Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to turn on System Restore


  • Please log in to reply
9 replies to this topic

#1 Zaxdad

Zaxdad

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:56 AM

Posted 09 August 2009 - 04:31 PM

I recently was assisted in removing malware/spyware from my computer. When I was instructed to turn off system restore and reset a new start point I found that System Restore was all ready Off and not monitoring and of my drives. I was unable to untick the box, receiving the following message:

"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

I restarted 3 times and still could not change the setting.

I launched Super Anti Spyware and tried to fix the issue through that program but it was unsuccessful.

I then checked services.msc to see if it was set to automatic, and it was. When I clicked start I received the following message:

"The System Restore Service service on local computer started and then stopped. Some services top automatically if they have no waork to do, for example, the Perfomance Logs and Alerts service"

I only have my original Win XP CD with no service packs. I have updated to SP3 via Windows Update.

I have 2 hard drives: 1st is 160gig with over 80% free (Drive C) 2nd is 40gig partitioned into 2 20gig sectors (D & E) D has 20% free and E has 50% free.

Any assitance with this issue would be appreciated. I hope I have included enough info to get started.

Zaxdad

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 09 August 2009 - 05:35 PM

Try running this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Zaxdad

Zaxdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:56 AM

Posted 10 August 2009 - 05:58 PM

Budapest, I have run the scan and the logs are below. I now do not have System Restore on a Tab in My Computer\properties. It is still in my start up menu and when I click it the following error is shown:

"System Restore is unable to protect your computer. Please restart your computer, and run System Restore again."

I have done this twice this message keeps occuring.

LOGS:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 08:39:02
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045

scanning hidden files ...

C:\WINDOWS\Temp\SEP5.tmp 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


SDFix: Version 1.240
Run by Stuart

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 08:39:02
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045

scanning hidden files ...

C:\WINDOWS\Temp\SEP5.tmp 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeTray.exe:*:Enabled:LifeTray.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Mon 4 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"

Finished!

Thanks Zaxdad

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 10 August 2009 - 06:00 PM

Run scans with AVG and Spybot and let us know if anything is found.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 joseibarra

joseibarra

  • Members
  • 1,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:09:56 PM

Posted 10 August 2009 - 06:44 PM

You have an XP installation CD? Wow! That's pretty good!

Running an up to date MBAM won't hurt either:

Malwarebytes (MBAM): http://malwarebytes.org/

If the scanning doesn't resolve the issue, I am thinking to reinstall SR by locating the sr.inf file, right clicking, Install. Should be in the c:\windows\inf folder or search for it.

You may be prompted for a couple files along the way on reinstalling SR, so locate them on your HDD with a Search window, fill in the proper location to satisfy the install and continue until completed.

This will delete any RPs but if SR is/was turned off/on, you don't have any RPs anyway.

What a good opportunity to create an XP installation CD with a slip streamed SP3 already on it. Stow your original for a rainy day.

There is a good BC tutorial on the process here:

http://www.bleepingcomputer.com/tutorials/slipstreaming-windows-xp-to-create-bootable-cd/

Worked first time for me :thumbsup:

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#6 Zaxdad

Zaxdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:56 AM

Posted 10 August 2009 - 07:04 PM

Budapest, I ran both scans and they were both clear.

Thanks

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 10 August 2009 - 07:08 PM

Try the fix at Kelly's Korner.

Restore/Enable System Restore - Undo - #278 on the left.

Right click on it and save the .reg file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Zaxdad

Zaxdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:56 AM

Posted 10 August 2009 - 07:44 PM

Budapest, my System Restore is now monitoring all my drives. Guess all I need to do is manually set a Restore Point and create a Win XP SP3 Slipstream Installation Disk as suggested by joseibarra.

Thanks for you help.

I do have one other issue regarding Win XP. Should I start a new post?

Zaxdad

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 10 August 2009 - 07:52 PM

If it is not related it is probably better to start a new topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 joseibarra

joseibarra

  • Members
  • 1,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:09:56 PM

Posted 11 August 2009 - 05:53 AM

Good job!

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users