Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Tools disabled internet connection


  • Please log in to reply
12 replies to this topic

#1 nitrogeneration

nitrogeneration

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 20 February 2011 - 02:56 PM

I'm using Windows Vista Home Premium, I downloaded PC Tools free antivrus to see if it would find anything, and it disabled my internet connection and made my system run at a snail's pace overall.

I get errors eveerytime I TRY to visit a site on IE, Firefox, or Chrome.

And I have a browser called RoFox, which is designed for an online game I play but can load other websites, that's the only browser I can browse websites without errors.

So the problem is PC Tools Antivirus (probably)...

And it still says I do have internet access at the taskbar image of my network connection status..

EDIT: Moved from Vista forum to Am I Infected ~ Hamluis.

Edited by hamluis, 21 February 2011 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:10 PM

Posted 20 February 2011 - 03:02 PM

So up to now you've been running without an av?

#3 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:10 PM

Posted 20 February 2011 - 03:25 PM

Suggest you exit/ shut down the antivirus program. Then uninstall.
After uninstalling, and you still have a problem browsing, do a system restore to the latest date before installing the program.

Install MalwareBytes AntiMalware Free. Update. Run a quick scan and allow it to remove whatever it finds.
If you are unable to download or install after downloading then boot into safe mode with networking and try again
to download and install, update. Then allow it to do a quick scan and remove whatever it finds.
Malwarebytes.org

Post the log of the scan if it finds anything.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Edited by buddy215, 20 February 2011 - 03:27 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 20 February 2011 - 03:30 PM

@ nitrogeneration Please answer the question by Allan first. No need to do a system restore at this point in time.

@ buddy215. This is not the correct forum to be requesting AV\malware scans of any type or posting of the generated logs.

#5 nitrogeneration

nitrogeneration
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 20 February 2011 - 03:41 PM

So up to now you've been running without an av?


I was already secure, I did already have more than 1 AV, and I thought it would do something wrong to my system if more than 1 was running in REAL-TIME. (I only have 1 in realtime which is Avast IS), I just wanted to see if PC Tools could find anything my other AV's couldn't detect.

I uninstalled and still ecountered that problem. I'll try MBAM and remove what it finds, and if it still doesn't fix it, I might have to do an SR.

Edited by nitrogeneration, 20 February 2011 - 03:42 PM.


#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 20 February 2011 - 03:50 PM

You uninstalled Avast prior to installing PCtools?

Did you use their Uninstall Utility?

It sounds like you have tried\had many different AV`s. Did you use the proper tool for each of their removals?

Am unfamiliar with PCtools. But does it contain a firewall? If so did you disable the Windows firewall?

Edit. You are correct. More then one AV can\will cause problems. Malwarebytes is not an AV, it is an AM = Anti-malware program. It should cause no problems when installed along with an anti-virus program.

Edited by ThunderZ, 20 February 2011 - 03:53 PM.


#7 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:10 PM

Posted 20 February 2011 - 04:11 PM

ThunderZ----
At this point I do not know if the problem(s) are caused by a bad install of the antivirus program, the program removing needed files, malware, corrupted system files
or hardware. That is the reason for my suggestions. How else would you know with the info given in the first post?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 20 February 2011 - 04:37 PM

No argument with your reasoning Buddy215.

How do we know? Ask more questions. Follow some basic trouble shooting steps.

Should scans involving possible malware be deemed necessary then we have the post moved to the proper forum. At this point I see nothing to indicate the need of such scans.

While I agree that a proper uninstalling of PCtools would be a good step in the trouble shooting procedure. Using sys restore at the moment is overkill. But not to be ruled out. :wink:

Personal side note. I do not like or use sys restore and have it disabled on all my PC`s. But that is just me. <_<

#9 nitrogeneration

nitrogeneration
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 21 February 2011 - 09:12 AM

No argument with your reasoning Buddy215.

How do we know? Ask more questions. Follow some basic trouble shooting steps.

Should scans involving possible malware be deemed necessary then we have the post moved to the proper forum. At this point I see nothing to indicate the need of such scans.

While I agree that a proper uninstalling of PCtools would be a good step in the trouble shooting procedure. Using sys restore at the moment is overkill. But not to be ruled out. :wink:

Personal side note. I do not like or use sys restore and have it disabled on all my PC`s. But that is just me. <_<


I did not, but to stop crashes, I imediatly stopped PC Tools's real time protection

and the log anyway (I thought it wouldn't work, and it didn't)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5823

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

2/20/2011 6:54:08 PM
mbam-log-2011-02-20 (18-54-08).txt

Scan type: Quick scan
Objects scanned: 128030
Time elapsed: 3 hour(s), 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43a6-AE26-451D670D5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\AppData\Local\Temp\~os836D.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\documents and settings\jack\local settings\Temp\~os836D.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Already uninstalled, yet to reboot. Let's see if it fixes when I reboot, if not, I MIGHT have to resort to system restore.

So malware probably isn't the problem...

#10 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:10 PM

Posted 21 February 2011 - 09:15 AM

ThunderZ:
Vista and Win7 create a restore point usually before installing a new program. The reason should be obvious.

Maybe you misread what I wrote in my first post----"After uninstalling, and you still have a problem browsing", do a system restore to the latest date before installing the program."

As far as doing the MBAM scan I said this---"Post the log if it finds anything"

While you may have personal reasons for disabling system restore in your personal computers, I would not recommend anyone else do that.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 21 February 2011 - 09:30 AM

As far as doing the MBAM scan I said this---"Post the log in the appropriate forum if it finds anything"


Bold text added by myself.

Again, I have no problem with the spirit of the advice given. :wink:
Now having a scan posted and infections discovered makes this a bit of a different ball game. BC has an established method of doing things. It keeps the Board more organized and helps to assure that the proper people with the proper knowledge\training are most likely to see the posts that they are most capable of assisting in.

While you may have personal reasons for disabling system restore in your personal computers, I would not recommend anyone else do that.


Agreed. But people should not get the idea that system restore is a guaranteed cure for all infections. But we are veering OT here. :huh:

Edited by ThunderZ, 21 February 2011 - 09:31 AM.


#12 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:10 PM

Posted 21 February 2011 - 09:37 AM

Nitrogeneration---Do not do a system restore if you haven't already. That would put the malware back on the computer.

Ask one of the mods to move your topic to the "Am I Infected..........." forum. The malware MBAM found is often installed by other malware.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:10 PM

Posted 21 February 2011 - 04:51 PM

So, what happened when you rebooted? What is going on with the computer now?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users