I removed Malwarebytes but still have the problem. I have not yet removed Ccleaner.
An odd thing is that yesterday a short day at work, so came home and began toying with the PC. Created a manual restore point and all seemed fine until the evening. So IS something on the system wiping points out after 6pm or just a big coincidence?
anything noticble from my Wiztree scan?
1 hour ago, sethm1 said:<div class="ipsQuote_contents"> <p style="background-color:#ffffff;font-size:14px;"> I removed Malwarebytes but still have the problem. I have not yet removed Ccleaner....Created a manual restore point and all seemed fine until the evening. So IS something on the system <strong>wiping points out after 6pm</strong> or just a big coincidence? </p> </div>
Hi sethm1:
On my system it looks like the restore points are being wiped out the first time my Vista SP2 OS tries to automatically create a scheduled restore point after CCleaner (or Malwarebytes, if it's involved somehow) runs a scan. The creation of that new restore point (and deletion of the older restore points) could happen several hours after CCleaner runs a scan (note the time gaps between my CCleaner/Malwarebytes scans and the volsnap errors in my images <above>). I assume that's why I can still see my old restore points immediately after I've run CCleaner and/or Malwarebytes - because the older restore points aren't purged until my system runs an automated task that tries to create a new restore point. I haven't determined yet if the creation of the new restore point is enough to trigger the deletion of my older restore points or if my system also requires a re-boot before the older restore points are purged to free up allocated disk space.
One question for you. Further to your recent thread Help removing all of Norton I.S. in the Norton forum, did you install a different antivirus recently, and if so do you know know if it has built-in disk cleaning or if the antivirus installer came bundled with some utility like AVG PC Tune-up? The automated reply in post # 2 of your Malwarebytes thread has instructions on how to collected diagnostic logs using the Malwarebytes Support Tool (expand the section titled "If you are having technical issues...") and it would be helpful if you could post the requested mbst-grab-results.zip file in your Malwarebytes thread. I'm subscribed to that Malwarebytes thread so I'll know when you post there, and the Farbar (FRST) diagnostic logs inside that zipped file will show us some of the other third-party software installed on your computer.
EDIT:
...and since you've been running Malwarebytes and SuperAntiSpyware scans recently, do you have any reason to believe that you might have malware on your system that could be deleting your restore points?
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
Attaching the log. And regarding the mention of the tool in that #2 post you mentioned. I thought it was part of an add, so I overlooked it.
Also including Webroot system scan. (only one issue found - something about explorer.exe - but not clear what exactly).
I am about to uninstall CCleaner. The manual restore points from this am are gone already so the mention above about 6pm not a factor or a clue. And I got rid of Norton as it was causing a lot of other issues. And not sure if restore points missing then as was not paying attention. Also since then, one of the microsoft solutios was to turn off the System Restore Point feature - so of course any old ones I had are long gone. Now using Webroot Secure Anyware - as it came with the Best Buy Geek squad 1 yr protection. If after removing CCleaner my just now created restore point is missing in 2 hrs, then I'll remove Webroot and use the Windows Defender. If still then same restore problem with Defender - then this must be a Windows OS issue. I may not be back on the forum for another 2 yrs...
1 hour ago, sethm1 said:<div class="ipsQuote_contents"> <p> ...Now using Webroot Secure Anyware - as it came with the Best Buy Geek squad 1 yr protection.. </p> <div> <div> <div> <p> <a class="ipsAttachLink" data-fileid="10979" href="<___base_url___>/applications/core/interface/file/attachment.php?id=10979" rel="">mbst-clean-results.txt</a> </p> <p> <a class="ipsAttachLink" href="<___base_url___>/applications/core/interface/file/attachment.php?id=10980" data-fileid="10980" rel="">SysAnalyzerLog-Wed_2018-07-04_12-59-56.log</a> </p> </div> </div> </div> </div>
Hi sethm1:
The Malwarebytes mbst-clean-results.txt file wasn't the log I was looking for - it looks like you used the Malwarebytes Support Tool to remove Malwarebytes (the Clean button) instead of gathering diagnostic logs (the Gather button). They probably won't be able to do much to help you over in the Malwarebytes forum if you uninstalled their product before gathering Malwarebytes / Farbar Recovery Scan Tool (FRST) diagnostic logs with the Malwarebytes Support Tool but I wouldn't worry about it unless someone in that forum asks for new set of diagnostic logs. I'm not a certified MSCE technician but I'll take a quick look through the system information log you provided above and post back if I notice anything that's an obvious concern.
