Jump to content

Real-Time Protection turning off


Recommended Posts

My laptop is a Dell Inspiron N5110.

I am using Google Chrome Browser and Windows 7.

The past few days windows Outlook stops running, Word Documents freeze, and I am unable to open up downloads without going into "Safe" Mode.

The other day ESET discovered a win32/Bundled Toolbar Google D which I sent to "Quarantine" but the problem remains.

I have run, in Safe Mode, Clean Browser Data, ADWCleaner, Kapersky TDSS, RKILL, CCleaner, Malwarebytes Anti-virus, Malwarebytes Anti-Root Kit, etc. but to no avail.

Help on resolving this issue would be greatly appreciated.

Thank you.

 

 

 

Link to post
Share on other sites

Since my original posting, ADWCleaner is picking up an infection.

This has occurred twice.  The first time i "cleaned" it but a few minutes ago i recurred.

Here is the log report of the last episode:

# AdwCleaner v6.042 - Logfile created 12/01/2017 at 12:53:51
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1120 Bytes] - [10/01/2017 13:08:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [2019 Bytes] - [12/01/2017 09:08:27]
C:\AdwCleaner\AdwCleaner[C3].txt - [1136 Bytes] - [12/01/2017 12:53:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [10/01/2017 13:00:37]
C:\AdwCleaner\AdwCleaner[S10].txt - [2119 Bytes] - [12/01/2017 09:07:57]
C:\AdwCleaner\AdwCleaner[S11].txt - [2110 Bytes] - [12/01/2017 09:17:28]
C:\AdwCleaner\AdwCleaner[S12].txt - [2184 Bytes] - [12/01/2017 09:26:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2414 Bytes] - [12/01/2017 12:53:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [1257 Bytes] - [10/01/2017 13:07:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1377 Bytes] - [10/01/2017 13:43:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [1451 Bytes] - [10/01/2017 15:34:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1523 Bytes] - [10/01/2017 20:16:22]
C:\AdwCleaner\AdwCleaner[S5].txt - [1596 Bytes] - [11/01/2017 04:14:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [1670 Bytes] - [11/01/2017 05:21:47]
C:\AdwCleaner\AdwCleaner[S7].txt - [1742 Bytes] - [11/01/2017 05:45:42]
C:\AdwCleaner\AdwCleaner[S8].txt - [1815 Bytes] - [11/01/2017 16:10:04]
C:\AdwCleaner\AdwCleaner[S9].txt - [1888 Bytes] - [12/01/2017 05:14:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2235 Bytes] ##########
 

 

 

 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

 

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by Lewis (18-01-2017 14:12:22) Run:1
Running from C:\Users\Lewis\Downloads
Loaded Profiles: Lewis (Available Profiles: Lewis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000 -> DefaultScope {BF508C70-3010-42B4-ACE6-F6229AA0A678} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000 -> {BF508C70-3010-42B4-ACE6-F6229AA0A678} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
AlternateDataStreams: C:\ProgramData\Temp:B3917990 [117]
AlternateDataStreams: C:\Users\Lewis\Amazon Drive:com.amazon.drive.sync [87]
AlternateDataStreams: C:\Users\Lewis\Amazon Drive:com.amazon.drive.sync.root [42]
EmptyTemp:
Reboot:

*****************

Processes closed successfully.
Restore point was successfully created.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => key removed successfully
HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => key removed successfully
HKCR\Wow6432Node\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => key not found. 
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF508C70-3010-42B4-ACE6-F6229AA0A678} => key removed successfully
HKCR\CLSID\{BF508C70-3010-42B4-ACE6-F6229AA0A678} => key not found. 
C:\ProgramData\Temp => ":B3917990" ADS removed successfully.
C:\Users\Lewis\Amazon Drive => ":com.amazon.drive.sync" ADS removed successfully.
C:\Users\Lewis\Amazon Drive => ":com.amazon.drive.sync.root" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3941557 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 116234578 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Lewis => 16659446 B

RecycleBin => 324595 B
EmptyTemp: => 146.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:12:52 ====

Link to post
Share on other sites

I am still have a recurring problem as evidenced by the following symptoms:

 

  1. Outlook 2010 will go into “not responding” mode.
  1. Office 2010 Word Document also goes into “not responding.”
  1. During these episodes I am unable to enter “Downloads” and open up any tools. e.g. ADWCleaner,
  1. Outlook, Office and Downloads will open in “Safe Mode.”

This sad problem has reared its pesky head three times this morning.

I have gone to “Programs,” “Microsoft Outlook 2010” “Microsoft Home and Student 2010” to effect “Repairs” but the issue remains.

Link to post
Share on other sites

  • Root Admin

Let me have you  try rebuilding the Performance Counters and see if that helps for some issues.

Membership in the local Administrators group is required to complete this procedure.

To rebuild the list of counters in the registry:

    Click Start, expand All Programs, and expand Accessories.
    Right-click Command Prompt, and then click Run as administrator.
    At the command prompt, type lodctr /r, and then press ENTER.


That informamtion came from this link. Though it's listed for Windows Server 2008 R2 it typically applies to other OS as well.

https://technet.microsoft.com/en-us/library/dd363642%28v=ws.10%29.aspx


If needed you may need to run it from Safe Mode.
Boot into Safe Mode with Command Prompt and try to enter the lodctr /r command from there if you get errors in Normal Windows

 

 

For the Search issue you may have to manually open Windows Search and delete the current index and rebuild it.

See if these links help further

https://www.techwalla.com/articles/how-to-delete-a-windows-search-index

http://www.thewindowsclub.com/windows-edb-file

 

Link to post
Share on other sites

  1.  I have run the “lodctr /r” as administrator as instructed and the results may be seen in the attached screen shot.

 

I have to confess I do not know what a “Local Administrators Group” is so I am not certain if I am to do anything further in this process.

 

  1. In following the instructions on how to: “Delete the Windows Search Index File” and after clicking on “Hidden Items.”:

 

When I reach “edb” in the C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb, I get a popup message asking me to select a program to open it with. [See Screen Shot attached.]

1 Safe.jpg

1 edbd.jpg

Link to post
Share on other sites

  • Root Admin

You don't want to click it and open it. You want to delete the file. We'll look at another way for that.

Since you're running ESET antivirus you should be protected while we do the next test. Please temporarily uninstall Malwarebytes and try to duplicate this freezing again and let me know if it happens over the next couple of days or not.

Thanks

 

 

Link to post
Share on other sites

I turned Malwarebytes off yesterday and kept Avast Anti-Virus running.

This morning I ran ESET as a precaution and it did detect one virus.

 

Win32/Bundled.Toolbar.Google.D, Win32/Toolbar    [See Image attached].

I shall monitor this and see if any pesky virus'es rear their ugly heads over the next 2-3 days.

 

 

 

1 paint.jpg

Link to post
Share on other sites

I have gone to the suggested link and performed the instructions for:

1.  Windows Built-In Troubleshooting

2.  Rebuild the Index

3.  Check If Windows Search Index is Enabled

4.  Ensure Search Service is Active

The link ends with instructions to:

  1. Step 2: On the services window, search for Windows Search service. Select the service and turn it off by clicking on Stop from the top left.

 

 

 

Link to post
Share on other sites

  • Root Admin

The error has not gone away. But it's complaining about old data, so a rebuild or reset via those directions should have fixed that. Probably need to get some screen shots of what you have going on.

For now please run the following for me.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

For the Search issue please run the following.

Click on Start, Control Panel. Then in the top right type in the word SEARCH and you should get a trouble shooter listed like the images below.

control_panel_search_for_troubleshooter.jpg

 

Then click on the blue linked words under the green Troubleshooting applet.

Search_and_Indexing_TroubleShooter1.jpg

Click the Advanced option and set these options.

Search_and_Indexing_TroubleShooter_advanced1_set_options.jpg

Then click next, if prompted it could not find anything or asks you to run with Administrator rights click Yes.

Search_TroubleShooter_with_Admin_Rights.jpg

 

Then let it search and find, fix issues for you.

On a good, clean, working system here is what it checks and should show no issues if all is good.


PrintSearch and Indexing Publisher details 

Potential issues that were checked 
Incorrect permissions on Windows Search directoriesIncorrect permissions on Windows Search directories
When permissions on the Windows Search data directories are set incorrectly, the search service might not be able to access or update the computer's search index. This can result in slow searches or incomplete search results. Issue not present  
Search Filter Host process failedSearch Filter Host process failed
Problems with the Search Filter Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. Issue not present  
Windows Search service shut down unexpectedlyWindows Search service shut down unexpectedly
When the Windows Search service is forcibly shut down while performing maintenance, searches might fail or return incomplete search results. Issue not present  
Windows Search service shut down unexpectedlyWindows Search service shut down unexpectedly
When the Windows Search service is forcibly shut down, searches might fail or return incomplete search results. Issue not present  
Windows Search service not runningWindows Search service not running
When the Windows Search service is not running, searches might be slower, and you might not be able to find all items. Issue not present  
Windows Search service failedWindows Search service failed
Problems with the Windows Search service can cause searches to fail or return incomplete search results. Issue not present  
Search Protocol Host process failedSearch Protocol Host process failed
Problems with the Search Protocol Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. Issue not present  

Potential issues that were checked Detection details 

 Incorrect permissions on Windows Search directories Issue not present  
 
When permissions on the Windows Search data directories are set incorrectly, the search service might not be able to access or update the computer's search index. This can result in slow searches or incomplete search results. 
 
 Search Filter Host process failed Issue not present  
 
Problems with the Search Filter Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. 
 
 Windows Search service shut down unexpectedly Issue not present  
 
When the Windows Search service is forcibly shut down while performing maintenance, searches might fail or return incomplete search results. 
 
 Windows Search service shut down unexpectedly Issue not present  
 
When the Windows Search service is forcibly shut down, searches might fail or return incomplete search results. 
 
 Windows Search service not running Issue not present  
 
When the Windows Search service is not running, searches might be slower, and you might not be able to find all items. 
 
 Windows Search service failed Issue not present  
 
Problems with the Windows Search service can cause searches to fail or return incomplete search results. 
 
 Search Protocol Host process failed Issue not present  
 
Problems with the Search Protocol Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. 
 

Detection details Expand 

InformationalDirectory 
Windows Search data directory 
Directory: C:\ProgramData\Microsoft\Search\Data\ 
 
InformationalUser-reported problems 
Problem Type:  FilesMissingProblem 
 EmailMissingProblem 
 ResourceUsageProblem 
 
Collection information 
Computer Name:  MBAM 
Windows Version: 6.1 
Architecture: amd64 
Time: Monday, January 30, 2017 7:40:40 PM 

Publisher details Expand 

Search and Indexing 
Find items on your computer using Windows Search. 
Package Version: 1.0 
Publisher: Microsoft Windows 
Search and Indexing 
Find items on your computer using Windows Search. 
Package Version: 1.0 
Publisher: Microsoft Corporation 

 

Try that and see what you come up with please.

 

Link to post
Share on other sites

1.  Attached find the "FixLog.txt" you requested.

2.  At the conclusion of following the "Search and Index" instructions a message came up saying: "Troubleshooting couldn't identify the Problem." [see message attached]

3.  Also since reinstalling "Malwarebytes Anti-Virus" Updates have not been occurring automatically and Scans have not be taking place automatically every 24 hours. [see message attached.

Fixlog.txt

1 not identify problem.png

paint scheduled scan.jpg

Link to post
Share on other sites

  • Root Admin

Okay, in Control Panel, type the search again but this time click on the "Indexing Options" and then click on Advanced.

In the middle under Troubleshooting click the REBUILD button. It will prompt about it taking a long time, etc. Click OK and let it run.

Let it run for at least an hour. Then yes, go ahead and do the clean removal of Malwarebytes and reinstall it again.


Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x


Get the latest version from here:

 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.