I found out that I need to turn off Norton Product Tampering Protection before trying a System Restore then turn it back on  afterwards.

ps. I couldn't find the Edit Button to edit my previous Post (which is why I'm replying to my own Post)

You can only edit your posts during a period of 1 hour after posting in order to reduce the danger of people replying before an edit and having the reply misleading ....

Glad you resolved the problelm.

Hi - I was trying to run the Norton 360 Registry Cleanup: Unable to take required system restore point, error 2147212300 - had it set to run with the other tasks, but after reading up I'm thinking I need more "repair" than "cleanup" - various problems since upgrading to Norton 360 v5, and especially since Norton removed Fake Cloud AV2012. Printer spool isn't running - UsB ports are disabled (device mgr reports - Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) - my question is, should I try a specific solution for all, or run fixes specifically for each problem - I've already downloaded several tools and fixed the exe file association problem with exe file association fix - also have Regwork and SpeedyPC Repair Took,  Speedmax PC, and a few others. Bookmarked instructions - since I still have no printer. Also have Norton blocking access to svchost.exe (which I think was part of the virus removal, which probably used the service) -

My question is, which first? - repair the registry with Regwork? - scan for a deeper virus? I think the Vista Home Security 2012 fake is gone now - only evidence of malware is that Windows isn't blocking popups for some reason.

Thanks for the information about the Norton Registry Cleanup tool - I was wary of it - seems there are no restore points except one I set up myself in safe mode when I started having all these issues, so a system restore wouldn't do much good.

Upstatebohdi,

I would not attempt to repair your registry, if it needs repair, after running a registry cleaner by running other software that claims to repair or do anything to your registry.

See what others suggest but if you can access and back up your personal data files and have the media to install any applications you have added to your computer since new then I would do a restore to factory condition either using the All Programs menu entry for this -- eg Recovery Manager on HP?Compaq -- or the recovery media you made when you got the computer.

It would help to tell what version of Windows you are using including Service Packs and whether 32 bit or 64 bit as well as the make and model of your computer (we may be able to check to see if you can run the Windows Repair function which might restore some of the functions you mention without destroying your personal stuff.

Hi - I have an Acer Aspire - running Windows Vista Home Premium SP2 - 32 bit. When I got the computer about 4 years ago, I had an issue with the printer, and got kind of testy with the Acer CS when he wanted me to restore to original settings and wipe out my data - I had no backup disks, and had them mail them to me. This is much more serious, but I'm still hoping to avoid "the nuclear option". If I have to do that, I'm wondering if an upgrade to Windows 7 might be the way to go. I maintain websites, so I have a lot of software on my machine that I'd have to dig up licenses for, etc. It took me a month to get it configured the way I want it. I am in the process of doing a long overdue backup, though.

I've found tools to fix the print spool, svchost.exe, and broken registry keys - and probably should remove Norton 360 and reinstall, but I think it's probably wise to make sure there are no more fake security infections hiding on my hard drive. I also think it disabled pop-up blockers, which are set, but not functioning - especially in IE - oh, and Firefox just opens in the background with no GUI displaying - have reinstalled it twice.

Since Norton appears to have removed files and stopped the "Vista Home Security 2012" infection, it may be a matter of just fixing what was locked up. I'm no techie, though, and don't really know what I'm looking at when I open regedit (which I couldn't do last week) Also, Windows Security Center is turned off completely - so it's all on Norton. Are any of these tools reliable?

Regwork

PC RepairTool

SpeedyMaxPC

SpeedyPC Pro

For sure, though - data backup first. It fits on 2 DVD's, and that drive is working fine. No sense in backing up full system in this condition. Maybe run MalwareBytes or follow Quads procedure - which I never got to, since Norton belatedly updated phishing protection and removed the virus automatically. Just need advice on the next step (after backup) - Thanks so much

As I said before, I would not run any "tools" to try to fix whatever is not right unless you can identify the exact problem and then if it's too difficult to correct manually and say Microsoft has a FixIt too, as they do for many things that go wrong, then follow their specific procedure.

But shotgunning with unknown tools to cure unknown problems is not a good idea, especially since you seem to have reached a level where you have identified what needs to be fixed.

Quads is always reliable so you may want to see if he has any updated advice given where you are at now.

BTW I just did a Google on    [ system restore point, error 2147212300 ]  and among the top of the listings is a link to this thread here on Norton:

http://community.norton.com/t5/Norton-360/Registry-Cleanup-Error/m-p/236215#M32787 

and if you read on down to the solution it came from having had another security application installed (and probably not removing it cleanly).

Have you had any other security application on this computer prior to installing N 360 and if so what was it and how did you remove it? Practically every specific make of security application has special tools you can download to remove and clean up in addition to the Windows Uninstall so that nothing is left to interfere with other subsequent installations.

Can you give me a model number or other ID for your Acer Aspire ... iis it a notebook, a netbook or ????

My Acer is an AST 180 desktop. I did have NIS 2011 installed, but used the removal tool before I installed 360 v5 (cheaper to buy new than renew subscription). I have noticed some "Access blocked" logs in the Norton Security History for Acer Empowering Technology - which I thought I'd disabled in the startup batch a while back. Other common blocked app is Google updater (for the toolbar?). Didn't have any issues until about a month after I installed Norton 360, but that may be a coincidence. Another possibility is that I uninstalled AdAware - which I just wasn't using anymore. Maybe a utility is still running from it?

I don't think the registry fix is the problem, though. I didn't turn it on until after I started having problems. Didn't want to just let it remove registry entries automatically (as you advise with the other tools). I did see something in security history about locked registry keys - don't know if the fake AV did that, or Norton did to block the virus.

I've identified several areas that if fixed I could live with this (so far) - print spooler, svchost.exe and USB drivers - which do load in Safe Mode, for some reason - I was able to download photos from my camera that way, but not in normal Windows mode - again, the drivers for USB ports and card reader - also, the printer is on a USB port (my cat chewed through the LPT cable) I am able to make a restore point manually, but when I look there are none there - which is why I think the registy fix in Norton isn't working - created one on installation, I imagine.

I should look more in the MS knowlege base - at least for the print spooler and Windows Host Service. I'm hoping they may have patches for those. I did check the file integrity of svchost.exe with a DOS command I found here - it says it's OK, but it's always using a lot of resources and crashing. Also submitted it to Symantec, and they replied that it's "not a Symantec issue" - I just am wondering why it's sometimes access blocked by Norton. Maybe that happens if the Host Services uses too much resources?

Do you think upgrading to Windows 7 might be a solution, or bad idea on an unstable system? Can't really afford it, but I never did like Vista anyway.

I checked out the Acer support site for that model and there's a lot of stuff there including file downloads if you need to replace stuff.

In the Support Documents there is a FAQ on eRecovery, the recovery function on board which begins:

In the eRecovery Management program you have the option to restore your computer. Clicking restore will present you with 3 options.

The first option is Completely Restore System to Factory Defaults, which will completely erase your computer and reinstall Windows returning it to the same state it was when you turned your computer on for the first time.

The second option is Restore Operating System and Retain User Data, which is essentially the same process but the information stored in your user account folder will be saved. Acer still recommends backing up all other data if you choose to use this option.

The third option, Reinstall Drivers or Applications, is discussed in further detail below.

So if you still have access to the eRecovery Management program you would seem to have the facility to do a Windows repair and not destroy your data.

NewEgg has a more detailed spec than I could find at Acer and the spec looks suitable for Windows 7 if you get the 32 bit version to avoid complications with older software and hardware and because Acer do not show any of the supporting files in higher than VISTA versions which should work OK under Windows 7 32 bit but I see they have a tool you can download to check the hardware suitability or VISTA 64 bit and you could run that but I suspect you do not gain any benefit from Winows 7 64 bit since your RAM is very limited.

But I see Acer say:

Memory: 256MB DDR2 533/667/800 SDRAM expandable to 4GB  

so you could pull the installed RAM and replace it with 4 GB which from Crucial should not be expensive. However for some reason they only offer a 2GB KIT of 2 x 1GB strips so 2 GB might be the practical limit and you would certainly see the difference -- in fact if you get your VISTA operational I would consider spending the $32 to do that.

Crucial do offer a 2 x 2GB kit of the same specification for $56 so you could check with them as to why they don't offer it for the Aspire T180. Maybe because they tend to be 32 bit and that won't use the full 4GB but only about 3.5GB but I don't mind "wasting" that little bit since it's cheaper that way.

