Jump to content

rkill detects opencandy.com in HOSTs also TBS service missing


Recommended Posts

in addition to this, I am also using Reason Core Security but an uncertain if this is the cause or it is a malware. need confirmation. In addition my Local Area Network disappears from my Network sharing center area. My network connection drops when I try and update windows. This is a clean OS install of Windows 7 Pro and took roughly 36 hours to detect on windows update. after this, I had this odd behavior described here.

I first tried to paste the text in these logs here with cut/paste using "select all" in the "edit" menu button of notepad.  However, it merely posted a generic link to "geekstop" did not copy the text. Therefore I will send them as attachments.

 

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello arkhaan,

Your logs show Microsoft Security Essentials as your primary security,  as far as i`m aware Reason Security is an Antimalware program similar to malwarebytes or SuperAntiSpyware, as such if it has realtime protection engaged it will run with you AV....

If you have realtime protection engaged on more than one Antimalware program then that needs to be addressed asap, only one should be active with reatime protection...

Regarding your hosts file, download and unzip the attached file hosts-perm.zip to your Desktop, you will then see hosts-perm.bat run that file (right click select run as admin) aggree any alets..

Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your next reply, als tell me if you have any remaining issues or concerns..

Thank you,

Kevin..

***Edit** Also post a new log from RKill....

 

 

hosts-perm.zip

Edited by kevinf80
missing instruction added
Link to post
Share on other sites

hosts-perm.bat came up with a dos window I ran as admin and it prompted me to hit a key, I hit Y(for yes) it closed and didn't acknowledge anything at all.

 

Sophos came up clean.

here are the rest

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by matt (Administrator) on Wed 08/24/2016 at 19:22:07.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 4

Successfully deleted: C:\Users\matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPJJP2A9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7XIW7W5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPJJP2A9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7XIW7W5 (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/24/2016 at 19:22:39.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/24/2016
Scan Time: 7:25 PM
Logfile: Desktop.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.24.13
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: matt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274654
Time Elapsed: 10 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

the FRST log is not letting my paste its text it merely comes up with the link above as before.

additional:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by matt (24-08-2016 21:11:48)
Running from C:\Users\matt\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-08-19 17:59:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1390929826-4130456793-1189744320-500 - Administrator - Disabled)
Guest (S-1-5-21-1390929826-4130456793-1189744320-501 - Limited - Disabled)
matt (S-1-5-21-1390929826-4130456793-1189744320-1000 - Administrator - Enabled) => C:\Users\matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.2.0.0 - Reason Software Company Inc.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {CDFE4403-F22E-4908-AE4F-BBB54B3AC9C3} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40138496.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80457228.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40138496.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80457228.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-08-24 19:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1390929826-4130456793-1189744320-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

23-08-2016 17:27:43 Windows Update
23-08-2016 21:06:29 Windows Update
24-08-2016 00:28:12 JRT Pre-Junkware Removal
24-08-2016 19:15:53 JRT Pre-Junkware Removal
24-08-2016 19:18:15 JRT Pre-Junkware Removal
24-08-2016 19:22:07 JRT Pre-Junkware Removal
24-08-2016 19:57:23 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2016 07:06:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2016 12:56:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2016 12:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 10:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 09:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 08:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 07:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 07:30:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 05:11:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Entity, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020

Error: (08/23/2016 04:49:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020


System errors:
=============
Error: (08/24/2016 12:57:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/24/2016 12:57:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.

Error: (08/24/2016 12:57:44 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x8007041d

 Error description: The service did not respond to the start or control request in a timely fashion.

 Reason: %%892

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5 = Access is denied.

Error: (08/24/2016 12:30:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 25%
Total physical RAM: 8061.61 MB
Available physical RAM: 6035.28 MB
Total Virtual: 16121.41 MB
Available Virtual: 14215.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:425.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 58BB4608)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

RKill

http://www.bleepingcomputer.com/

Rkill is not allowing me to post either merely comes up with a generic link to bleepingcomputer.

 

 

I do indeed have a few concerns:

in addition to the rkill and FRST not allowing me to cut and paste(which always before they did),

DMS is still missing though RKill comes up with a clean bill of health otherwise,(I attached it since the cut paste function does not work on RKill's log even though it is merely a txt log. using notepad.

my Ethernet driver again dropped out. I tried and repaired this via the windows diagnostics because I could not get on this site to post anything without that Ethernet.  It claimed a driver failure, however, I checked device manager and it was saying it "was working properly" no error code of anykind, yet the icon at the lower right of the screen had the network access with a red X.  I am also going to upload this windows diagnostic report in an attachment as I cannot cut and paste it via the format it uses. I hope this does not affect the accuracy of this diagnosis.

sorry for this but the diagnostics did do a repair and I could not have posted this topic without that repair to the connection.

