4/30/2012 6:41:58 PM
      Shadow Copy ID: {32ecb49d-9226-49e1-93e0-ef59898a9edd}
         Original Volume: (C:)\\?\Volume{624098c8-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ClientAccessibleWriters
         Attributes: Persistent, Client-accessible, No auto release, Differentia
l, Auto recovered

Contents of shadow copy set ID: {cd82f499-1ee5-41a0-a080-32d91826d4f7}
   Contained 1 shadow copies at creation time: 5/1/2012 6:39:08 AM
      Shadow Copy ID: {a6458a13-ca03-4cd0-8a4f-ddb240ff570b}
         Original Volume: (C:)\\?\Volume{624098c8-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ClientAccessibleWriters
         Attributes: Persistent, Client-accessible, No auto release, Differentia
l, Auto recovered

Contents of shadow copy set ID: {93c871f7-8d83-4314-bf21-d134db1aac54}
   Contained 1 shadow copies at creation time: 4/29/2012 12:27:03 PM
      Shadow Copy ID: {b8e1d713-1555-4d47-8819-92103ea57249}
         Original Volume: (F:)\\?\Volume{624098cb-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: DataVolumeRollback
         Attributes: Persistent, No auto release, No writers, Differential

Contents of shadow copy set ID: {98e44713-428c-42bd-9f1a-9a076753ba9a}
   Contained 1 shadow copies at creation time: 4/29/2012 9:48:55 PM
      Shadow Copy ID: {6699cb5a-532e-4727-9714-c26b72d75792}
         Original Volume: (F:)\\?\Volume{624098cb-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: DataVolumeRollback
         Attributes: Persistent, No auto release, No writers, Differential

Contents of shadow copy set ID: {215ea163-1f63-4900-aef4-5cbde3629219}
   Contained 1 shadow copies at creation time: 4/30/2012 7:19:41 AM
      Shadow Copy ID: {869cdd57-8d36-462d-a153-06a205a54665}
         Original Volume: (F:)\\?\Volume{624098cb-2790-11e1-90e8-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11
         Originating Machine: FD-PC
         Service Machine: FD-PC
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: DataVolumeRollback
         Attributes: Persistent, No auto release, No writers, Differential


C:\Users\FD>

[Hoov]

Well it appears you have valid restore points.  Not sure why you are getting the error. Unless you have something that is blocking registry changes.

[FD]

It is very frustrating.      I have nearly identical software in my XP machine and can do a system restore from a restore point with no issues.