See what you think.

But I'd really try to get your VISTA sorted out first since upgrading to Windows 7 can be an on top of upgrade that retains your installed applications and personal files and it is never wise to do that on top of something faulty.

You did better than I with Acer - I found it hard to get beyond a generic full default restore - have the disks, but unfortunately I can't just access the Windows files without starting a system restore. They have proprietary Acer software that is conflicting with Norton 360, BTW - most "Blocked Access" events are Acer Empowering Technology. But I will take a look and see what I can find. I have had 4 GB RAM since a few weeks after I bought the computer. Vista is a huge resource hog (am using 47% right now) - and I think they know what they're doing when they put inadequate RAM in a computer. Had a hell of a time finding compatible sticks, too.

Thanks for checking on that - I tried to run tools from the Windows troubleshooting site last night and got error messages. So I have about 5 articles open right now reading. I do have a Norton specific question - have been having trouble with Windows Host Services crashing (one of the first things that needs fixing). I got the following security log entry again today:

1/18/12 5:20 PM -

Unauthorized Access blocked (set regietry security key) (sic on regietry - that's how it's spelled)

Actor: C:\Windows\system32\svchost.exe Actor PID:856 Target: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDHRVX86\0000\Control\

Is the "set registry key" action something Norton took, or an instruction?

I use NewEgg a lot myself for electronics - have bought several DVD drives from them

Thanks much!

Hi UpstateBodhi,

The "Unauthorized Access Blocked" entry is a Norton Product Tamper Protection event.  Tamper Protection prevents any outside agent from accessing a Norton file or process.  Svchost.exe is often seen in these entries.  The registry key is one that Norton monitors and keeps from being modified.  The entry you report is pretty common and is probably just coincidental to any issue you may be having.

Got a blue screen for the first time today. Norton reported running the Optimize tool, and suggested running chkdsk - can't seem to do it on the C: partition, but the D: worked, no errors (all data there) Hasn't happened again, so far - still having problems with svchost crashes, though - especially when I open apps or IE. I'm wondering if changing permissions might help. I only have the one acct. - which is an administrator acct., but can't access a lot of things now. Set for "local" settings instead of "roaming" - I can't remember which is right.

I did back up my personal data, so I want to try a few things before I do a system restore. Seems like something is seriously conflicting with Norton 360?

Have you looked in Event Viewer to see what it reports about the occasions when there has been a crash?

Have you done a serious check for the quality of the disk as it is now? Every disk will fail.

If you look to see what make and model of hard drive it is go to the maker's website and look under Support / Downloads for tools that most of them have to analyse a drive for defects.

I did try chkdsk a couple of times, but the problem seems to be it's unable to "access the volume" - so Norton disk optimizer can't do the scan, and neither can Windows. I can look again at Acer. since I have the original HD from 4 years ago. A strong possibility, though, is ths new detection "TrojanZeroAccess" - they say it can set up it's own hidden sector, so that would be inaccessible (as the name Zero Access implies.

So I think step 1 is a serious virus hunt with NPE or Malwarebytes or the specific removal tool - if I can get rid of infections, and the hard drive is OK, I can see if I can repair the affected drivers, etc. Seems like it completely blocked Norton until it was finally picked up by Insight today. Just want the best options - so I'm asking whoever I can

Here is the latest sVchost event - crash logs are all pretty similar: I do notice that I get a high cpu usage alert before most svchost crashes - also fits with profile of viral activity - and some Norton history shows blocking that service

Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x34344a57, process id 0x185c, application start time 0x01ccd82869a2e698.

Another that may point to disk error:

Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS

I really can't help you further myself, especially if you think you might have something like a rootkit, but I'll ask other gurus if they can.

Did you look in Event Viewer?

yes - looked in the event viewer - posted one above - I posted a separate topic about the rootkit since I couldn't find one - the writeup I read said that it's spreading fast and will soon be issued as a high threat - seems to have locked out Norton as well as me

It is off by default and with good reason.

Be sure your System Restore is enabled; that is the only way to recover deleted registry entries.

My Registry cleanup is currently turned off. How do I turn back on?