why do my Restore Points keep disappearing?

Page 3 of 9 FirstFirst 12345 ... LastLast

  1. Posts : 237
    Windows 7 Home Premium x64 - SP1
    Thread Starter
       #21

    herd Protect - Log of 1st Scan - 2014-05-18


    Log of first scan attached;

    herdProtect 1st Scan_2014-5-18-11-36.txt

    ...advice from herdProtect window, is to do a further scan in 1 hour 15 minutes. Wilco.
    Last edited by sassofalco; 17 May 2014 at 20:51. Reason: ...further note added
      My Computer


  2. Posts : 4,566
    Windows 10 Pro
       #22

    Got your log


    You have got quite some nasties there. Conduit came for a visit. None of the items I have found so far are known to mess with restore points though. But lets get you cleaned up first and move on then from there.

    Remove the following items when you scan again with herdprotect. Click the entry, then choose action - remove:

    1.)
    Code:
    File path: 		c:\users\tony\downloads\cbsidlm-tr1_9-networx-org2-10155904.exe
    Publisher: 		
    Signer: 		CBS Interactive
    MD5: 			b7d4020819dc6b923e5fe9d88231dd08
    SHA-1: 			600a0295369f89c300038d770e5e114f2e25a3af
    Created: 		20/12/2012 21:58:02
    Detections: 		4
    Determination: 		Adware
    			- Dr.Web as Adware.Downware.762 (Adware)
    			- ESET NOD32 as Win32/DownloadAdmin (Undefined malware)
    			- Rising Antivirus as PE:Malware.XPACK/RDM!5.1 (Ignore)
    			- Reason Heuristics as Bundler.PPI.CBSInteractive.AA (Undefined malware)
    2.)
    Code:
    File path: 		c:\program files (x86)\conduit\community alerts\alert.dll
    Publisher: 		Conduit Ltd.
    Signer: 		Conduit Ltd.
    MD5: 			6796f6e449f90a543dc3345538acc46f
    SHA-1: 			97bccd25561f44e9b13f05f6eef083c9ce9ba529
    Created: 		23/06/2011 23:20:46
    Detections: 		6
    Determination: 		Adware
    			- Boost by Reason as Adware.Alert.Conduit.F
    			- VIPRE Antivirus as Conduit (Undefined malware)
    			- Reason Heuristics as PUP.Alert.Conduit.F (Adware)
    			- Malwarebytes as PUP.Optional.Conduit (Adware)
    			- Panda Antivirus as PUP/Conduit.A (Adware)
    			- ESET NOD32 as Win32/Toolbar.Conduit (Adware

    3.) I also advise you to uninstall dvdvideosoft. I know that program, and while it is not technically malicious, they do track everything you do, and it uses opencandy. It is classified as spyware in the security community. If you use the software and are fine with it, you may choose to keep it. But I recommend using/finding another Utility that does the same thing.


    4.) 1.) Download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool


    • Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    2.) Using AdwCleaner v3: Scan & Clean:

    Double click on AdwCleaner.exe to run the tool again.
    Click on the Scan button.
    AdwCleaner will begin to scan your computer like it did before.
    After the scan has finished...

    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.


    3.) Please download Junkware Removal Tool to your desktop.



    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
      My Computer


  3. Posts : 237
    Windows 7 Home Premium x64 - SP1
    Thread Starter
       #23

    Thanks for all so far Andrew,

    Currently, just started 2nd scan, and have noted all the above.

    I'll wait-out until the 2nd finished, and post that log as well.

    In the meantime, I'm logging off from here until the scan is done

    herdProtect 2nd Scan_2014-5-18-13-5.txt

    ...done with 2nd scan

    AdwClearer scan attached, however, I was not certain about the selection of Tabs,
    before the scan. Should I have selected the 'Registry' Tab, before selecting 'Scan',
    or does it not matter?

    AdwCleaner[R0].txt

    Similarly, I haven't a clue what I'm looking at in these logs

    I've not done the second AdwCleaner scan, and will hold off until I get your commennts
    and suggestions about this lot
    Last edited by sassofalco; 18 May 2014 at 00:41. Reason: Logoff note; 2nd scan log added; AdwCleaner scan added
      My Computer


  4. Posts : 4,566
    Windows 10 Pro
       #24

    Wow. adwcleaner found a lot.

    Remove those items with the directions above. Basically hit scan then clean. The tabs do not matter. It selects everything by default.

    1.) Herdprotect shows you did not remove those items I stated above. Do so now when the scan completes. Then restart the pc.

