Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System restore keeps switching off

03 Feb 2014   #11
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

Yes, C: is an SSD, as is D:, the other 2 disks are standard HDs. I will change the allocation to 5% as I have plenty of unallocated space.

I am also confused by the number of C: drives which appear in System Protection.

System restore keeps switching off-capture5.png

Viv

PS, I have just checked and restore points back to 17/10/2013 are listed, with the exception of the one I created manually in the last 24 hours, all of the ones listed are ones Windows decided to create when the overnight backup runs. I have just created an RP and will check later to see if it is still there.
System restore keeps switching off-capture6.png




My System SpecsSystem Spec
.
03 Feb 2014   #12
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

I think the "C: missing" has to do with the unallocated space in Disk Management. What do you think Bill?
My System SpecsSystem Spec
03 Feb 2014   #13
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

I honestly don't know.... I don't think it has anything to do with the unallocated space though.
With regards to C: -> DskMgmt is ok, System Protection (SP) is whacky

Because Retore Points (RP) are stored in Volume Information on the partition they're created, I'm not sure what SP considers C:
SP doesn't use drive letters, it uses base drive / partition addressing. Still there are more than one C: and possibly more than one base address

Switching gears:
There are two RPs (1) Windows update and (1) Manually created in the image posted.
Viv is testing to see if they stick around or if SP turns off and they are removed.

I didn't find anything useful re: CommonID, so that's back burner for now.

I did find some interesting things re: Disabling SP - that in turn referenced Enabling SP.

While SP is in an OK state (you can create an RP), please type (or copy) the entire line that follows into an elevated command prompt:

REG QUERY "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"

I checked my system, but SP is off so a "key not found" error was returned.

I think based on an early post, that you will also get the "key not found" error.
We also touched on two string values for the key above, but the key didn't exist on your system.

queries on my system (with SP off on all drives)
Code:
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"
--> ERROR: The system was unable to find the specified registry key or value.
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows NT"
--> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Nt\Terminal Services
--> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Nt\Windows File Protection
What's next?

Viv: please fill in your system specs so members can easily reference your system: System Specs (see How to - System Specs).

What happens if you highlight/select one of the C: (missing) drives and hit the configure button?
and the 2nd C: (missing) drive?

I'm thinking you might just be able to turn those ghost drives off in SP.

Why are there ghost drives? There's been at least one C: drive change (HDD to SSD). I'll guess that the HDD was put back in service and somehow SP found the RP, but got confused and still marks it as C: - or some other convoluted out-of-sync condition. Just guessing here.

I'd like to see a Device Manager (DevMgr) screen shot(s) showing View->Show hidden devices, but
before opening DevMgr I want you to add an envoriment vaiable to your user profile
devmgr_show_nonpresent_devices
with a value of
1
Include the two storage categories in the snapshot(s):
Storage volume shadow copies
Storage Volumes

That's good for now, I'll read the results in Viv's next post

Bill
.


Attached Images
System restore keeps switching off-devmgrhiddevs.png 
My System SpecsSystem Spec
.

03 Feb 2014   #14
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Viv,

Could you post another Disk Management screen shot? Make sure the Status column is fully visible.

Everything looks good from that I can read, but it's always good to see the entire contents of the Status column.

Thanks.
My System SpecsSystem Spec
03 Feb 2014   #15
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

The RP I created 6 hours ago is still shown.

I tried pasting the 'REG QUERY ...' line into an Administrator Command Prompt at C:\Users\Viv> and saw the message 'ERROR: The system was unable to find the specified registry key or value.' This also applied when I changed to c:\.

I have added my system specs as requested.

Hitting the Configure button for both of the C: (Missing) drives shown in this image :-
System restore keeps switching off-capture4.png

I built the computer in October 2012 which was when I installed the SSD and Windows was installed from scratch.

I have added the devmgr entry and attach the views of Device Manager which you requested. I am surprised at the number of Generic Volumes and Generic Shadow Copies, most of which are apparently not attached. Would it be worth deleting these?

Viv

System restore keeps switching off-capture7.png System restore keeps switching off-capture8.png System restore keeps switching off-capture9.png


My System SpecsSystem Spec
03 Feb 2014   #16
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

good stuff Viv, thanks

I'm going into shorthand mode: if somethings not clear, just ask.

Reg Query: an admin cmd usually has c:\windows\system32 > as the prompt.
It sounds to me that maybe a std cmd prompt was launched ( C:\Users\Viv >)
also make certain you include the qoutes(") in the copy.

Both of the C: (Missing) drives show Current usage: 0
Turn off system protection on both of those missing drives.

See how that affects SP.

Yeah, you can delete the ghost DevMgr entries, but hold off until later. I'd like to know if the C: (missing) SP change resolves the issue. It might take two or three weeks, give the test time to give you results.

When you feel that it was the C: (Missing) entries, post something, I'll see it on a list of subscribed threads. Or if the issue crops up again, post something, I'll still see it .

I'm feeling pretty good that it was those erroneous C: entries in SP, but..... time will tell.

You can clean up the ghosts anytime now that you have the environment varialble set.
Be really really careful when you do - sometimes it's hard to tell a ghost from a live entry - not sure, leave it. Just go slow.

Bill
.
My System SpecsSystem Spec
03 Feb 2014   #17
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

Thanks for putting me right about an elevated command prompt, I now get 'The system was unable to find the specified registry key or value.'.

I have tried turning off SP on one of the phantom drives which generated several error messages :-
System restore keeps switching off-capture10.png System restore keeps switching off-capture11.png System restore keeps switching off-capture12.png

After cancelling my attempt to turn SP off for the first phantom C: drive both of the phantom drives have now disappeared from the list of available drives.

I will wait before deleting the ghost entries in DevMgr.

Viv


My System SpecsSystem Spec
03 Feb 2014   #18
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Phantoms and ghosts... maybe a gremlin or two.

I really like it when Windows heals itself like that. At least that's what it appears to have happened.

Restart your system if you haven't already. It might not be necessary, but it can't hurt.

See what SP is doing - On for C: ... only one C: ... RPs still there?

Now it's wait and see - check SP before and after installing anything - manually verify RP creation.

Hopefully that did it.

Thanks for waiting on the DevMgr ghosts. It will help other members if anyone else has this issue - they'll know it was the Phantom C: defs in SP.

Bill
.
My System SpecsSystem Spec
04 Feb 2014   #19
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Now, how did it get that way? I suspect that SP just got confused by HD changees... it's odd, but that's my initial disgnosis.

It would be a good idea to run a quick malware scan, just in case it was something else.


Download Malwarebytes Anti-Malware Free (click here to download, select the free version)
"Save as" the install package to your Desktop
Double click the mbam-setup file on your desktop to install and run Malwarebytes (Mbam)

Answer YES to all authorization prompts and then follow the Mbam setup prompts.
Do not make any changes to default settings.
When the install is finished, verify that only the following two options have checkmarks,
change to match if necessary.
[a] Update Malwarebytes’ Anti-Malware
[a] Launch Malwarebytes’ Anti-Malware

Make sure that there is NOT a checkmark next to:
[ ] Enable free trial of Malwarebytes Anti-Malware PRO

Then click the Finish button.

Allow Mbam to update, then
Select Perform Quick Scan from the options on the Scanner tab, then
Click the Scan button.

After the scan is complete
Click on Show Results
A window displaying any detected malware is shown
Select all malware (make sure all objects are [a] ticked), then
Click on Remove Selected

The Mbam report file pops up in your text editor when Mbam has completed the removal process.

Select all of the text in the report (Ctrl+A) and paste the text in a new post on this thread.

Note   Note
If Mbam encounters a file that is difficult to remove, you are asked to restart the computer.
The restart is REQUIRED to allow Mbam to complete the removal of the malware.
Failure to restart means that the malware is still present on your machine.

You want to restart in Normal mode, not in Safe mode.


If Malwarebytes finds anything, using a few more scanners is probably a good idea.

Trying to cover all bases.

Bill
.
My System SpecsSystem Spec
04 Feb 2014   #20
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

At least the RP I created yesterday is still there, and the 2 phantom C: drives seem to have disappeared permanently. As well as System Protection turning off a couple of times in the last few months the Autoplay window appeared yesterday for no apparent reason when I plugged my phone into the computer and also switched on my external hard drive, but at least I have now stopped that. Something seems able to make changes to my computer without my permission.

I have deleted a few items from 'Storage volume shadow copies' and 'Storage Volumes' relating to hardware which is not attached to my computer, but will leave it a few days before deleting any more.

I have just run MSE in full scan mode with nothing untoward found, and also Malwarebytes which found 3 items to delete, (and they have been).

The mbam log is as follows :-
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.04.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Viv :: VIV-ASUSPC [administrator]
04/02/2014 13:35:07
mbam-log-2014-02-04 (13-35-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252988
Time elapsed: 13 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


Viv
My System SpecsSystem Spec
Reply

 System restore keeps switching off




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Allocated System Restore space holds far fewer restore points now
I have 8gb of space allocated to System Restore, all monitoring my C partition only. This space is always at least 85-90% used according to the System Protection screen. In the past I have had at least 15 restore points to choose from after ticking "show more restore points." But today I went to...
Backup and Restore
BSOD while switching back and forth from system user
I am going to give you a little back story first. Sorry for it being so long. I have a program I am creating that needs to run a service. I have been experiencing issues with it and found that turning on 'Allow service to interact with desktop' solves the issue. I know turning this on is not...
BSOD Help and Support
System Restore - Restore system settings and previous versions of file
estore system settings and previous versions of file is greyed out on my system, I may have disabled a required service for this, can anyone point me to the right direction for this? As I'm about to try the X-Fi MB2 mod again as the last time I tried it my system was messed up that it wont even...
Backup and Restore
Backup/Restore Questions (Apple user switching back to Windows)
Hi Guys, I have been a on a Windows hiatus and using Mac for some time now, but now I am switching back. I am little confused about the backup restore feature in Windows 7 Ultimate even after doing a search of this forum and Microsoft’s website. From my understanding a System Image pretty much...
Backup and Restore
Slower bootup after switching system locale?
Hi all, I normally have a quick splash/log-in sequence ever since my first installation of Win 7 until recently. Last night I switched system locale for the first time in order for me to read some garbled text and as I expected the splash and log-in took a while to load perhaps due to switching...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App