System Restore Is Missing?

bucks13

Member
Hi,
HP Desktop with Vista Home Premium x32 with a ton of available HDD space and 4Gb RAM.

Was about to install a piece of accounting software and wanted to do a restore point first. Clicked shortcut to System Restore and got the following error:
"Class not registered (0x80040154)" and that was it. Couldn't get to System Restore.

Rebooted.

Tried again, didn't work. Went to Backup and Restore center where we saw a message to the effect of "there are no restore points available on this machine". That makes no sense since we had auto restore points turned on and it would create them daily and then at each windows update (automatic).

Not sure how long ago this may have happened since it's been a little while since I went to install software and needed a restore point.

I tried going to Start-Computer-Properties-System Protection but it just brings up a System Properties dialog with 4 tabs: Computer Name, Hardware, Advanced, Remote.

If I'm not mistaken, that's not right.

If you need logs or anything like that to help me, please provide explicit directions for attaining them since I am not THAT proficient but I'm good at following instructions.

Thank you.

<<Incidentally, this machine did not come with any disks. It only has a partition installed by HP. There is no hope of getting actual Windows disks from HP or from MS - I've tried from both.>>
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Welcome
One of the first things that malware/virus will do is disable SR, to protect itself
Make a full and updated scan with your anti virus
Make a full and updated scan with malwarebytes, to start.

If clean
Go to services and make sure that volume shadow service is set to automatic

Many times your software for maintenance etc deltes the points. Such software is not needed with Vista. If you have such software, please disable.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Welcome
One of the first things that malware/virus will do is disable SR, to protect itself
Make a full and updated scan with your anti virus
Make a full and updated scan with malwarebytes, to start.

If clean
Go to services and make sure that volume shadow service is set to automatic

Many times your software for maintenance etc deltes the points. Such software is not needed with Vista. If you have such software, please disable.

Thanks. Installing Malwarebytes now. Will run and run AV.

I found Services and the only thing there like what you mentioned is: Volume Shadow Copy. The status column is blank and the startup type is Manual. Log On As column shows Local System.

I don't see a way to set the Volume Shadow Copy to automatic. I right clicked on it and clicked properties and everything is greyed out and there is no "set to automatic" button anyway.

There is no maintenance software installed on the machine.

Please let me know about the service and what I should do.
Thanks.

P.S.1 I just tried opening services using "run as admin" and it just ran it as normal. It did not ask for my admin pw.

P.S.2 I already had MWB on the machine but it was out of date and wouldn't update. I checked their site and they recommended uninstall/install so I downloaded an uninstall program for it but after reboot. It doesn't look like it uninstalled. Just tried running the uninstaller "as admin" and it did the same thing as above - didn't ask for admin pw and now after rebooting, I see it did not uninstall MWB.

Now what?
<update> Logged into admin user and was able to remove MWB. Now installing new version.

<update 2> Being actually logged into admin account (as opposed to trying to "run as admin") allowed me to get into services and turn Volume Shadow Copy to automatic and to restart it. I'm rebooting now to see if it stays that way. THEN I will install MWB.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
LOL, you have the right name for the service. Switch to automatic.
Try to uninstall using the free revo for 32 bit free trial for 64 bit.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Rebooted and volume shadow copy service has started automatically. So that's a positive.

MWB uninstalled and reinstalled and updated fine. Now running full scan.

It's so great that we have these terabyte drives now <said sarcastically> because it just didn't take long enough to scan gigabyte drives in the past. I have no idea how long it will take to scan these drives but I'm sure it will be ridiculous.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Im using 10% of a 550gig and it takes me an hour with Security Essentials and 45 minutes with malwarebytes.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Note:Some defraggers delete restore points as well.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
Im using 10% of a 550gig and it takes me an hour with Security Essentials and 45 minutes with malwarebytes.

Ugh. We have 300+gb on one drive and 200gb on the other.

A side question for you about the infectious nature of malware...

Let's say that after doing everything we need to do, we figure out that there is some type of malware on my Vista C drive. If I put another drive in the machine with a fresh install of Win7 for instance and then deactivated Vista on the C: but left it in the machine so that I could copy over files from the old infected drive onto the new one, would that be bad?

Can one work with a drive that has malware in a way that doesn't spread it? We have everything backed up via Carbonite but if I needed to download hundreds of gigs of files that way it wouldn't be good. I'd much rather move files over via copy/paste and avoid any infected files. Is that possible?

Thanks
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
In the case of Malware/Virus etc. Always do a clean install which includes format of the drive with the infected OS.

If you are 100% certain as to the date of the infection, you can do a system restore picking a date before the infection..

Many do not know this but a restore point is protected from change, after it was created.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
In the case of Malware/Virus etc. Always do a clean install which includes format of the drive with the infected OS.

My Win7 install is on a fresh new HDD, that's not the issue. I'm wondering if I can access the data on a drive (as a data drive, not an OS drive) if there is malware on the drive.


