Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restore Points deleted RIGHT after creation


  • Please log in to reply
7 replies to this topic

#1 lemarche

lemarche

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 15 September 2016 - 12:49 PM

Hi,

 

I hesitated between posting this under the "Virus" section or the "Windows 7" section. However, since I do not have, as of yet, any hard proof that I have a virus, I am posting this here.

 

I run Windows 7 SP1. System Restore (SR) used to work (I last had a need for it and used it successfully in May 2014...) but it doesn't anymore, as I unexpectedly discovered recently when needing it (chkdsk in the end did the trick).

 

Main symptom that makes me lean towards a virus:

- while I create the Restore Point (RP), I keep my Windows Explorer opened on the "System Volume Information" folder; once I get the message that the RP has been created successfully, I then see indeed that a file name that looks like this: {7e5f39d9- etc etc} is created, only to then very quickly disappear;

 

Other symptom:

- when running the computer in Safe Mode, the "System Protection" option disappears (but is visible in Normal Mode), so I can not test RP creation in Safe Mode.

 

I have tried a couple of the "usual" fixes that I have encountered on forums when RP are being deleted (usually at reboot, unlike my case):

- switch off SR -> reboot computer -> switch back on

- switch off SR -> reboot computer In Safe Mode -> run MalwareBytes (3 BUP found and deleted, to no avail)

- increase disk space for RP (to 5GB)

 

None worked...

 

Any help appreciated !!!



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:28 AM

Posted 15 September 2016 - 01:27 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course): p22004369.gif

     Now, at the top, click File > Publish Snapshot. You will see the following prompt:

p22004371.gif

     Click Yes > then Copy to Clipboard

p22004372.gif

Now, once you are back in the forum topic you are posting in, click the p22004370.gif button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

 

Louis



#3 lemarche

lemarche
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 September 2016 - 07:50 AM

Hi Louis,

 

Thanks. It seems the log's in Spanish (as is my Event Viewer; have checked on Google, and am not sure how to change this, but I can translate any part needed). Lots of App. events with "Volume Shadow copy Service" VSS (7/10), which I believe is used for RPs.. (was still trying yesterday), hum...

 

Am running a clean boot in Normal Mode at the moment (did not help either for RP creation).

 

http://speccy.piriform.com/results/6zIDTktpo5ynUrIDsEXqtev

 

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2016 06:47:55 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {b6ef6f68-966e-4a6d-998b-6fd6803c744f}

Error: (09/15/2016 06:45:37 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {b6ef6f68-966e-4a6d-998b-6fd6803c744f}

Error: (09/15/2016 06:27:08 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {7586a083-2735-4b2b-9af2-0dda4d59e9bc}

Error: (09/15/2016 06:09:27 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {fa4a16f6-85af-4727-8233-87ddfe4cb5f1}

Error: (09/15/2016 05:44:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1 (0x1) : Función incorrecta.
.
Error: (09/15/2016 05:42:28 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

Error: (09/15/2016 05:37:56 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

Error: (09/15/2016 05:36:57 PM) (Source: Application Error) (User: )
Description: Windows no puede tener acceso al archivo C:\Windows\System32\ExplorerFrame.dll por alguna de las siguientes razones:
Hay un problema con la conexión de red, con el disco donde se almacena este archivo o con los controladores de almacenamiento instalados en este equipo; o bien no se encuentra el disco. Windows cerró el programa Explorador de Windows por este error.
Programa: Explorador de Windows
Archivo: C:\Windows\System32\ExplorerFrame.dll
El valor del error se muestra en la sección Datos adicionales.
Acción del usuario
1. Abra el archivo de nuevo.
Podría ser sólo un problema temporal que se corrige al ejecutar el programa de nuevo.
2. Si todavía no se puede tener acceso al archivo y
    - Está en la red, el administrador de red debe comprobar que no exista ningún problema con la red y que es posible ponerse en contacto con el servidor.
    - Está en un disco extraíble, como un disquete o un CD-ROM, compruebe que el disco esté insertado en el equipo.
3. Compruebe y repare el sistema de archivos ejecutando CHKDSK. Para ejecutar CHKDSK, haga clic en Inicio y después en Ejecutar; escriba CMD y después haga clic en Aceptar. En el símbolo del sistema, escriba CHKDSK /F y después presione Entrar.
4. Si el problema continúa, restaure el archivo a partir de una copia de seguridad.
5. Compruebe si se pueden abrir otros archivos en el mismo disco. Si no se pueden abrir, el disco podría estar dañado. Si se trata de un disco duro, póngase en contacto con el administrador o con el fabricante del hardware del equipo para obtener ayuda adicional.
Datos adicionales
Valor del error:C0000010
Tipo de disco: 3

