System restore keeps switching off

I think the "C: missing" has to do with the unallocated space in Disk Management. What do you think Bill?

I honestly don't know.... I don't think it has anything to do with the unallocated space though.
With regards to C: -> DskMgmt is ok, System Protection (SP) is whacky

Because Retore Points (RP) are stored in Volume Information on the partition they're created, I'm not sure what SP considers C:
SP doesn't use drive letters, it uses base drive / partition addressing. Still there are more than one C: and possibly more than one base address

Switching gears:
There are two RPs (1) Windows update and (1) Manually created in the image posted.
Viv is testing to see if they stick around or if SP turns off and they are removed.

I didn't find anything useful re: CommonID, so that's back burner for now.

I did find some interesting things re: Disabling SP - that in turn referenced Enabling SP.

While SP is in an OK state (you can create an RP), please type (or copy) the entire line that follows into an elevated command prompt:

REG QUERY "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"

I checked my system, but SP is off so a "key not found" error was returned.

I think based on an early post, that you will also get the "key not found" error.
We also touched on two string values for the key above, but the key didn't exist on your system.

queries on my system (with SP off on all drives)

Code:

 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"
--> ERROR: The system was unable to find the specified registry key or value.
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows NT"
--> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Nt\Terminal Services
--> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Nt\Windows File Protection

What's next?

Viv: please fill in your system specs so members can easily reference your system: System Specs (see How to - System Specs).

What happens if you highlight/select one of the C: (missing) drives and hit the configure button?
and the 2nd C: (missing) drive?

I'm thinking you might just be able to turn those ghost drives off in SP.

Why are there ghost drives? There's been at least one C: drive change (HDD to SSD). I'll guess that the HDD was put back in service and somehow SP found the RP, but got confused and still marks it as C: - or some other convoluted out-of-sync condition. Just guessing here.

I'd like to see a Device Manager (DevMgr) screen shot(s) showing View->Show hidden devices, but
before opening DevMgr I want you to add an envoriment vaiable to your user profile

devmgr_show_nonpresent_devices

with a value of

1

Include the two storage categories in the snapshot(s):
Storage volume shadow copies
Storage Volumes

That's good for now, I'll read the results in Viv's next post

Bill
.

Viv,

Could you post another Disk Management screen shot? Make sure the Status column is fully visible.

Everything looks good from that I can read, but it's always good to see the entire contents of the Status column.

Thanks.

good stuff Viv, thanks

I'm going into shorthand mode: if somethings not clear, just ask.

Reg Query: an admin cmd usually has c:\windows\system32 > as the prompt.
It sounds to me that maybe a std cmd prompt was launched ( C:\Users\Viv >)
also make certain you include the qoutes(") in the copy.

Both of the C: (Missing) drives show Current usage: 0
Turn off system protection on both of those missing drives.

See how that affects SP.

Yeah, you can delete the ghost DevMgr entries, but hold off until later. I'd like to know if the C: (missing) SP change resolves the issue. It might take two or three weeks, give the test time to give you results.

When you feel that it was the C: (Missing) entries, post something, I'll see it on a list of subscribed threads. Or if the issue crops up again, post something, I'll still see it :).

I'm feeling pretty good that it was those erroneous C: entries in SP, but..... time will tell.

You can clean up the ghosts anytime now that you have the environment varialble set.
Be really really careful when you do - sometimes it's hard to tell a ghost from a live entry - not sure, leave it. Just go slow.

Bill
.

Phantoms and ghosts... maybe a gremlin or two.

I really like it when Windows heals itself like that. At least that's what it appears to have happened.

Restart your system if you haven't already. It might not be necessary, but it can't hurt.

See what SP is doing - On for C: ... only one C: ... RPs still there?

Now it's wait and see - check SP before and after installing anything - manually verify RP creation.

Hopefully that did it.

Thanks for waiting on the DevMgr ghosts. It will help other members if anyone else has this issue - they'll know it was the Phantom C: defs in SP.

Bill
.

Now, how did it get that way? I suspect that SP just got confused by HD changees... it's odd, but that's my initial disgnosis.

It would be a good idea to run a quick malware scan, just in case it was something else.

---

Download Malwarebytes Anti-Malware Free (click here to download, select the free version)
"Save as" the install package to your Desktop
Double click the mbam-setup file on your desktop to install and run Malwarebytes (Mbam)

Answer YES to all authorization prompts and then follow the Mbam setup prompts.
Do not make any changes to default settings.
When the install is finished, verify that only the following two options have checkmarks,
change to match if necessary.
[a] Update Malwarebytes’ Anti-Malware
[a] Launch Malwarebytes’ Anti-Malware

Make sure that there is NOT a checkmark next to:
[ ] Enable free trial of Malwarebytes Anti-Malware PRO

Then click the Finish button.

Allow Mbam to update, then
Select Perform Quick Scan from the options on the Scanner tab, then
Click the Scan button.

After the scan is complete
Click on Show Results
A window displaying any detected malware is shown
Select all malware (make sure all objects are [a] ticked), then
Click on Remove Selected

The Mbam report file pops up in your text editor when Mbam has completed the removal process.

Select all of the text in the report (Ctrl+A) and paste the text in a new post on this thread.

   Note

If Mbam encounters a file that is difficult to remove, you are asked to restart the computer.
The restart is REQUIRED to allow Mbam to complete the removal of the malware.
Failure to restart means that the malware is still present on your machine.

You want to restart in Normal mode, not in Safe mode.

If Malwarebytes finds anything, using a few more scanners is probably a good idea.

Trying to cover all bases.

Bill
.