Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TBS [missing service]


  • Please log in to reply
10 replies to this topic

#1 sikntired

sikntired

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 23 October 2017 - 12:55 PM

OS is Win 7x64 Sp-1
 
Here is the background. Computer seemed a little sluggish so ran some scans all of which came back negative. Cleared browser cache and deleted all temp files. Prior to running MBAM, I ran Rkill and noticed that there was a service missing. If you look towards the bottom of the report it shows TBS Service is missing. I ran sfc /scannow and it reported that it found corrupt files and repaired them. Ran sfc /scannow a second time and this time it reported no integrity violations. So I ran Rkill a second time and it still shows that the TBS Service is missing. I googled for answers and everything I read pertaining to this was way above my pay grade as it concerned the Registry. Not wanting to do anything to resolve this without proper guidance I turn to the members here for assistance. Do I need this missing service? If so how can I add it? TIA

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/23/2017 12:25:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/23/2017 12:25:55 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)


Edited by hamluis, 23 October 2017 - 01:41 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 24 October 2017 - 07:07 AM

Hamluis, apologies for including Rkill results in Windows 7 Forum. Thought I'd get better results there. :unsure:



#3 joseibarra

joseibarra

  • Members
  • 1,306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:34 AM

Posted 24 October 2017 - 07:58 AM

Your version of rkill is old - the one I downloaded today is 2.9.1

 

https://www.bleepingcomputer.com/download/rkill/

 

If you got scolded for posting tkill results just get the current version and see if you have the same results.

 

I haven't messed with the TBS Service before so this is what I think is going on.

 

You don't need the TBS Service unless your system is TPM capable and TPM is enabled on your system.

 

What is Windows TPM

 

If you are not sure you can post this information and maybe we can help figure it out:

 

If the system is a Dell what is the Service Tag Number?

If the system is an HP what is the serial number?

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select All (Ctrl-A), Copy (Ctrl-C) and then paste (Ctrl-V) the information back here in your next reply.

There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.

 

My poor motherboard is not TPM capable but when I run rkill I don't see that message - maybe rkill is smart enough not to check for the TBS Service if the system is not TPM capable.

 

I don't have the TBS Service listed either. 

 

Maybe rkill detects the system is TPM capable and displays that message if the Service you might need is missing so you can add the Service.

 

I think when my Windows was installed 7 years ago the installation may have not detected a TPM chip or maybe I chose not to install that option.

 

My system is also missing tbssvc.dll which is needed by the Service but I can always get that from an installation ISO.

 

You can click the Start button and in the box enter:

 

tpm.msc

 

If you system does not have TPM enabled you will see:

 

(can't post image for some reason)

 

Compatible TPM cannot be found

Compatible Trusted Platform Module (TPM) cannot be found on this computer.

Verify that this computer has a 1.2 TPM and it is turned on in the BIOS.

 

So you motherboard needs a TPM chip and TPM needs to be enabled in the BIOS.

 

If your system is TPM cable and the TBS Base Service is not found you can add it by importing a registry file from this page:

 

https://www.sevenforums.com/tutorials/236709-services-restore-default-services-windows-7-a.html

 

Before making adjustments like that it is wise to have a plan to undo the adjustment if something goes haywire.

 

Create a manual System Restore Point so you have a way to undo the adjustment if needed.

 

 

 


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:34 AM

Posted 24 October 2017 - 11:01 AM

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  Run RKill and leave it running, then run the scans suggested below.
 
Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

4YSU8ND.png

3)  Click on Settings, you will see a image like the one below.

35AFYEE.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

jEVtTTK.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
 
Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

ZQk62WV.png

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
RFsyrw2.png
 
3.  Click Start Scan and allow the scan process to run.
 
hRffsT6.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!

Click on Continue.
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 24 October 2017 - 11:02 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 24 October 2017 - 11:58 AM

@joseibarra, I downloaded and ran the most current Rkill provided your link and here are the results:

kill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/24/2017 11:42:53 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/24/2017 11:43:08 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

I didn't see "TBS[missing service]". From the thorough info you provided it would appear that I do not need this service. Curious though it appeared after running outdated version of Rkill.
Thanks so much for taking the time and effort for your suggestions and the very pertinent info. I learned something.

@dc3, as always, very grateful that you responded as your input is appreciated. I do not believe that there are any infections or viruses affecting my pc's performance. I ran MBAM and it reported nothing.
However I am going to save your instructions in the event that something ugly rears its head.

Once again, thanks to all

#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:34 AM

Posted 24 October 2017 - 12:07 PM

My suggestion was based on your previous post regarding the RKill results.  Since there were no instances found in the latest scan it may be possible that the old version caused something weird to pup up.  It would only cost you a few minutes to run the other scans to be conclusive in the computer actually being clean.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 24 October 2017 - 06:42 PM

My suggestion was based on your previous post regarding the RKill results.  Since there were no instances found in the latest scan it may be possible that the old version caused something weird to pup up.  It would only cost you a few minutes to run the other scans to be conclusive in the computer actually being clean.

Well, after your response, I thought what the heck. Ran the other scans and none of them detected any threats. Thanks for the nudge.



#8 joseibarra

joseibarra

  • Members
  • 1,306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:34 AM

Posted 25 October 2017 - 12:15 AM

That's good and I learned some stuff too.

 

I could not find what I thought was a safe place to download that old version or rkill to reproduce the message you reported.

 

I think the message is an informative message and not necessarily an error message indicating a problem that needs to be fixed.

 

It would be interesting to know it (as smart as it is) how does rkill take into account the TBS Service, if it makes sense for it to be installed on a system and how it reports things.

 

It turns out my poor system DOES have TPM capability and it was turned off in the BIOS so I turned it on, restarted, made a Restore Point and then manually installed the TPM Base Service which of course would not start because the necessary tbssvc.dll was never installed on my system so I extracted that from a Windows 7 installation ISO and then things were fine (at least the Service started).

 

So if a system is TPM capable and if the Service was never installed (missing in the Services applet), it is easy to install it and get it running long after the original installation of Windows.


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#9 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 25 October 2017 - 11:25 AM

@joseibarra,

 

Well I tried the "tpm.msc" and the results were "Trusted Platform Module(TPM) cannot be found on this computer. Verify that this computer has a 1.2 TPM and is turned on in the BIOS".

 

I guess if the service was never activated (or turned on) I probably do not need it.

 

What would be the advantages of having this service turned on??



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:34 AM

Posted 25 October 2017 - 01:19 PM

To start the TPM Initialization Wizard and turn on the TPM

1. Click Start, click All Programs, click Accessories, and then click Run.
    
2. Type tpm.msc in the Open box, and then press ENTER.
    
3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 sikntired

sikntired
  • Topic Starter

  • Members
  • 1,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 AM

Posted 25 October 2017 - 04:55 PM

To start the TPM Initialization Wizard and turn on the TPM

1. Click Start, click All Programs, click Accessories, and then click Run.
    
2. Type tpm.msc in the Open box, and then press ENTER.
    
3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

 

Followed your instructions and a window opens saying "Compatible TPM cannot be found".

 

What is the advantage of having this service turned on?


Edited by sikntired, 25 October 2017 - 04:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users