    2.) Scan again with adwcleaner. Clean all threats found by adwcleaner. (Just click clean)

    3.) Restart.

    andrew129260 said:
    3.) I also advise you to uninstall dvdvideosoft. I know that program, and while it is not technically malicious, they do track everything you do, and it uses opencandy. It is classified as spyware in the security community. If you use the software and are fine with it, you may choose to keep it. But I recommend using/finding another Utility that does the same thing.
    4.) Also in step 3 above, are you going to uninstall dvdvideosoft? Or are you deciding to keep it? Reason I ask is they seem to be the distributor of conduit now...since you got conduit from them.
      My Computer


  5. Posts : 237
    Windows 7 Home Premium x64 - SP1
    Thread Starter
       #25

    andrew129260 said:
    Wow. adwcleaner found a lot.

    Remove those items with the directions above. Basically hit scan then clean. The tabs do not matter. It selects everything by default.

    1.) Herdprotect shows you did not remove those items I stated above. Do so now when the scan completes. Then restart the pc. As I understand your advice here - I run herdProtect again, and when complete, select the above two items at 1.) and 2.) Click the entry, then choose action - remove.

    2.) Scan again with adwcleaner. Clean all threats found by adwcleaner. (Just click clean)

    3.) Restart.

    andrew129260 said:
    3.) I also advise you to uninstall dvdvideosoft. I know that program, and while it is not technically malicious, they do track everything you do, and it uses opencandy. It is classified as spyware in the security community. If you use the software and are fine with it, you may choose to keep it. But I recommend using/finding another Utility that does the same thing.
    Used very rarely, then only Video-flip for files received from folks who haven't a clue which way is up on a VidCam! It's now a goner!

    4.) Also in step 3 above, are you going to uninstall dvdvideosoft? Or are you deciding to keep it? Reason I ask is they seem to be the distributor of conduit now...since you got conduit from them.
    NOT keeping! It came in it's own Folder with an Uninstall, so I ran that as Admin. Seems to be no visible evidence of it any more.

    Thanks for your patience and advice Andrew ... I hope that my interpretation of your advice is correct.

    Until I get confirmation, I will leave System Protection ON for my Drives, and go to OFF when I start the scanning and cleaning again. Is that a correct assumption?
      My Computer


  6. Posts : 4,566
    Windows 10 Pro
       #26

    No, keep system protection off! as I stated here:

    andrew129260 said:
    **Let's disable system protection on all drives right now, as this will remove all restore points. Even the latest one that typically cannot be removed. Keep it disabled while we look at your machine. This way the malware (if it exists) has no where to go.....

    We will turn it on once we are sure the malware is all gone. You have all the other stuff correct in your thinking except the above.

    Yes, when you run herdprotect click the entry and then choose action remove.

    I am glad you uninstalled dvdvideosoft.

    Please follow post 24 exactly as instructed.
      My Computer


  7. Posts : 237
    Windows 7 Home Premium x64 - SP1
    Thread Starter
       #27

    DO you not mean your advice at your Post #23?
      My Computer


  8. Posts : 4,566
    Windows 10 Pro
       #28

    sassofalco said:
    DO you not mean your advice at your Post #23?
    huh?


    Yes do everything as instructed in post 22. Remove the items with herdprotect, and then restart. Then run adwlcleaner and clean threats. Then restart again. Like I stated again in post 24. Also please note what I said in post 26 about system protection.
      My Computer


  9. Posts : 237
    Windows 7 Home Premium x64 - SP1
    Thread Starter
       #29

    System Protection is OFF until ALL is done to your advice

    Is it in this window at scan finish that I click and remove?
    If so, I presume that all in Adware/PUPs should be removed?

    Attachment 318328
    Last edited by sassofalco; 18 May 2014 at 10:29. Reason: herdProtect 3rd Scan
      My Computer


  10. Posts : 4,566
    Windows 10 Pro
       #30

    You are doing fine, no need to be embarrassed. When you finish with the other items, report back and let me know how it went. Post new logs after everything is cleared out so I can verify the infections are gone.

    When you are up for it, here is another thing I would like you to do. Take your time when doing steps and do not feel rushed. If you have questions ask. Take one step at a time.


    1.) Do a disk check using option 1:

    Disk Check

    2.) Please Run sfc /scan now using option 2 in this tutorial: SFC /SCANNOW Command - System File Checker

    Please post back the results.
      My Computer


 
Page 3 of 9 FirstFirst 12345 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:35.
Find Us