C:\system volume information\_restore

Discussion in 'Malware Help (A Specialist Will Reply)' started by ahauck00, Oct 11, 2011.

  1. ahauck00

    ahauck00 Private E-2

    I have searched the forums and found some of what I needed. Ran a complete scan and came up with 41 of these C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046563.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046561.EXE

    Couldn't figure out why and decided to consult those with much more knowledge than myself. Logs attached as you have requested. Not sure if/what type of issue I have. Please assist. Thank you..
    Ashley.

    I thought Avast was disabled and I was wrong. I couldn't get to it in time.
     

    Attached Files:

    ahauck00, Oct 11, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    What scan are you referring too? Do you have a log? All you are showing above are system restore points. You are not showing me any problems and your current logs are clean.

    What malware problems are you currently having?
    Have you had some malware issues in the past and never disabled System Restore after removing the malware?

    Where is the requested log from SUPERAntiSpyware?
     
    chaslang, Oct 12, 2011
    #2
  3. ahauck00

    ahauck00 Private E-2

    Thanks for the reply. Already your forum has been more than helpful and your support is much appreciated!

    I first ran an MBAM, SUPERAntiSpyware and Avast full scans. MBAM showed 212 issues to include registry key errors as well as 2 trojans. Avast also showed some issues so I removed all issues and then re-ran the scans. MBAM and AVAST showed clean but SUPER showed the following errors (see attached). I then followed all your steps and haven't shown anything. The instructions were to post the scans just in case to get your advice.

    The full scan that shows the "system volume information" is what brought me to you.

    As for having issues in the past. When I run scans occasionally items are detected and I have then removed. I do not recall ever performing a system restore after that? Just a simple user who rarely uses the computer. It is used mainly by my wife for business stuff as well as her facebook, surfing coupons, and sales ad's.

    Thanks for the assist.
     

    Attached Files:

    ahauck00, Oct 12, 2011
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, ahauck00

    You are using an outdated version of SUPERAntiSpyware-
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • Now configure and run SAS following this guide: SUPERAntiSpyware - running & getting a log

    Please attach the newly updated SASlog.txt to your next reply.
     
    dr.moriarty, Oct 12, 2011
    #4
  5. ahauck00

    ahauck00 Private E-2

    Thanks Dr. M,
    I tried the uninstall and this popped up: Error reading uninstall data

    Please advise...
     
    ahauck00, Oct 12, 2011
    #5
  6. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Please download Revo Uninstaller from this link.
    • Install it to it's default directory and run it.
    • Look for the AVG program icon and if found - right-click it and choose "Uninstall"
    • Choose the option on the bottom of the list (#4). Be very careful to select and delete the bolded registry items ONLY!!
    NOTE: This software will create a system restore point for you prior to uninstalling a software program.

    Now, re-boot your pc. Then continue with my instructions in post #4.
     
    dr.moriarty, Oct 12, 2011
    #6
  7. ahauck00

    ahauck00 Private E-2

    Okay. I was able to do what you asked and here are the results.
     

    Attached Files:

    ahauck00, Oct 13, 2011
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are not having malware problems, you just have junk left over in system restore that was never disabled. I did not ask you if you had performed a System Restore. I asked you if you had ever disabled it after removing any malware in the past. The only way to remove things collected in System Restore ( which is the System Volume Information folder ) is to turn it off and then turn it back on.

    Thus see step 4 in the below link and do it now:

    Windows XP Malware Removal/Cleaning Procedure


    Then tell me if you are having any malware problems afterwards.
     
    chaslang, Oct 13, 2011
    #8
  9. ahauck00

    ahauck00 Private E-2

    Off/On as instructed. The scan is attached. I do not notice any other issues at this time. Are there any settings I need to restore?
     

    Attached Files:

    Last edited: Oct 14, 2011
    ahauck00, Oct 14, 2011
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Oct 14, 2011
    #10
  11. ahauck00

    ahauck00 Private E-2

    Thank you again for all your help. I have learned a lot. You guys have been great! I was unable to set the active X controls as IE8 will not allow me to open the internet options. I will keep working on that. Thanks Again.

    AHauck00
     
    ahauck00, Oct 16, 2011
    #11
  12. ahauck00

    ahauck00 Private E-2

    After all you have done for me already I need some more support. With the issues from before and the cleaning we have done I am now receiving HKEY errors. I am unable to update Adobe and I cannot access internet options with IE8/XP no matter which route I take i.e start/run, Control panel, right clicks nothing, or uninstall. In fact I can't uninstall IE8 or Adobe. I am trying to finish the last steps in your guide but am unable at this point.

    Please advise.
     
    Last edited: Oct 16, 2011
    ahauck00, Oct 16, 2011
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know what you mean. What errors are you talking about and why are you playing around in the registry? Also do you mean you have had these before running the cleaning procedure. We really did not fix anything. All you had SUPERAntiSpyware remove was just junk from MyWay which is basic adware.

    How long have you had these problems. As stated above, we did not even fix anything of significance so this had nothing to do with the cleaning process and nothing to do with any malware based on your logs.
     
    chaslang, Oct 16, 2011
    #13
  14. ahauck00

    ahauck00 Private E-2

    This may have been an issue before but I had not noticed it yet. I tried to check the Active X settings like suggested ( I normally use FireFox). When I accessed IE the tool bar (file, view, tools etc) was missing. I tried to use the Control Panel to access it, right click/properties from the icon anything I could think of to find it and enable it to no avail. I gave up on IE and the was prompted to update Adobe Reader. When I tried that I received Error stating I didn't have sufficient permissions Hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imall It was suggested that I try to remove my current version and re-install in order to rid of this issue. Again the same Error came up.

