System restore will not go back to any restore points

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sleepmonk, Jul 4, 2011.

  1. sleepmonk

    sleepmonk Private E-2

    Hello, my name is Robert. I've been looking over all the wonderful information here at MajorGeeks.It's alot to take in. Trying to find anything close to my problem or where I should post my question. My computer crashed but no blue screen. When it came back on all my documents, music & notes(.txt) were gone. I have tried cleaning with AVG, IObit & Malwarebytes'. Under the virus vault for AVG 2011 it showed this: ALLUSERS\APPLICATION DATA\14147364.EXE. I don't know what that means or if that helps any of you at all. I have closed AVG now and only have Malwarebytes' Anti-Malware, IObit Advanced System Care v4.0.1 Free & Smart Defrag 2 now on my system.

    I have tried system restore 20-30 times but it won't restore to any previous dates. I have restore points almost everyday but after selecting any one of them and hitting the next button. I see a gray window opens up but I can't read it, it closes so fast. I have the system restore under System Properties set to the Max. 12% (9149 MB).
    I have done a DDS report and have attached it below. Yet I have held off from doing a Combo fix unless someone ask for it. Also under the virus vault for AVG 2011 it showed this: ALLUSERS\APPLICATION DATA\14147364.EXE. I don't know what that means or if that helps any of you at all.
    I have closed AVG now and only have Malwarebytes' Anti-Malware, IObit Advanced System Care v4.0.1 Free & Smart Defrag 2 now on my system.

    My Operating System is:
    Microsoft Windows XP Professional Version 2002 Service Pack 3
    Dell Dimension 4600 IntelĀ® Pentium 4 CPU 3.00Ghz 1.96 GB of Ram

    Any help from you experts would be greatly appreciated. Thank You!!!

    Sorry if this was too long-winded.

    Sincerely a frustrated user, Robert.
     

    Attached Files:

    sleepmonk, Jul 4, 2011
    #1
  2. sleepmonk

    sleepmonk Private E-2

    I have done all the malware tests asked for except ComboFix. It says AVG still on but I used AVGremover and checked Add or Remove programs and AVG is not there. Here are the logs for Super AntiSpamware, Malwarebytes', RootRepeal & MGTools. After completing all these programs I see my documents, music & notes look like they are back but they look like shadows. I don't know what that means. I have also tried to do system restore a few more times but no luck. Let me know if you need any more info. Thank you for your help MajorGeek experts. Any help would be greatly appreciated.
    I have to leave for work soon but I will check back in at 10pm when I get off work.

    Sincerely, Robert
     

    Attached Files:

    sleepmonk, Jul 4, 2011
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
    • C:\Avenger.txt

    Make sure you tell me how things are working now!
     
    TimW, Jul 4, 2011
    #3
  4. sleepmonk

    sleepmonk Private E-2

    Tim W I extracted avenger and opened C: MGtools but I don't see C:\MGtools\analyse.exe. I don't know why, what else from my MGtools should I use to get to C:\MGtools\analyse.exe? Sorry but I just don't see it. Thank you for trying to help me. I'm trying to do what you.
     
    sleepmonk, Jul 4, 2011
    #4
  5. sleepmonk

    sleepmonk Private E-2

    I Extracted + avenger.exe from the Zip file and save it to your desktop and opened it. Yet i don't see C:\MGtools\analyse.exe under C:\MGtools. I have looked and looked. Could it be listed as something else?
     
    sleepmonk, Jul 4, 2011
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is there:
    Code:
    ShowNew installation folder and files 
******************************************************************************

"C:\MGtools\"
analyse.exe   Apr 23 2010      388608  "analyse.exe"
     
    TimW, Jul 4, 2011
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are still having problems, skip the HJT part and continue on with the rest. ;)
     
    TimW, Jul 4, 2011
    #7
  8. sleepmonk

    sleepmonk Private E-2

    OK Tim W., I'm attaching what you asked for and I did it just the way you stated. Thank you for making it simple for me. Yes I received a success message for REGEDIT. I can now see my documents, music & notes (.txt) but they are not solid, sort of like shadows on the screen. I don't know what that means though. I can open the documents, music & notes but the folders look funny sort of see-thru. I am attaching all the logs you asked for. Thank you so much for your help.
    I just have another question. Can I still use IObit Advance System Care 4 and bring back AVG now? Or should I use another type Anti-spyware? When I look at my Control Panel Security Center it says Virus protect is not monitored. What would you recommend? Thank you again for your quick and precise directions which took away the stress I was feeling from having this happen.

    Sincerely,
    Robert
     

    Attached Files:

    sleepmonk, Jul 4, 2011
    #8
  9. sleepmonk

    sleepmonk Private E-2

    Sorry it took so long to get back to you but I worked till 10pm and grabbed a quick bite to eat while I was performing these programs or services.
     
    sleepmonk, Jul 4, 2011
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. All of your missing items are in this folder:
    C:\Documents and Settings\Owner\Local Settings\temp\smtmp

    Here is a link to help you restore all of them:
    http://www.smartestcomputing.us.com...iles-hiddendeleted-by-windows-recovery-virus/

    I personally prefer Microsoft Security Essentials. AVG has become too bloated the last few versions.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
    TimW, Jul 5, 2011
    #10
  11. sleepmonk

    sleepmonk Private E-2

    Thank you so much for your help!!!! You made cleaning my system not such a scary thing. I will follow your instructions and learn from this experience. Thank you Tim!!!!!!!
     
    sleepmonk, Jul 6, 2011
    #11
  12. sleepmonk

    sleepmonk Private E-2

    sleepmonk, Jul 6, 2011
    #12
  13. sleepmonk

    sleepmonk Private E-2

    For some reason now I don't see my documents, music or notes. I'm going to go back and do all the test or services again. To try and retrieve them again. Getting an external hard drive today and once I find the documents and music again I'm moving them to an external hard drive.
     
    sleepmonk, Jul 6, 2011
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jul 6, 2011
    #14
  15. sleepmonk

    sleepmonk Private E-2

    Bless you, bless you!!! I went out today and bought a Seagate FreeAgent GoFlex Desk external drive 1TB. I am now downloading everything over to that for safe keeping. Thank You So Much for ALL your Help!!!!!
     
    sleepmonk, Jul 6, 2011
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Jul 6, 2011
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds