Eagleeye

Morning DD1, A final follow-up note to my OP here. Noel replied to my post in the Seven Forums this morning. After reviewing everything, including the MGAdiag report, it was her opinion that the appearance of the dialog box was likely just some momentary glitch or perhaps the result of an overactive AV. She didn't see any issues in the MGAdiag report, but said if the problem returns and persists past a couple of reboots, to post back with another report and she will re-evaluate. Much obliged for all your help! EE

Hi DD1, Just a note that I have posted this issue in the Seven Forums just now and am awaiting a reply. Thanks again for all the help! EE

Hi again DD1, Just a note that I followed the instructions given by the MS MVP at the link you provided, using IE11 instead of FF to go to the website and download the file. The validation file downloaded fine, but when running it...all it does is go to the advertisement shown in the attached screenshot...and doesn't do anything else. EE

Thanks very much for the follow-up DD1! I followed the instructions at the first link you provided and have posted the MGA diagnostic results below. I also went into the root directory on my computer and noted I evidently previously ran this same tool back in July 2013. From what I see, the results appear to be the same as this report. This computer was purchased from U.S. Micro on ebay (by a close friend), with Win 7 pre-installed + 2 backup OS CD's/DVD's (1 - 32 bit, and 1 - 64-bit). I remember going through the validation check when I first turned the computer on, and entering the product key, etc. This is a 64-bit machine. In [Control Panel] > [Windows Updates], there are only 4 optional updates shown as being available. None of them are things which I need though. No other updates are shown. Hope this helps. (Figured I'd wait to hear back something before trying to do anything else). Thanks again! EE Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Code: 0Cached Online Validation Code: 0x0Windows Product Key: *****-*****-RT97J-JR7F3-Y7WQ4Windows Product Key Hash: sOmDoeElDT4lZhDJPOgK9nIdNs8=Windows Product ID: 00371-OEM-8978064-98707Windows Product ID Type: 3Windows License Type: OEM System BuilderWindows OS version: 6.1.7601.2.00010100.1.0.048ID: {FE440150-A938-4D80-9FDC-0AC0E8420E91}(3)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: N/A, hr = 0x80070002Signed By: N/A, hr = 0x80070002Product Name: Windows 7 ProfessionalArchitecture: 0x00000009Build lab: 7601.win7sp1_gdr.140303-2144TTS Error:Validation Diagnostic:Resolution Status: N/AVista WgaER Data-->ThreatID(s): N/A, hr = 0x80070002Version: N/A, hr = 0x80070002Windows XP Notifications Data-->Cached Result: N/A, hr = 0x80070002File Exists: NoVersion: N/A, hr = 0x80070002WgaTray.exe Signed By: N/A, hr = 0x80070002WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->Office Status: 109 N/AOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->Other data-->Office Details: <GenuineResults><MachineData><UGUID>{FE440150-A938-4D80-9FDC-0AC0E8420E91}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-Y7WQ4</PKey><PID>00371-OEM-8978064-98707</PID><PIDType>3</PIDType><SID>S-1-5-21-1148028144-535642835-337438232</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 755 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A12</Version><SMBIOSVersion major="2" minor="5"/><Date>20081209000000.000000+000</Date></BIOS><HWID>6E473307018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B9K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002Licensing Data-->Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional editionDescription: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channelActivation ID: 90a61a0d-0b76-4bf1-a8b8-89061855a4c9Application ID: 55c92734-d682-4d71-983e-d6ec3f16059fExtended PID: 00371-00178-780-698707-02-1033-7601.0000-3572012Installation ID: 017980752315518701293185829310604051002115305012289871Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340Partial Product Key: Y7WQ4License Status: LicensedRemaining Windows rearm count: 2Trusted time: 5/17/2014 7:40:49 AMWindows Activation Technologies-->HrOffline: 0x00000000HrOnline: 0x00000000HealthStatus: 0x0000000000000000Event Time Stamp: 3:17:2014 15:02ActiveX: Registered, Version: 7.1.7600.16395Admin Service: Registered, Version: 7.1.7600.16395HealthStatus Bitmask Output:HWID Data-->HWID Hash Current: MgAAAAEABAABAAIAAAABAAAAAQABAAEAln20+f4AiiiSLiivOuwYOGrmIr3audZEKoU=OEM Activation 1.0 Data-->N/AOEM Activation 2.0 Data-->BIOS valid for OA 2.0: yesWindows marker version: 0x0OEMID and OEMTableID Consistent: yesBIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL B9K FACP DELL B9K HPET DELL B9K BOOT DELL B9K MCFG DELL B9K SSDT DELL st_ex ASF! DELL B9K ____ DELL B9K SLIC DELL B9K

Hi DD1, I'm still plugging-along......thanks very much for asking! This latest issue seems to be different than the one I posted about before, but this is the same computer I was using when I made the other post in July 2013. I don't see any text about my version of Windows not being genuine. (Haven't seen that text again since the time of the post you referenced). Also, the Win 7 Action Center does not report any issues. Much obliged for the link to the other post I made. I sometimes forget to check and see if I've previously posted about something, before creating a new topic! Cheers! EE

Good morning everyone, Wasn't exactly sure just which sub-forum this would be most appropriately-posted in, so my apologies if this isn't the best place. (Referencing the attached screenshot)...this dialog box, was seen displayed on my Desktop screen, as well as, a triangular-shaped, yellow-colored, icon with an exclamation mark in it on the left side of the Taskbar when I turned on the monitor this morning. Since I know all my programs and Windows Updates are current, I rebooted the computer, without clicking on anything in the dialog box, including the [CLOSE] button or the "X" button in the upper right corner. (I seem to recall reading somewhere that trying to dismiss the box may cause whatever this is...to execute something adverse). The dialog box and Taskbar icon never returned. Quick scans with Outpost, MBAM Premier, and SAS did not find any issues. My question: Is anyone familiar with this and where it came from? It bothers me this "fakeware" (as I call it) managed to get by both Outpost Security Suite Pro and MBAM Premier during the overnight hours when the computer was offline. Thank you for your time and any enlightenment! EE

Much obliged for the info, Samuel! Best regards, EE

Good afternoon everyone, MBAM is set to automatically start when Windows starts. However, when I ran the Sysinternals Autorun application a short time ago and clicked on the [LOGON] tab, I did not see MBAM listed. (It IS shown on the listing for the [EVERYTHING] tab). My question: Shouldn't MBAM be displayed on the LOGON tab list? Thank you for your time and any enlightenment. EE P.S - For some reason, I was unable to upload a screenshot of the Autorun display, even though it is in .jpg format & well under the maximum single file size stated here for attachments.

Much obliged for the info DD1 & Ron! EE

Good evening everyone, I have noticed on the Dashboard line entitled, "Scan Progress...Next scheduled scan", it continues to display the date, 3/12/2014, despite the fact I have the Scheduler settings set to run a Threat Scan every day at approximately 5:45 p.m. I checked the History logs and all scans have been run since installing v2 over top of my previous Pro version back in March. (Dashboard screenshot shown below) My question: Is there some reason why the date does not automatically update to the next scheduled scan date/time? **BTW, the new version runs just as well as my previous Pro version - no issues at all! Thank you for your time and any enlightenment. EE

Hello Malware_Gone, You might want to review the information provided at the link shown below. Rubber Ducky (aka Marcin) and others have provided a good deal of information there about the MBAM 2.0 product. https://forums.malwarebytes.org/index.php?showtopic=144799#entry807244 Best regards, EE

And, to note...Experian is the very company currently offering free 1 - year credit monitoring to the 40 million+ Target customers whose financial info was compromised by that breach! Regards, EE

Hi DD1 and thanks very much for the enlightenment! I'd never even heard anything about the "icon cache" issue you mentioned until now. Going by your suggestions, I believe I've resolved the problem. First, I restarted the computer, and once the CPU and RAM usage leveled out, I connected the external HDD, then performed a manual backup/system image again. Upon completion, I noticed the icon was now back to normal again - and not telling me that a "backup was in progress." Much obliged again for all the help with this one! EE

Good mornng everyone, I was just noticing that whenever I hover the mouse pointer over the Win 7 Action Center icon in the Taskbar, it displays a small box which says, "Backup in Progress." (See attached screenshot). I have checked the Action Center - NO issues are shown needing attention. Checked Windows Update - no updates needed there. All programs are fully up to date. Secunia PSI indicates no updates are needed either. Scans with MBAM. SAS, & Outpost Security Suite Pro are negative for any issues as well. Yesterday evening (Saturday February 22nd around 8 p.m.), I performed my weekly scheduled system backup (which includes system imaging) using the built-in Win 7 Backup & Restore utility. The Backup successfully completed without any problems. Backups are made to a 1 TB WD Passport external HDD. (The external HDD is only connected to the computer for the duration of the backups, then disconnected, for obvious security reasons). I've also rebooted the computer once, but this issue persists. My question(s): Does anyone have an idea what's occurring? I.e. WHAT exactly is "supposedly" being backed up, and WHY? Thank you for your time and any enlightenment. Regards,

Another article of interest on this issue is found at the Bluetack Forums. (Link to article shown below). http://bluetack.co.uk/forums/index.php?showtopic=26026&view=findpost&p=100252 Regards, EE

Thanks very much for the update DD1! For the time being, I've just left that NET update hidden. Regards, EE

Much obliged for the additional follow-up info, DD1! EE

I appreciate the additional info, daledoc1! You're right about this update being rather large...something like 52 MB from what I read. Thanks again! EE

Hi CWB and thanks very much for your input! It sounds like a good idea. The only other info I could find about the update, was something to do with language packs...for what that's worth. EE

Good morning everyone, The Windows Update shown in the subject line seems to be causing a lot of problems for people. I've seen a sizable number of problem reports online, including Microsoft's own support forums regarding this particular update. Some of Microsoft's information seems contradictory, such as, their article about the update states it is offered as an "OPTIONAL" update, when in fact, it is being shown (on my computer), as an IMPORTANT update. My question: Should I install this "out-of-patch Tuesday" update, given the problems being reported by such a large number of Windows users? Thank you for your time and any feedback. Regards to all, EE

Thanks very much for the follow-up, Firefox! EE

Good afternoon everyone, When I went on the Internet using my default browser, Firefox, a short time ago - MBAM generated two separate alerts for an OUTGOING block, Ports: 57923...57958, (multiple ports in the range shown), Process: Firefox.exe. The log shows 12 OUTGOING blocks (consecutively), as soon as Firefox began loading. The IP address was shown as: 5.61.35.140. (MBAM log screenshot attached below) When I check the hosts-file(dot)net website, it indicates this IP is malicious (red-flagged), but, does not seem to indicate just WHAT the address is malicious FOR. My question: Are there any other actions I should be taking at this point? (And yes...I'm glad MBAM is doing its job)! Full scans with MBAM, Outpost Security Suite Pro, & SAS are all normal. Thank you for your time and any enlightenment! EE

Much obliged, daledoc!

I appreciate the info...especially about Secunia, daledoc! WU is configured to automatically check for updates, and the status indicated it last checked yesterday afternoon. Like you said...I did a manual check just to be sure. I did experience issues with those last updates being offered repeatedly shortly after patch Tuesday, but was able to resolve that problem, after viewing posts made by others having the same one. (IMy problem only involved the update for MS Excel 2003). Uninstalled MS Office 2003 & just use Office 2010 now. [EDIT]: The KB update you mentioned was installed on 9/10 according to the update history. Thanks very much again! EE

Good mrning everyone, The Secunia PSI program on my computer indicates that manual updates are needed for IE 10 (32 bit & 64 bit). This just showed up this morning. My questions: 1. Are updates/patches for IE 10 done through Windows Update in the Control Panel? 2. Are the patches actually available now? (A manual check of my Windows Update indicates there are no updates available. Last updates were done shortly after patch Tuesday, last week). Thanks very much for your time, review, and any info.