The attachment is labled "connectdiag" I cannot seem to upload XPS files so I screenshot it in a PNG file format.

let me know if I did anything wrong in these posts and how to correct it and I will do so.

thanks!

 

FRST.txt

Rkill.txt

connecteddiag.PNG

Link to post
Share on other sites

Internet Explorer is listed as your Default browser, is that the browser you have been using whilst replying etc to this thread?

What do you mean by this " DMS is still missing "

From RKill log the following service is missing "TBS [Missing Service]"

There are inherent problems at present with the forum software, many faults do occur. I would not read too much into the gliches you mention..

 

 
 
Link to post
Share on other sites

I mistyped that, I meant TBS [missing service]" I am using Internet Explorer and plan on downloading Google Chrome later. this is a fresh install of Windows 7 Professional SP1. I have completed windows updates except a few last ones. when this problem occurred I decided to hold off until I determined if my problem was a software glitch or some sort of malware then continue on. The connection drops at times. also when I am not working on the PC I make it a habit of manually disabling the Ethernet adapter and re-enabling it when I am ready to get online again. this is for safety. I never had problems reconnecting before on any PC, including this one, but since this clean install I have had problems with this PC.  If you received the attachments I am not worried about the glitches.-thanks.

Link to post
Share on other sites

Reset Internet Explorer to Default Settings, use instructions at the following link: https://support.microsoft.com/en-gb/kb/923737

Regarding the missing service, ive attached TPM_Base_Services.zip download and unzip that to your Desktop, you will then have TPM_Base_Services.reg

Double click that file to run it and merge with the registry, agree any alerts. Re-boot when finished, run RKill and post a fresh log...

Let me know if any remaining issues or concerns...

TPM_Base_Services.zip

Edited by kevinf80
added zip file.
Link to post
Share on other sites

I restored the entry and reset IE to default and deleted all user settings.

Rkill looks good.

connection is still dropping. I didn't disable the adapter this time, I rebooted, but but left it connected.   When it came to the desktop it came up disabled. I ran the diagnostics and came up with the same error, "might be a problem with the driver for Local Area Network Connection".

the diagnostics always seems to repair it, but only until next reboot.(or if I disable it manually)

the last time I checked Windows Update had an update for this driver. this problem occurred before I had the chance to download that driver. I will download that driver if you want and find out if that is the cause. let me know.

 

Rkill.txt

Link to post
Share on other sites

correction, that driver is already present on my device manager. it is Intel 11/05/2009  11.5.4.0  I must have forgotten I had already acquired that in Windows updater. this happened just before this problem occurred. and it was just after it had taken a day and a half to scan the updates. I had not had this problem before even with this driver and I had always acquired it before with no trouble. although, I had previously downloaded that driver in the last system restore about a week ago, before this partition/format/restore/update procedure. at that time,  I had downloaded that driver via device manager and adware cleaner detected a reg entry associated with it as a virus. I had assumed device manager had acquired it from a fake source instead of Microsoft. I don't know.  I do not recall the name of the virus nor the reg entry except it was labeled via adware cleaner as a number in brackets and no identification to what function it served in the registry. I found no way of deleting the entry and adware cleaner could not delete it. it was present and then seemed to not register at all in adware's detection. this was before my current windows system restore and I do not have that log from adware cleaner.  I can only roll back this driver to the original and see if the update is the culprit. it is acting odd and last time before this system restore it was detected as malware. I downloaded it from windows updater however, on this occasion not a dangerous site. no detection but also dropping out on reboot. if you want I will go ahead and roll back to the default driver.

Link to post
Share on other sites

I rolled back only to get the dropout upon installation of that rollback. however, I went to intel and got the 2013 driver(current for this Dell Optiplex 780 Adapter) it dropped out on install, so I rebooted and it came up after a long delay. it usually before, was attempting to connect upon arrival to desktop(before this current system restore).  it now takes 20 seconds of the red "X" then attempts after all the other taskbar icons are loaded.  I don't care how long it takes it is not a problem, just that it is a change in behavior. MBAM icon has a red/orange ! under it. and the first reboot SuperAntiSpyware failed to load at all(at least on the taskbar in the lower right) but claimed to be running. I rebooted a second time and SAS icon was present, MBAM still has the red/orange ! but 7 day expiration may have something to do with this. I have the license loaded on another PC and do not wish to transfer it over as that PC is probably more important than this one is. I don't know if the trial expiration in 7 days is actually the reason for the ! warning in the icon or not. I do have the connection again and it is not slow it is a good speed. it was very slow before when I was connected.

Link to post
Share on other sites

14 minutes ago, arkhaan said:

I rolled back only to get the dropout upon installation of that rollback. however, I went to intel and got the 2013 driver(current for this Dell Optiplex 780 Adapter) it dropped out on install, so I rebooted and it came up after a long delay. it usually before, was attempting to connect upon arrival to desktop(before this current system restore).  it now takes 20 seconds of the red "X" then attempts after all the other taskbar icons are loaded.  I don't care how long it takes it is not a problem, just that it is a change in behavior. MBAM icon has a red/orange ! under it. and the first reboot SuperAntiSpyware failed to load at all(at least on the taskbar in the lower right) but claimed to be running. I rebooted a second time and SAS icon was present, MBAM still has the red/orange ! but 7 day expiration may have something to do with this. I have the license loaded on another PC and do not wish to transfer it over as that PC is probably more important than this one is. I don't know if the trial expiration in 7 days is actually the reason for the ! warning in the icon or not. I do have the connection again and it is not slow it is a good speed. it was very slow before when I was connected.

I want to clarify as I cannot edit this, I have the full liscense on the other PC which expires in 290 days, I am using Trial edition of Mbam here, and that expires in 7 days. after that I plan on using only the freeware edition on this PC as the Premium Full edition is on the other PC and that one has more critical need of that protection than this one does.

Link to post
Share on other sites

You cannot install and run premium versions of Malwarebytes on more than one PC, One licence one PC. I would also not recommmend having several antimalware programs installed, there is no reason for that....

regarding you ethernet issue, doe this link help: http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/000005504.html

Link to post
Share on other sites

I do not have premium full on this PC, this PC Is only trial edition-expiring in 7 days. Did not know it was not permitted to do the trial on another PC   however, I ended the trial and am now using only the freeware edition. 

the link provided me with the same driver I just downloaded from the Intel website. the autoupdater claimed I had a "generic version" but it istalled nothing and instead brought me to the "modify" screen where it had merely replaced the driver with the one I already had with the same driver. that is 7/18/2013 Intel 12.10.13.0 it also installed Intel Improvement Program and in the administrator dos window loaded something ending in an all caps called WILLIAMETTE. 

It was recommended I install other antimalware programs by my computer distributer, I have also been told this by retail stores. This is because one may detect what another fails to. however I have disabled "realtime protection" on all but MSSE. which remains enabled.

Link to post
Share on other sites

Apologies I confuse you with Malwarebytes, I meant a single Premium version licence is only valid on one system. The free version can be used on as many systems as you wish.. Regarding malware, recent logs are coming back clean, if you have no remaining issues or concerns regarding malware/infection we can clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

thanks for the clean up.

I added those articles to "favorites" for downloading later linked software(if needed) and also printed them for future reading.

regarding Reg cleaning, I ceased using CCleaner and Glary reg cleaning features.  However, this PC is old and a referb. the hard disk is slow(even at optimal configuration) I often remove programs and reinstall, some of them leave stuff behind and that affects the disk performance adversely. my other PC is unaffected because it uses a SSD, this one uses an old western digital notebook drive(not even color coded) and a cheapo at that. this computer is a basement bargain bin variety but it does the job for what I need it. still the hard disk and booting is slow(and that is hardware) however if junk is not loaded it is not so slow as to be unbearable.

the Ethernet connection will not re-acquire the connection if I disable it manually. however this time, with the intel drivers on the website, when I reboot it will go ahead and connect but it takes a minute and a half. Before it took 20 seconds after fully loaded desktop. I am not too concerned if no malware is present how fast it connects just thought I'd mention that. I never had the problem of re-enabling it after disable before, but since it is unorthodox to disable one's Ethernet anyway(I do it for security when not using my PC) I guess I can reboot as needed.

boot time improved with the Delfix tool

connection speed satisfactory

thanks! if that is all go ahead and close this topic.

I will surf safe!

you take care as well!

Link to post
Share on other sites

Thanks for the update and the kind words, it was a pleasure to work with you... Regarding slow boots, try your system in "Clean boot" that option can identify unneeded extras that may slow you down. Basically all none Microsoft services are disabled (ensure any that affect security or internet are left enabled)... Instructions at following link:

https://support.microsoft.com/en-gb/kb/929135

Regards,

Kevin...

Link to post
Share on other sites

Yes that program will need to be uninstalled, use the following tool to do the job fully...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option
 
Thank you,
 
Kevin.
Link to post
Share on other sites

I am looking in the TBS service as it had been missing from another PC today, but is still present in this one however comes up with "failed to read description" Error code: 2  I don't know what TBS is but it seems important as my connection must be rebooted if I ever try and disconnect now.  Where as before it did not. I usually leave it connected however.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.