Error: (09/15/2016 05:36:57 PM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7a144
Nombre del módulo con errores: EXPLORERFRAME.dll, versión: 6.1.7601.18952, marca de tiempo: 0x55c39ff9
Código de excepción: 0xc0000006
Desplazamiento de errores: 0x000000000006b260
Id. del proceso con errores: 0x198
Hora de inicio de la aplicación con errores: 0xexplorer.exe0
Ruta de acceso de la aplicación con errores: explorer.exe1
Ruta de acceso del módulo con errores: explorer.exe2
Id. del informe: explorer.exe3

Error: (09/15/2016 05:35:54 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

System errors:
=============
Error: (09/16/2016 10:23:48 AM) (Source: Service Control Manager) (User: )
Description: El servicio Avast Antivirus terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Error: (09/16/2016 09:21:31 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/16/2016 09:21:31 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/15/2016 06:55:09 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/15/2016 06:50:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/15/2016 06:50:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2016 06:50:04 PM) (Source: Service Control Manager) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (09/15/2016 06:50:01 PM) (Source: BugCheck) (User: )
Description: 0x0000007a (0xfffff8a00e328b40, 0xffffffffc0000010, 0x000000002f4bc860, 0xfffff9600019fe0c)C:\Windows\MEMORY.DMP091516-19624-01

Error: (09/15/2016 06:49:59 PM) (Source: EventLog) (User: )
Description: El cierre anterior del sistema a las 18:48:35 del ‎15/‎09/‎2016 resultó inesperado.

Error: (09/15/2016 06:46:57 PM) (Source: Service Control Manager) (User: )
Description: El servicio Avast Antivirus terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Microsoft Office Sessions:
=========================
Error: (09/15/2016 06:47:55 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {b6ef6f68-966e-4a6d-998b-6fd6803c744f}

Error: (09/15/2016 06:45:37 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {b6ef6f68-966e-4a6d-998b-6fd6803c744f}

Error: (09/15/2016 06:27:08 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {7586a083-2735-4b2b-9af2-0dda4d59e9bc}

Error: (09/15/2016 06:09:27 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {fa4a16f6-85af-4727-8233-87ddfe4cb5f1}

Error: (09/15/2016 05:44:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 1 (0x1)Función incorrecta.

Error: (09/15/2016 05:42:28 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

Error: (09/15/2016 05:37:56 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

Error: (09/15/2016 05:36:57 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\ExplorerFrame.dllExplorador de WindowsC00000103

Error: (09/15/2016 05:36:57 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175144ce7a144EXPLORERFRAME.dll6.1.7601.1895255c39ff9c0000006000000000006b26019801d20f66 72f61e5dC:\Windows\explorer.exeC:\Windows\system32\EXPLORERFRAME.dll3c2086e7-7b5a-11e6-9209-00269e56c076

Error: (09/15/2016 05:35:54 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1734236084-967193707-3296087266-1000.bak)0x80070539, La estructura del identificador de seguridad no es válida.
Operación:
   Evento OnIdentify
   Recopilando datos del escritor
Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {a6e64102-b283-413c-90b9-2f121458033d}

=========================== Installed Programs ============================
Activar Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.9.19.1 - AOL LLC)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{EFAE7CBC-804C-6E01-ABD2-EB2127C23D4E}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
ccc-core-static (HKLM-x32\...\{CC54CE76-5569-9EDE-CB2C-A115430E8688}) (Version: 2009.0729.2227.38498 - Nombre de su organización) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Controladores para el combo multimedia (HKLM-x32\...\{3ACB102C-C4D0-4AD9-BD41-623B0C858F0A}) (Version: 2.0 - Author) Hidden
Controladores para el combo multimedia (HKLM-x32\...\InstallShield_{3ACB102C-C4D0-4AD9-BD41-623B0C858F0A}) (Version: 2.0 - Author)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDFab 9.0.7.2 (18/10/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMATPrep (HKLM-x32\...\GMATPrep 2.1.277) (Version: 2.1.277 - Graduate Management Admission Council (GMAC))
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
Herramientas de Diagnóstico de Hardware (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
HHD Software Free Hex Editor Neo 4.97 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 4.97.2.3667 - HHD Software, Ltd.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1903 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.2.143 - IObit)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
MakeMKV v1.9.9 (HKLM-x32\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MetaTrader 4 at FOREX.com (HKLM-x32\...\MetaTrader 4 at FOREX.com) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 5 - ActivTrades (HKLM\...\MetaTrader 5 - ActivTrades) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Spanish) (HKLM-x32\...\{95120000-00AF-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 fr)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NinjaTrader 7 (HKLM-x32\...\{3C76A500-2852-4848-9555-1DB015ABD439}) (Version: 7.0.1010 - NinjaTrader)
Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
ProRealTime (HKCU\...\ProRealTime_is1) (Version: 1.3 - IT-Finance)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (HKLM-x32\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
Screensaver_allinone_HP (HKLM-x32\...\Screensaver_allinone_HP) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
System Care Antivirus (HKCU\...\System Care Antivirus) (Version:  - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
TOEFL Sample Questions (HKLM-x32\...\{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}) (Version: 4.00.0000 - ETS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VitalSource Bookshelf (HKLM-x32\...\{EC1F49BC-8C71-484C-B2D6-DDDA10AC9999}) (Version: 5.04.0014 - Nombre de su organización)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebEx Event Manager for Firefox or Chrome  (HKLM-x32\...\{28BB80B5-091A-4F7B-862A-74F980DB848F}) (Version: 6.29.3202 - Cisco WebEx LLC)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

========================= Memory info: ===================================
Percentage of memory in use: 88%
Total physical RAM: 1790.43 MB
Available physical RAM: 208.95 MB
Total Virtual: 3580.86 MB
Available Virtual: 1456.83 MB

========================= Partitions: =====================================
1 Drive c: (HP) (Fixed) (Total:285.1 GB) (Free:139.65 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.9 GB) (Free:2.3 GB) NTFS

========================= Users: ========================================
Cuentas de usuario de \\CARREFOUR-PC

Administrador            carrefour                Invitado                 
Se ha completado el comando correctamente.


**** End of log ****


Edited by hamluis, 16 September 2016 - 09:32 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:28 AM

Posted 16 September 2016 - 09:38 AM

Your SR problems are related to the VSS errors reflected in Event Viewer.

 

Take a look at System Restore Points Deleted.

 

Louis



#5 lemarche

lemarche
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 September 2016 - 11:06 AM

As mentioned in the Original Post, I did try this solution, maybe I was not clear enough: "- increase disk space for RP (to 5GB)".

 

However, my problem is slightly different since RP are not deleted at reboot, but RIGHT after I create them...

 

Also, another (linked?) problem is that I can't access the "System Protection" tab from Safe Mode to test RP creation in that mode.

 

(Just to be on the safe side, did try again for the Nth time, increasing disk space in Normal Mode - to 4%, 11GB - but again, RP got deleted RIGHT after getting the pop up that the RP had been created successfully).



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:28 AM

Posted 16 September 2016 - 11:29 AM

Open the Advance Boot Options and select Last Known Good Configuration.

 

abow7_zpsc072f26e.png 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 lemarche

lemarche
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 September 2016 - 11:34 AM

Thanks.

I did try that too but at the moment I have 0 RP available:

 

- they are deleted as I create them;

- and ALL "previous" RPs have been deleted too (by malicious software? Don't know..). I should also have mentioned this in the OP.



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:28 AM

Posted 16 September 2016 - 11:40 AM

Thanks.

I did try that too but at the moment I have 0 RP available:

You don't need a restore point to use the Last Known Good Configuration.

 

Start the computer and immediately start tapping the F8 key until the Advanced Boot Options open.

 

Use the up or down keys to navigate to Last known Good Configurations.  Press Enter to select it.

 

boot%20options_zpsp8hbwrvt.png


Edited by dc3, 16 September 2016 - 11:42 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users