@ miciotta62
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
However, that said, I wouldn't expect GMER to find anything as it is a specialist anti-rootkit scanner.
MBAM is a weird bird as I have been using it for ages and I still don't know if it scans system restore points as there is nothing specific in the Scanner Settings (image1). This is further complicated in that I gave up on system restore (for hard disk imaging) many years ago, so I have empty system volume information folders (no restore points).
HiJackThis is a busted flush as it hasn't been updated in well over a year, not to mention it is an analysis tool and again, it doesn't check the system volume information (restore points).