    **Update With Adobe** I downloaded Adobe X and after the 2 attempt it worked. I then went back and removed 9. Now it just back to the IE8 issue. It will load and I can use it just fine but the issues remains as I stated in the above.

    When I first contacted you for support I had completed a complete Scan with Super, Mbam, and Avast. 212 issues popped up with registry errors and trojans. I know nothing about the Registry or how/what to do with it. I am just a retired Rescue Swimmer trying to fix this laptop so my wife can continue to use it.
     
    ahauck00, Oct 16, 2011
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This does not sound like malware. Sounds like an issue with Windows or your settings.
    On not sure exactly what you mean is missing. Are you saying the Menu bar is missing? This is the one that shows the below selections:

    File Edit View Favorites Tools Help

    Or is the above Menu Bar shown but you just do not see the Toolbars list when you click the View menu selection?
     
    chaslang, Oct 16, 2011
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 16, 2011
    #16
  17. ahauck00

    ahauck00 Private E-2

    It is the Menu bar. Not the tool bar. See Print Screen Attached. I tried the below steps as well and was able to delete the items Microsoft suggested with no change.
     
    ahauck00, Oct 17, 2011
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach anything. However this is not a malware problem and likely not a settings type issue either. You probably just hid it. You should just drag the menu area down to make it larger and it may show up. Or you you can right click in the area where you see the Home icon and then put a check box next to Menu Bar.
     
    chaslang, Oct 17, 2011
    #18
  19. ahauck00

    ahauck00 Private E-2

    If I use FireFox does it even matter if the active X settings are adjusted?

    Right clicking on Home does nothing. If I left click it closes the page. When I go to google it asks if I want to make it my home page but when I choose yes (hoping internet options would pop up) nothing happens.


    File now attached. Word doc was too large and .bmp didn't want to take....so JPEG it had to be...
     

    Attached Files:

    ahauck00, Oct 17, 2011
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It does not matter for Firefox but it does matter because you need IE. Many sites require it and one of the main ones is Microsoft. Without using IE, you cannot get all of your Windows Updates. Do note that IE is more secure than Firefox. For the last few years, we have had more security issues due to Firefox, Chrome, and other 3rd party browsers than we do with IE.

    You must use right click in the area around the Home button or anywhere else in that section of the menu. Try different areas ( even in the blank are above it ) until you see a popup like in the below snapshot. Then check the Menu Bar.

    Menu.jpg

    Yes it is just what I'm saying. You need to add the menu back by right clicking.
     
    chaslang, Oct 18, 2011
    #20
  21. ahauck00

    ahauck00 Private E-2

    I clicked until my clicker was smokin' Nothing seems to work. I went back to Microsoft and found some others were having the same issues with different suggestions. Only difference is the steps worked for them, not me? It's beyond me.

    I ran CCleaner and checked registry errors. There were 4 for IE and the detailed info stated it was stuff usually left behind after removal. I selected fix all and still nothing?

    I am not ready to throw in the towel just yet. I will continue until I find the answer. Thank you for all you have done.....
     
    ahauck00, Oct 18, 2011
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Not recommended. Registry cleaning is frequently the cause of weird issues like this.

    I suggest that you post in the Software Forum for help on this. It is not a malware problem and perhaps someone there will have additional ideas to try. You should point them to this thread so they don't wast time trying the same things.

    One thing you should also look into is to make sure that you are not having some kind of issue with Right-Click Context. See if right clicking on the desktop or files gives you the appropriate context menus.
     
    chaslang, Oct 19, 2011
    #22
  23. ahauck00

    ahauck00 Private E-2

    WOOOHOOOO! <----- Technical Term! I got it! I was able to perform the uninstall using REVO. However, the uninstall would hang up and couldn't complete. The missing files had to be located individually. I was able to re-open IE to an earlier version and my "Menu" bar was there. I can now upgrade back to 8.


    I am posting them here just in case someone else was following this post and has the same issue. I found this from another forum but thought I would share.

    Again Thank You! I appreciate all that you did and the days/time you took out of your day to assist me. Every business needs people like you.....Treat Every Woman as you would treat your mother and treat every man as if they can beat you up!!! Provide wonderful service and be nice to all......Just a motto I like to live by. Again I thank you.....

    Run the following command from command prompt.
    %windir%\ie8\spuninst\spuninst.exe

    Internet Explorer will start to try to uninstall.

    Below I have included the location of files the uninstall will hang on. Paste in the

    directories for a quick uninstall.

    hmmapi.dll.mui
    C:\Program Files\Internet Explorer\en-US

    ieakmmc.chm
    C:\windows\ie7
    C:\windows\help
    C:\i386

    inetcorp.iem
    C:\WINDOWS\inf\IEM\0409

    windows feed discovered.wav
    C:\windows\media

    advpack.dll.mui
    C:\windows\system32

    admparse.dll.mui
    C:\windows\system32\en-US

    ieencode.dll.000
    this file will not be found on the system.
    You will have to copy ieenocde.dll and add the .000 extension
    Copy the file from: C:\windows\ie8
    Paste to the same directory.
    Rename the file to ieencode.dll.000
    Proceed

    Restart.
     
    ahauck00, Oct 19, 2011
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. I'm happy to hear you were able to get it fixed.
     
    chaslang, Oct 20, 2011
    #24

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds