Behaving as infected.

[glivo1]

Another question.

Should I delete the recent backup I did (yesterday morning) and do one now that the system is "spiritually free"?

[kevinf80]

You can keep AVG and still run MBAM version 3 Premium along side.....  I also recommend the two following free security programs:

UnChecky - https://unchecky.com/

Helps to stop piggy backed extras that can come with certain software

McShield   - http://www.mcshield.net/download.html

Scans USB devices that may be plugged into you PC for unwanted hidden infections....

Yes delete old and create a fresh backup

 

Edited January 31, 2017 by kevinf80

[glivo1]

Thanks.  I'll spend some hours more. Hope I get it right.  It's nearly 40'C outside today anyway so good to be in A/C.

[glivo1]

I don't think I'm fixed. Response time of computer in general is very poor. Multi-tasking just kills it to a crawl. Internet browsing is dead slow but not because of bandwidth or connection issues.  Something seems to be gobbling resources or something.

I couldn't turn AVG back on. Had to re -download and it just took for ages.  Doing a full scan now but it is so slow.

[glivo1]

AVG was just stalled so I stopped it and uninstalled as well as Web Tuneup. It wouldn't let me uninstall ZEN (whatever that is or does) so I used the Universal AVG Removal program to get rid of the lot. Both processes required reboot.

 MBAM 3.0.6 installation is currently still in Free Trial Period for Premium so I'm hoping that is all the protection I need at the moment.  Running another MBAM scan now.

Computer is generally running like a busted bum.  Internet Browser is lagging badly and almost unusable.  Even keyboard entry is delayed.

[kevinf80]

Ok, obviously there are still issues that need to be followed up on... Run the following and post the produced log:

Download and save RogueKiller to your Desktop from this link: https://www.fosshub.com/RogueKiller.html/setup.exe Right click setup.exe and select Run as Administrator to start installing RogueKiller. At the next window Checkmark "Install 32 and 64 bit versions, then select "Next" In the next window skip Licence I.D. and Licence Key, select "Next" In the next window make no changes and select "Next" In the next window leave both "Additional Shortcuts" checkmarked, then select "Next" In the next window make no changes and select "Install" RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish. RogueKiller will launch. Accept UAC, then read and accept "User Agreements" In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes select "Open Report" In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

[glivo1]

Onto it now.  Over the last few hours the computer has been generally running quite slow.  Lots of little blue spinning wheel wait time.  Some odd things happening in Internet and Task Manager Performance shows heavy CPU and Memory usage at times, even when nothing is really going on.

To complicate matters further there appears to be a congestion issue with the broadband internet service and my line speed is dropping down to only 1/4 of best expected.  Some of the slow browsing may be attributed to this but I'm pretty sure there is still something else going on.

Anyway the scan is happening now.  AVG is gone and MBAM is turned on as stated above.  Down to a comfortable 30'C now at 8.22 pm.

[glivo1]

Here it is. It seemed to find a few things.

rk.txt

I haven't closed the program.

 

Edited January 31, 2017 by glivo1

[glivo1]

Shutting down for the evening nap.  Back in the mornin'.

[kevinf80]

Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC.. In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes Checkmark (tick) the following against Registry entries, ensure that all other entries are not Checkmarked [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {865CF156-E7FD-4FB3-9E0A-ACA0B1EC383A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Greg\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C0042A83-6EDB-4237-92CD-2C570F6CB5D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Greg\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {865CF156-E7FD-4FB3-9E0A-ACA0B1EC383A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Greg\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C0042A83-6EDB-4237-92CD-2C570F6CB5D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Greg\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Found Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply. Next, Download Portable Windows Repair (all in one) from one of the following: http://www.tweaking.com/content/page...ll_in_one.html http://www.majorgeeks.com/Tweaking.c...ble_d7222.html http://www.bleepingcomputer.com/down...-one-portable/ Unzip the contents into a newly created folder on your desktop. Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 to make Registry backup, use the recommended option... When complete select "Repairs" tab, from there select "Open Repairs" tab.. From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... When complete re-boot your system, see if there is any improvement... Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

 

[glivo1]

There seems to be a marked improvement straight away, however it can take some time before you notice little things that may indicate problems.  Generally though, the response time to everything seems to have improved immediately.  CPU and memory usage much calmer.

Upon final reboot a message window popped up mid screen, "Malwarebytes unable to connect to service."  Concern or ignore?

2 of the links to Tweaking were broken and Malwarebytes blocked Major Geeks. I had to search using Google and found a different page on Bleeping Comp.

Here are RK and Tweak logs.

RK report.txt

_Windows_Repair_Log.txt

[glivo1]

Aside from the fact that my broadband connection has line speed near 100% this morning, the improvement in performance is significant.  Everything is working much better and the response time is noticeably much better.

 

[kevinf80]

Was the pop up "Malwarebytes unable to connect to service."  Is it possible it was server..? If definitely service select Windows Key and R Key together, type or copy/paste services.msc into the run box.

The services window will open, scroll to Malwarebytes Service is the "Status" running and "Startup Type" automatic...?

[glivo1]

It was definitely "Service". 

Malwareytes service status is blank (others say "started" or also blank, non say "stopped"). Startup type is automatic.

[glivo1]

Just rebooted (much improved time as well.

Definitely Service.

[kevinf80]

Open services.msc again, Right click on the Malwarebytes Service line, select "Properties" In the new Window can you start the service..?

[glivo1]

No.

[kevinf80]

Can you open services.msc again, scroll to "Remote Procedure Call (RPC)" It will have RPCSS in the description pane, is that service started..?

Also scroll to "Windows Management Instrumentation" that should also b started... Both of those services should have status "Started" and startup type "Automatic" is that correct..?

[glivo1]

Windows Management Instrumentation is not started. Set to Automatic.

Edited January 31, 2017 by glivo1

[kevinf80]

Will WMI start manually..? what about RPC

[glivo1]

RPC is started.

WMI will not start manually. See above.

 

[kevinf80]

Uninstall Malwarebytes, reboot your PC. Re-install Malwarebytes...  http:// https://www.malwarebytes.com/mwb-download/thankyou/

[glivo1]

No good!

Installed to Start Menu / All Programs / Malwarebytes, BUT no desktop icon created and still can't connect to the Service.

Computer is running great though. Reboot time is halved or better.

 

[kevinf80]

There seems to be ongoing issues with Malwarebytes since version 3.0.6 was introduced, have a look at the following thread from replies after ID 10...

https://forums.malwarebytes.com/topic/194214-real-time-protection-keeps-turning-off/#comment-1097411

 

[glivo1]

So at the moment I have no AV or AM running.  I'll put AVG back on for now.  Should I do anything now to clean up again? (other than obvious deletions).

Edit: Strange that MBAM was running fine and now not.  Uninstall? Via MBAM uninstaller or Windows Uninstall Program?

 Huge improvement in performance!

Edited January 31, 2017 by glivo1
Additional