System Restore Tab Missing

You forgot to attach the Bitdefender log.

Why are you running with no antivirus and no firewall applications. This is very dangerous!!

Please run the below procedure too:

EGDAccess Removal

After running the above some items from below may no longer exist. That's okay, just ignore and complete the steps.
Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1059_XP.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\msmbw.exe
C:\WINDOWS\System32\serbw.exe
C:\WINDOWS\System32\formatsys.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

I still see the below in your log. Did you forget to fix this? Try again:
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET

Is it gone now? Is the D drive your CD ROM?

Not sure yet what is going on with System Restore tabs but can you access system restore via msconfig?

 

Try the below for the System Restore problem.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixSR.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixSR.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Try this! First disable (or uninstall if necessary) both Windows Defender and SpySweeper. Then try running the registry patch again. Let me know what happens. If you get an error message, tell me the exact error message.

 

Do you know whether System Restore is currently enabled or disabled?

I think we are going to have to Disable the service and then rename the System Volume Information folder. Then reboot and then enable System Restore. This should create a new System Volume Information folder. I think yours is corrupted.


To stop the service do the below.

• Click Start, Run and enter services.msc and then click OK. This will bring up the Services window.
• Scroll down to System Restore Service and double click on it.
• In the next windows changed the Service status to Stopped by click the Stop button
• The change the Service type: to Disable
• Then Apply and OK
• Now reboot your PC
• After reboot (makes sure viewing of hidden & system files is enabled) and run Windows Explorer and locate the folder named System Volume Information Right click on the folder and select rename. Change the name to Old Restore
• Now reboot again
• No run services.msc again but this time set the System Restore Service Status to Started and set the Type to Automatic.

Now let me know how things are looking. If this does not work, you will have to check what the guys in the Software Forum suggest. This is not a malware problem.

 

Is System Restore disabled?
Has the Service been stopped and disabled?

If you answer no to the above, you definitely will not be able to rename the folder.

 

I think it may be best for you to try getting help on this in the Software Forum. At this point I'm not sure that trying to renamed the System Volume Information folder is even a good idea since other things besides System Restore are located there. Right now I'm not sure why the previous registry patch I had you apply did not work. I guess could be that the registy patch was not successful because various registry keys are not owned by you and thus you do not have premission to change them.

Two more things to try and then I'm out of ideas:

Idea 1

• Download Registrar Lite and install it!
• Copy and paste the below into the Address box of registrar lit and hit the Enter key.
  
  HKEY_LOCAL_MACHINE
  
  Then click the Security pull down ont the top menu and choose Take Ownership. Click OK in the next window to approve it.
• Copy and paste the below into the Address box of registrar lit and hit the Enter key.
  
  HKEY_CURRENT_USER
  
  Then click the Security pull down ont the top menu and choose Take Ownership. Click OK in the next window to approve it.
• Now exit Registrar Lite
• Go back to message number 7 and reapply the registry patch.
• Any change?

Idea 2

Only one more thing I can suggest before you go to the Software Forum, run services.msc, and changes the System Restore Services to be Started and Automatic. Then reboot and see if there is any change with the missing tab.

 

You're welcome and good luck! Let me know if you find out the solution. As I said in the past that registry patch as always worked so there is something different happening on your PC. You may need to run sr.inf in the C:\windows\inf folder. Someone in the Software section may mention this. I'm not sure if it would help or not right now.

 

I glad I had one last trick up my sleave!

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!