If you are 100% certain as to the date of the infection, you can do a system restore picking a date before the infection..

Many do not know this but a restore point is protected from change, after it was created.

Ummm...that would be a problem...see the title of this thread...I would LOVE to be able to use a restore point but it being broken is what got me here today in the first place.

I used to have a bunch of restore points on this machine and then all of a sudden, today, I can't access the System Restore function and when I look at backup/restore, it says there are no restore points. They were there the other day.

Interesting point about restore points being protected from change.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
You can transfer a virus if the object that you are accessing has the virus. This is not a common method, however. The virus writers are becoming better and better at what they do.
To protect yourself, you can download to a thumbdrive etc and test with www.virustotal.com.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Are any available in safe mode (press F8 on startup before Windows loads)
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
You can transfer a virus if the object that you are accessing has the virus. This is not a common method, however. The virus writers are becoming better and better at what they do.
To protect yourself, you can download to a thumbdrive etc and test with www.virustotal.com.

When you say "the object you are accessing", does "object" refer to hard drive (as in, the hard drive is infected), or does it refer to a file (as in, don't access a file that is infected)?

And when you say "you can download to a thumbdrive" do you mean download possibly infected files to a thumbdrive and then test them on there (I'm not following this) or do you mean to install virustotal.com onto the thumbdrive and test FROM there?

Thanks for clarifications.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Are any available in safe mode (press F8 on startup before Windows loads)

That is a great question. I did not think that was a possibility so I never checked. Malwarebytes is STILL running (pushing 4 hours now) and it's showing 2 infected files. It doesn't say what they are or what they're supposed to be infected with but I suppose I'll find out at some point.

I'll post the results here. Should I post the full text of the log that MWB generates after a scan?

Thanks
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Hello Bucks13, Richc46 and Ilikefree (glad to see you here, guys :))

Can you please run the file InfoSRP.vbs on your machine, Bucks13.
If restore points are present, they are written to InfoSRP.txt (this may take a while).

I hope this helps
Sweet
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5738G-644G32MN
    CPU
    Intel Core 2 Duo - clockspeed 2000 MHz
    Motherboard
    Acer JV50
    Memory
    RAM 4 GB - SO-DIMM DDR3
    Graphics Card(s)
    NVIDIA GeForce - G105M - 512 MB
    Screen Resolution
    1366 x 768 Pixels
    Hard Drives
    Hitachi HTS543232L9A300
    320 GB - Type SATA - Speed 5400 rpm
    Keyboard
    Azerty
    Mouse
    Logitech Wireless Mouse M505
    Internet Speed
    Currently 14.5 MB/Sec which means 1.8 MB/Sec effective
Hello Bucks13, Richc46 and Ilikefree (glad to see you here, guys :))

Can you please run the file InfoSRP.vbs on your machine, Bucks13.
If restore points are present, they are written to InfoSRP.txt (this may take a while).

I hope this helps
Sweet

Sweet, thank you very much for checking in. I think that while you were writing your message I must have been trying out ILIKEFREE's idea about looking for them in safe mode. I just logged in as admin after booting to safe mode. I ran the system restore function and though it took a little while to start (it always has on this machine for some reason) it finally started and lo and behold there are 5 restore points sitting there - 2 from 6/19 when I updated a piece of software called Trusteer Rapport, 2 scheduled checkpoints on 6/20 and 6/21, and one done at 1am on 6/22 prior to an automatic windows update.

Of course, now I don't need to use them but I should be able to install the piece of accounting software this all started with and do my restore point prior to install.

To report on the results of the MWB. 2 infected files were found. They were both found in and an archive directory I'd backed up to this machine from an old computer. It was essentially the same file saved twice, in 2 different subdirectories. The file name was SYSRESET253.exe and they were infected with something called Backdoor.Zapchast.

I know nothing about the files and I know nothing about the malware.

Anyone want to weigh in on where on a scale of 1-10 this is with 1 being the sniffles and 10 being the plague?

Should I still run a full deep scan with my AV (Avast 5)?

Thank you
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Zapchest can be a disaster. It is a back door entry. It gives the attacker potential control of the computer.
Yes run full deep scan.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Zapchest can be a disaster. It is a back door entry. It gives the attacker potential control of the computer.
Yes run full deep scan.

Oh boy. That's scary. Any way of knowing whether it did anything or when it showed up? MWB says it has been removed now.

Though this machine has a cable internet connection, we shut down the network connection when the machine is not in use.

Running scan now with Avast.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion a6750t
    CPU
    core 2 quad
    Memory
    3gb
    Hard Drives
    Caviar Blue 640Gb (came with machine) - System+Data
    Caviar Black 1Tb (new Win7 installed but not active)
Everyone who has helped so far has done their best, but may I suggest that we get an expert in the security area. Its up to you.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Back
Top