Windows 10: I Cannot Create Restore Point.

[EddoX]

When I open Outlook, I always get an error "Failed to Update Headers".  I read some things about this problem and one guy said it was due to anti-virus program. He continued - "this problem happens frequently with my antivirus but it may also still happens (but rarely) when you disable scanning IMAP protocol in your antivirus."  My question is how do I disable scanning IMAP protocol in Malwarebytes 3?

[Porthos]

7 minutes ago, EddoX said:

My question is how do I disable scanning IMAP protocol in Malwarebytes 3?

Malwarebytes does not scan Email.

[Porthos]

 

5 minutes ago, EddoX said:

Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3351
License: Premium

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 9
PUP.Optional.Delta, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3662], [455070],1.0.3349
PUP.Optional.SweetPacks, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1048], [455283],1.0.3349
PUP.Optional.Conduit, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454832],1.0.3349
PUP.Optional.Conduit, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454832],1.0.3349
PUP.Optional.SweetPacks, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1048], [455283],1.0.3349
PUP.Optional.SweetIM, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1183], [455282],1.0.3349
PUP.Optional.SweetIM, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1183], [455282],1.0.3349
PUP.Optional.Conduit, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454832],1.0.3349
PUP.Optional.Conduit, C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454832],1.0.3349Physical Sector: 0
(No malicious items detected)
(end)

 

- Found with Adwcleaner
***** [ Folders ] *****
Deleted: C:\ProgramData\BSD\DriverHive
Deleted: C:\ProgramData\Application Data\BSD\DriverHive
Deleted: C:\Users\All Users\BSD\DriverHive
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Deleted: C:\Program Files (x86)\DriverToolkit
Deleted: C:\Users\Ed\AppData\Local\DriverToolkit
Deleted: C:\ProgramData\BSD\DriverHiveEngine
Deleted: C:\ProgramData\Application Data\BSD\DriverHiveEngine
Deleted: C:\Users\All Users\BSD\DriverHiveEngine

***** [ Registry ] *****
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-1128812984-3042017634-2777406424-1001\Software\BSD
Deleted: [Key] - HKLM\SOFTWARE\Auslogics

First, could you follow the screenshot and update. Then run a threat scan. 

When finished please do the following

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
2. Download FRST and save it to your desktop
   NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
4. Press the "Scan" button
5. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
   NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
6. NEXT: Create and obtain an mb-check log
7. Download MB-Check and save to your desktop
8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
9. This will produce one log file on your desktop: mb-check-results.zip
10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

 

[EddoX]

I have 2 admin Users, Ed and Edwar.  Good thing.  Ed is acting weird - he cannot create a restore point.
Gets an error "The restore point could not be created for the following reason:  
Access is denied. (0x80070005)".   Plus, it takes admin Ed a long time to come to this conclusion and he seems to make my computer run slower. 

When I logout as Ed and login as Edwar, he can create a restore point easily and quickly.

Second, there are other issues associated with admin "Ed". For example, I just ran Malwarebytes and when I saved a results text, Chrome abruptly quit without warning.  Other problems I encountered with Ed are too long to explain right now.  My main concerns are admin Ed's health and not being able to create restore points. 

 

[Porthos]

We already have a topic open. Lets keep it there.

[EddoX]

Here is the zip file.  mb-check-results.zip

[EddoX]

Side note/question.  It seems that Malwarebytes website wants 2 different logins - one for this forum and a different one for SUPPORT. I do not know my password for the SUPPORT login.  Do you know how I can set a new one?

[Porthos]

58 minutes ago, EddoX said:

Here is the zip file.  mb-check-results.zip

Have you run a threat scan since updating to the new component update? Do those PUP's from before still show up?

[EddoX]

Both Malwarebytes and AdwCleaner found no threats today.  That's nice.  

[Porthos]

On 12/2/2017 at 9:18 PM, EddoX said:

I have 2 admin Users, Ed and Edwar.  Good thing.  Ed is acting weird - he cannot create a restore point.

Create a new account for "Ed" and transfer the data from "ed" to the new account and delete the old ED account.

[EddoX]

I did that 2 nights ago and the new admin account (Edw) cannot create restore points either.  Do you think you can assist me in solving this problem. I'm wondering if you are collecting data to help make Malwarebytes better or to help me solve the problem, or both.  I appreciate your time and effort whatever your reason.  I hope we can solve my issue and at the same time contribute to help Malwarebytes. 

[Porthos]

21 minutes ago, EddoX said:

I'm wondering if you are collecting data to help make Malwarebytes better or to help me solve the problem, or both. 

Logs are used to know what id going on with your computer since I/we are not sitting in front of it. The goal is to get is to get MB working.

 

24 minutes ago, EddoX said:

new admin account (Edw) cannot create restore points either. 

I personally do not believe in Windows system restore and rely on system images created by Macrirm Reflect. A free version is available.   

3 things to do first.

1-Run check disk https://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

2-Run system file checker https://www.tenforums.com/tutorials/2895-run-sfc-command-windows-10-a.html

3-And use DISM  https://www.tenforums.com/tutorials/7808-use-dism-repair-windows-10-image.html

 

[EddoX]

do you know a good forum where I can get help fixing this problem?

Does Malwarebytes wake my computer from sleeping to run a scheduled scan?  Seems like not. 

[Porthos]

1 hour ago, EddoX said:

do you know a good forum where I can get help fixing this problem?

https://www.tenforums.com/

I am assuming you followed all my instructions and it did not fix the system restore issue?

1 hour ago, EddoX said:

Does Malwarebytes wake my computer from sleeping to run a scheduled scan?  Seems like not. 

It does not. But I will get you an official response to that from staff. @dcollins @vbarytskyy @nikhils @AdvancedSetup

Edited December 7, 2017 by Porthos

[EddoX]

Are you refering to your instructions about using Macrirm Reflect?  I have not.  Does each step need to be run everytime I want to make a system image?

[Porthos]

3 minutes ago, EddoX said:

Does each step need to be run everytime I want to make a system image?

They are to hopefully repair your system so restore will get fixed.

[Porthos]

11 minutes ago, EddoX said:

Macrirm Reflect? 

A system image is the best form of restore there ever was. Remember system restore is turned off by default in Windows 10. MS would rather see you run the built-in refresh to fix things, even though that does not always work. 

I install Macrium for all my clients and highly suggest they use it. All it requires is an external drive and a little time each month. It has saved a few of my clients big time.

Edited December 7, 2017 by Porthos

[EddoX]

OK.  I'll run the steps and report back later. Dinner now. Wife wants my company.  

[Porthos]

15 minutes ago, EddoX said:

I'll run the steps and report back later.

They are time-consuming so don't get in a hurry.

[EddoX]

I ran "Dism /Online /Cleanup-Image /ScanHealth" and it reported "no component store corruption detected.  So does that mean I don't need to run "Dism /Online /Cleanup-Image /RestoreHealth /Source:wim:Full Path to install.wim file:<Index Number>".  I'll finish tomorrow. 

[dcollins]

@Porthos is correct, Malwarebytes will not wake your computer from sleep to run a scan.

 

[EddoX]

• I ran "Dism /Online /Cleanup-Image /ScanHealth" and it reported "no component store corruption detected.  So does that mean I don't need to run

• "Dism /Online /Cleanup-Image /RestoreHealth /Source:wim:Full Path to install.wim file:<Index Number>".