System restore unavailable due to Group Policy

Have spent hours cleaning my machine Vista OS according to your instructions (read and run me first) but I still cannot use or access System Restore. I have attached all the logs I can find and have followed your instruction. What Next?

 

Dear Chas Lang, I think it must be malware as I never changed group policy ever and I haven't been able to access system restore since I last rebooted the OS. As to logs not being posted I could only find four but when I uploaded the four I could find I noticed that a lot of other logs uploaded with them. If you could please inform me of the missing log and give me some idea where it could be located that would help me very much. You did get the four logs?

 

Thanks ChasLang, I did not run MGTools yet and the only four logs I have are attached. The only report I couldn't find was for Rogue Killer and I only have an EULA for that product.

 

I have tried using MGtools but it keeps saying access is denied. I have found gettheunkey log and have tried to attach but it is Bigger than the allowed size

 

Hi Chas, I tried to run the MGtools again before I got your last reply but at the end of the run the app was unable to create MGtools.log.zip so I have no idea what it found. I will now run JRT app and get back to you. How do I access the drive in the partition that holds the OS?

 

Have now run JRT and attached the text file. The difficulty now is accessing the partition drive. Is there a "how to" on your site?

 

I had to uninstall Norton 360 as all areas of management were greyed out and unresponsive before running JRT. I have since enabled Windows Firewall and started Windows Defender although with the depth of corruption I have No Idea if any of my security features are working. Thanks for your attention. I have no idea how to reward you for this.

 

Hi Chaslang,
Have done as you asked and received a note from registry editor that it was successful. Thanks for your help. What now? If everything is ok I don't need system restore anymore. I have something on here that I didn't authorise, there are many desktop.ini files that need to be deleted. I cannot access or change IPsec due to group policy? I had to uninstall my security system as I no longer had control of it. Could you tell anything from the logs I attached? The MGtools app appeared to be very efficient and finding copies of many files but the final message was unable to create MGtools log. Where to from here?

 

Just checked. There is no MGtoolslog.

 

Sorry Chaslang, Should I disable all my defenses Norton 360, Defender etc. I have probably answered my own question as I see it on the page and should I disconnect my Wifi also? I will do nothing until I hear from you. Better to do nothing and be thought a fool than to do wrong and remove all doubt.

 

OK. Have done as suggested and attached file. I'm not sure if system restore is working as I am loath to undo any fixes done during Windows Repair. There was no System Restore Point made when running the program even though it said a system restore point would be made. Where before I could not access my Norton 360, now, after reinstalling, when I check, it is available and the boxes, apart from silent mode, are all checked so I guess that is a plus. Group Policy Client in admin mode is on auto and cannot be stopped or started(all grayed out)
IPsec Policy Agent is on auto and available so left it. Net Tcp port sharing device is disabled and these files are in the management system XJGEAREUBXBJC and ZTMISQG? what are these? also another desktop.ini file appeared on my desktop after running GetLogs.bat. Why did I get a Trend Micro EULA licence during the running of that file? It said it was for "hijackthis" so I considered it was a part of your MGtools file and clicked "I agree". So no way of checking if system restore works without undoing the work of your programs. I hope you can see what is happening from the file. Thanks for your help. I hope I am just paranoid.

 

ZTMISQG, XJGEAREUBXBJC These two files are in the Administrative tools/services/management.
I still cannot set a system restore point. "System restore point disabled due to Group policy" Can you advise how to change Group Policy so that this very important service can be enabled. The Group Policy Client in Administrative tools/services is unavailable. As I am the only one with administrative permission to use this computer there must be another, illegal, administration account that is hidden from me and is able to manipulate the registry and permissions to set restore points and change the settings on my security software. Malware or very clever program that stops me from administering this laptop. Can you help please? I am asking you to give me back the ownership of this laptop. Thanks.

 

Sorry chaslang, I'll try to elucidate the situation properly. I have recently returned from China. While I was there and staying in a hotel, I was advised to change the DNS to "Automatic Discovery" from my original IP address. This worked fine and I was able to connect to the internet wherever there was a Wifi connection. Later, when staying at my in-laws, I was connecting through a Wifi connected to a modem that was connected to my father-in law's phone line by ChinaCom officials. It was still on "Auto discovery" but seemed to work ok. Then I would notice the signal dropping out when I was playing Poker but always I could reconnect by running the "Diagnose and Repair" function. This situation became worse as time went by but I could always reconnect after two or three attempts. I never attempted to rectify this problem as I was only connect via telephone line and I considered that any attempt would be stymied by slow download/upload speeds.
When I returned to New Zealand this problem was still prevalent and I attempted several times to reset my computer via system restore. My thinking was if I could reset to a point before the problem began then all would be well. DNS kept dropping out and would stay out maybe for an hour or two and whenever I tried to run "System restore" it would go through the motions but always the answer was "unable to restore system. no files have been changed" That was when I discovered my security Norton 360 Premium was unable to be accessed in any mode including "safe mode" and I was unable to set a system restore point. At that point I realised my computer was seriously compromised and I had no control over any of the important functions of my computer or my security software. What should I think about that? I was really worried by this and considered maybe something happened in China. I contacted the Belkin helpdesk and we reset my wifi with the IP address supplied by my Internet company. This has apparently worked and I have had no problems connecting to or using the internet. However, my concern is still that I have lost control of my computer. How or who could control my computer to the point where I have no privileges and cannot reset my computer no matter what I try. Please give me your thoughts on this. I may be the only authorised administrator but I cannot authorise any changes. Perhaps you can understand my concern? Thanks for listening. I have had these or similar problems before which have only been resolved by rebooting the OS. This has lasted a short time but always I have been shut out of any important control of my Computer. What do you suggest?

 

Dear chaslang, have done as instructed but still unable to create restore point. When I click "create restore point" window comes up that says "configuration is disabled by group policy" further down the page is another "restore point creation disabled by group policy". I uninstalled all Norton files that I could find.
When I first downloaded and ran Norton removal tool an error window appeared saying this program had started incorrectly. Did I want to search for a solution online and shut down the program or did I just want to shutdown the program. I shut down the program. I input the url into the chrome browser and downloaded the NRT again. Double clicked and it ran successfully. Driver manager did not uninstall so did that before reboot.
I ran Windows repair in normal mode, once in safe mode. right click and run getlogs.bat and attach log to this thread. Checked to see if System restore could be accessed and replied. One thing I noticed when repair was running each repair in the DOS command window the cursor was blinking under the DONE line then would come an increasing amount of numbers, once over a million with the word MODIFIED then the same amount with the word FAILED I guess you would know that from the log. Did it work or not?? Still can't create system restore point due to group policy. Thanks for your continued interest in my problem. I hope you agree that I should have access to system restore?

 

Hi Chaslang, I did attach the file MGtools.zip but in any case have attached the new log for your perusal. Unable to find defogger to ensure UAC was still disabled although I could see it in my files yesterday. I hope this log has uploaded properly. It says it has just like yesterday. I tried to find UAC control and got a website that told me what to do but it also said this will not work with Vista. Also have noticed all the software I downloaded Tdss, Rogue Killer etc all have the Microsoft security symbol attached to them

 

Hmm, Hi chaslang, your silence is deafening. Have you found something or have you been too busy or / something else??

 

My apologies for my impatience. I realize you work voluntarily but I lost sight of that momentarily, sorry.
Well, that was an interesting exercise and an absolute failure. I tried to save the file as *fixme.reg*. When I set to *all files* the name disappeared from the top bar and I had to type it back in. Tried to save but it wouldn't allow me to. Changed the name to fixme.reg without the asterisks and could save it ok. Double clicked but the registry editor came up with a message that read
"Cannot import C:\Users\Russell\Desktop\fixme.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor"
So nothing happened. I copied the the edit exactly as you wrote it with asterisks to notepad. from after "Start quote to before End quote" ie: *REGEDIT4*

*[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=-
"DisableSR"=-
* As the cat said curiouser and curiouser. Don't know where to go from here.
My computer is a lot faster now after I disabled some start up files that I didn't need and all things considered, it is a much better machine than before you began work on it but I still have no control.

 

I have saved all the software you suggested to my desktop in Admin mode and all the software now has a windows security icon on top of it. As per your instructions I did not delete anything from those programs even though it said I had done nothing with the files it had found and was I sure I wanted to quit? Does this mean that I have not changed anything or does this mean that if I did delete the files it found I would have totally corrupted my computer and finally nixed it? Black screen etc. Sorry, I'm not IT expert and have no experience with these programs.

 

That's what I was doing. Duh. Worked fine and I now have system restore working again. Thank you so much for your patience and understanding, and easy to follow instructions. I really appreciate your help. My paranoia levels are dropping and I hope I will not need your help again. Thank you very much.

 

Hi chaslang, I have noticed that I cannot access any music, pictures or video files from inside my my documents folder "access denied" although I can from the
sidebar. Why would that happen? Also have downloaded Windows update Tuesday patch and the files are on my desktop .exe files. Should I double click and install? I thought these files would automatically install from the update.

 

also cannot validate my Windows OS so cannot download updates. What is going on? Much more than I/We considered. I am strapped financially and only get a sickness pension so taking it to a IT expert is beyond my means. I hope you can help!!! Thanks. I think that is why the KB files are on my desktop and not installed.

 

No No, I didn't do a System Restore although I possibly could now as I have access to it and a list of repair points since that last regfix for which I am very grateful. But now I have discovered that I cannot validate my windows and subsequently have no access to auto downloads.
When I press start I get menu and click documents. That opens with all of my files on it and shortcuts to My Music, My Videos, My Pictures however I cannot access those files from those shortcuts. In the sidebar where all files are displayed I have no problems accessing My Music, My Videos, My Pictures. However, not being able to validate my windows is a far greater problem to me. I only discovered that when I tried to install the Tuesday Patch files that appeared on my desktop. I didn't save them to there, they just appeared after Windows update did it's thing. That's when I discovered that I couldn't validate my OS. This has never happened before.