I don't know much about Webroot SecureAnywhere but the home page at https://www.webroot.com/ca/en/home/products/complete does mention that it comes with a feature called System Optimizer that "also reclaims hard drive space and improves performance by deleting unnecessary files" . You might want to check through your Webroot System Optimizer settings (Advanced Settings | System Optimizer) and then see if you have any Webroot System Optimizer disk cleans scheduled to run automatically (Advanced Settings | Scheduler | System Optimizer or Utilities | System Optimizer | Schedule) that could be wiping your older restore points.
Just an FYI that I visited the FileHippo site today and https://filehippo.com/download_ccleaner/ shows that a new CCleaner v5.44.6577 was released today (04-Jul-2018), but when I checked the official CCleaner release history at http://www.ccleaner.com/ccleaner/version-history it still lists v5.44.6575 (released 26-Jun-2018) as the latest available version. I haven't seen any information yet on why a new v5.44.6577 installer was posted on the Avast/Piriform FTP servers or if the newer version includes a minor bug fix.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
On 7/2/2018 at 10:17, nukecad said:<div class="ipsQuote_contents"> <p> ...There was a new 'Storage Sense' feature introduced with 1709, and some of the features and settings changed with 1803. That may be automatically cleaning your older restore points, among other things....It should be disabled by default, but may have been turned on during the update to 1803... </p> <p> If it is on then you can change the settings, or turn it off again, in Settings>System>Storage. </p> <p> Here's an article about it: <a href="https://www.guidingtech.com/windows-10-storage-sense-enable/" rel="external nofollow">https://www.guidingtech.com/windows-10-storage-sense-enable/</a> </p> </div>
HI sethm1:
...and further to nukecad's 02-Jul-2018 comment, did you ever confirm that your Win 10 Storage Sense feature is disabled? Version updates in Win 10 (e.g., 1709 to 1803) are especially notorious for changing configuration settings without the users knowledge. Win 8.x and Win 10 users posting in the Norton forum are frequently asked to disable the Fast Startup feature because this hybrid shutdown / boot feature can interfere with the loading of Norton services at boot-up and causes all sorts of odd glitches with Norton security programs (and many other third-party software programs), and it's not unusual for Fast Startup to re-enable itself after a major Win 10 update.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
Storage Sense is disabled.
Yes I had deleted Malwarebytes & CCleaner. I just removed Webroot and now using Windows Defender. Created a restore point and will check again around 6:30/7pm. Also just did a reboot (wonder if I should have done a full shutdown and then a start up). Also removed Aomie Backerupper - just in case that was the culprit.
If then ALL good, then my problem is with Webroot and not sure where the setting within it might be that is removing restore points.
TBH I suspect that this is one of those ocassional issues that crops up and then disappears again without anyone knowing (or admitting) why.
Most of the time it's something Microsoft, but it could be something that MS has changed and programme devs have not caught up with yet.
Update: I think the culprit is Webroot secure Anywhere. I am not (yet?) convinced its a Windows OS issue.
Its now 7:30 and earlier restore points still showing.
So after removing : Malwarebytes, Superantispyware, Aomei Backupper, CCleaner & running error checker, chkdsk /F C.
I then uninstalled the Webroot (now using Windows Defender).
My manually created restore points have NOT disappeared since uninstalling Webroot. SO, there must have been a settiing within Webroot affecting System Restore and VSS.
I would like to think that Webroot a better A/V then Defender - so have asked Webroot Tech folks for a fix.
Oh and also last nite I changed the virtual memory/page file from system managed to mim of 16,384 and Max of 49,152 - I have 16GB or RAM. But that did not seem to work.
Looks like progress.
That's the problem with troubleshooting things like this, it takes time.
To be sure you have to change only one thing at once then wait (24 hrs, a week?) to see what happens and be sure that one was the cause or not.
Then change the next one and wait..........
Well guess i was wrong. I think it is a windows os issue.
On 7/4/2018 at 08:58, lmacri said:<div class="ipsQuote_contents"> <p> I found some recent recent <strong>volsnap errors</strong> logged in my Windows Event Viewer, and according to the StackExchange SuperUser thread<span> <a href="https://superuser.com/questions/738739/volsnap-the-shadow-copies-of-volume-c-were-aborted-because-of-an-io-failure-on" rel="external nofollow">v<em>olsnap: The shadow copies of volume C: were aborted because of an IO failure on volume C:</em></a> these <strong>Event 14</strong> errors occur when </span> there is <strong>no space left</strong> for shadow copies to function correctly (i.e., current usage has exceeded the maximum space allocated for system restore points).... </p> </div>
Just an update on my testing. I've run four Threat Scans with Malwarebytes Free since 03-Jul-2018 (without running CCleaner v5.44 that entire time) and none of my system restore points created since then have been wiped. I haven't finished my testing yet but it looks unlikely now that Malwarebytes has anything do with my disappearing restore points.
I ran a CCleaner disk clean this morning. I'll wait for a day or so for my Vista SP2 to create a new (scheduled) restore point and see if this generates another volsnap error that wipes my restore points.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
Ive been running the pc without ccleaner and malware bytes all week. Weds i “installed” this time the portable version of ccleaner. Ran the cleaner and then the registry cleaner - but only deleted entries of the programs I uninstalled sine last weekend. Last nite installed and ran malware bytes - which reported pc being clean.
so far with all this testing, I dont think its any of the 3rd party programs or the antivirus program. I had uninstalled webroot and began using Windows Defender - but even with Defender I was losing the restore points.
How did you add “Scheduled Checkpoint” ?
I tried setting up so that a restore point would be created each time I boot up - but cant. Its weird, its as if the system shows Restore points enabled but actually its not.
52 minutes ago, sethm1 said:<div class="ipsQuote_contents"> <p> ....How did you add “Scheduled Checkpoint” ?I tried setting up so that a restore point would be created each time I boot up - but cant. Its weird, its as if the system shows Restore points enabled but actually its not. </p> </div>
Hi sethm1:
I have a Vista SP2 OS which automatically schedules the creation of system restore points by default. From my Task Scheduler (Task Scheduler Library | Microsoft | Windows | System Restore):
System Restore is disable on Windows 10 machines by default, and according to the Windows Central tutorial How to Use System Restore on Windows 10 if you enable System Restore on a Win 10 machine "a new restore point will be created automatically when an important system change occur, such as before an installation of a Windows 10 update" .
The Winaero support article Create System Restore Point on Schedule in Windows 10 and the TenForums tutorial How to Automatically Create System Restore Point on Schedule in Windows 10 both have instructions for creating scheduled restore points but please note that you must make an edit in your Win 10 registry before you create the scheduled task in your Win 10 Task Scheduler, so I wouldn't suggest you try this unless you have advanced troubleshooting skills and can undo these changes if anything goes wrong.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
I said I'd keep an eye on those RP's and the ones that I created the other day.
The oldest one of the 5 just got removed. The other 4 are still there.
It happened sometime this evening (about midnight?), 27 or 28 days after it had been created.
This suggests to me that it was Windows 10 that removed it after it became a 'month' old.
So my next oldest should dissapear in about 12 days?
I believe that the Windows default for removing old RP's was 90 days.
But maybe that has been reduced with Windows 10 Home because it does 'forced' Updates every Patch Tuesday?
It possibly could make sense to delete the oldest RP (if there are more than 2) shortly before Patch Tuesday creates a new one, of course the oldest would probably be from the last Patch Tuesday.
It will be interesting to see what happens after tomorrows Patch Tuesday Update.
Sorry I know that doesn't apply to Vista.
Thanks, in my case even just one restore point disappears - after about 4 hrs and on a daily/continued basis.
You may already have done this but-
Have you checked your registry to see if there has been a "RPLifeInterval" key created?
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore)
If it has been created then it sets the 'age' at which a RP will be removed, the time value is in seconds.
I don't have one so will be using the system default.
5 hours ago, nukecad said:<div class="ipsQuote_contents"> <p> ...Have you checked your registry to see if there has been a <span><em>"RPLifeInterval" </em>key created? </span>(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore). <span>If it has been created then it sets the 'age' at which a RP will be removed, the time value is in seconds...</span> </p> </div>
Hi nukecad:
My registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\RPLifeInterval is set to the Vista default of 4294967295 sec (49701 days or 136 years) per the TechRepublic article Vista's SystemRestore Points Set to Delete After...136 years !!! so I doubt that my Vista SP2 OS is automatically deleting my Restore Points (RPs) because of their age.
Here's an old screenshot I captured back in March 2017 with just a partial list of my RPs showing that it's normal for me to have a dozen or so RPs stored on my hard drive. When I reach Vista's default max 15% disk space allotted for restore points (~33 GB of my 220 GB C:\drive as shown <here> when I run the vsssadmin list shadowstorage command) it's normal for me to see the oldest RP deleted to make room for a new RP. I currently have about 125 GB of free disk space on C:\ so lack of free disk space should not be an issue.
Like the OP sethm1, my issue is not that the oldest system restore point is being deleted. My issue is that every time I see one of these volsnap errors in my Event Viewer (which first appeared in mid-May 2018, around the same time that CCleaner v5.42 was released) every restore point is deleted except the most recent restore point created, as shown <here>.
Extended support for my Vista SP2 OS ended in April 2017 and I'm not receiving regular security updates on Patch Tuesdays anymore (aside from the occasional update for my Windows Defender definition set) so it's also unlikely that a recent update to my OS caused this problem.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
I do not have a RPLifeInterval entry.
Should I? Will creating one correct my problem ?
Adding a screen shot of the System Restore folder. The one item I am concerned with is the RestoreStatusDescription. But what about the others?
And note the subfolder "Error Report files" that was not there before all this started.
On 7/8/2018 at 20:00, nukecad said:<div class="ipsQuote_contents"> <p> ...This suggests to me that it was Windows 10 that removed it after it became a 'month' old. So my next oldest should dissapear in about 12 days? </p> <p> I believe that the Windows default for removing old RP's was 90 days. But maybe that has been reduced with Windows 10 Home because it does 'forced' Updates every Patch Tuesday?... </p> </div>
Hi nukecad:
My understanding is that after you enable System Protection in Windows 10:
This assumes that you allocated enough disk space to store your new restore points when you enabled System Protection on your C:\ drive. The TenForums tutorial Windows 10: Turn On or Off System Protection for Drives in Windows 10 shows the user allocating 4% (10 GB) of their 250 GB hard drive, which might be a good starting point. Once that allocated disk space is used up older restore points will be deleted to make room for new ones. There are additional links at the bottom of that article for related tutorials on how to manage restore points in Windows 10.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.14.2.13 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.44.6575 * TreeSize Free Portable v4.1.2.407
Neither of those 2 Windows 10 bullet points are what i am experiencing.
i have allocated 9% or 20.91 GB. Now up until today the current usage was hovering around 3 GB. Tonite it shows 17.25 GB used but there are only 3 showing restore points.