Jump to content

Behaving as infected.


glivo1

Recommended Posts

  • Replies 170
  • Created
  • Last Reply

Top Posters In This Topic

Yes a long journey, but a good positive result in the end. I`m sure you`ll enjoy Windows 10, Whether your wife enjoys it is a another matter, only time will tell... I can tell you that my wife changed from W7 to W10 without a problem. I believe that Windows 10 has simplified the basic uses for the novice, Cortana and the search features make life at the PC so much easier.

I`d also recommend that your good wife registers at the following Windows 10 website, loads of great tutorials and help to overcome fears of Windows 10....

https://www.tenforums.com/tutorials/

It has been a pleasure to work with you..

Regards,

Kevin....

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks Ron,

This computer has something going on. I think the "ghost" files are gone (maybe) but it is performing really badly, most noticeably in browsers again. Edge is almost unusable and Chrome not much better. Outlook takes forever to send / receive and the resources are again topping out.

If kevinf80 picks this up again (or whoever), I have attached the file I sent to AdvancedSetup (aka Ron).

Greg

MBAM file.docx

Link to post
Share on other sites

It will be interesting to see if 3rd party defraging fixes my performance issues with Windows 10 installation that is less than 2 weeks old. These are reporting 50% plus fragmentation and system files in over 800 fragments where Windows defrag is saying 2%. The worst affected files are WINDOWS Defender and System Restore files.

There is less than 100 GB on the disk and Defraggler is telling me it will take over a day to fix it. If this is what to expect from Windows 10 on a brand new HDD, I'm not too impressed.

There is still the unexplained reappearance of files from a removed system. I'm not sure there isn't something going on here.

Link to post
Share on other sites

While the 3rd party defrag program had a more significant impact, in as much as it actually did something and put files back into more contiguous blocks, it made absolutely no difference to performance. It did put the worst affected file back into about 100 fragments instead of over 800 but it didn't fix anything.

I've then tried to use System Restore twice to earlier points when I knew there was better performance and both times failed yet again. The first one was actually suggested by Windows and the second was from 8 days ago when I manually made one. After taking nearly an hour both times upon reboot, I get a message telling me that "System Restore was unsuccessful and my files weren't changed. Try a different Restore point". I have never been able to successfully use System Restore to achieve anything and I'm starting to doubt it actually works at all. 10 Restore Points to choose from but they don't work.

Even though I have done a lot of re-building over the last week I was nearly prepared to use my Acronis boot disk and a backup I did 9 days ago when the system was running smoothly. It would have meant a big step backwards. Before doing this I figured I could just start taking the little "Service" programs off one at a time rather than just going back a full 9 days in one hit. 

It would seem that each little program that installations want to add in, slowly but surely bog the system down to a crawl. Everything these days wants to monitor it's part of the system, keep checking that it's updated and provide little messages to you to ensure you know it's there and wanting money to upgrade to Pro versions. I think one of the big offenders was the printer services kindly provided by Epson so I can print to my $30 inkjet printer from anywhere in the world.

These non-malware / legitimate programs appear to have had pretty much the same impact as full on malware; ie, kill the system. Hopefully I'm now fixed.

Link to post
Share on other sites

  • Root Admin

Not seeing anything obvious there in the logs. Let me have you run the following please.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Here is the other stuff. Sophos just wont run. Tried 3 times, Run as Admin, delete and download again.  Will try to find it somewhere else.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Greg (Administrator) on Sat 18/02/2017 at 19:23:18.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\Windows\wininit.ini (File)
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 18/02/2017 at 19:27:13.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.043 - Logfile created 18/02/2017 at 19:40:51
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Greg - DESKTOP-7TR2UNP
# Running from : C:\Users\Greg\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com

***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2520 Bytes] - [18/02/2017 19:40:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [2808 Bytes] - [18/02/2017 19:40:10]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2666 Bytes] ##########

Addition.txt

AdwCleaner[C0].txt

FRST.txt

JRT.txt

Link to post
Share on other sites

  • Root Admin

The logs show the computer is still having quite a few issues.

Need to fix the Windows Search

I'll send you a Private Message for some stuff for Malwarebytes.

What's causing the other errors, not sure. Will have to fix a few things and if those errors are still there then try to track them down one-by-one and see if they can be fixed.

 

 

Application errors:
==================
Error: (02/18/2017 07:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000035793
Faulting process id: 0x8d8
Faulting application start time: 0x01d289c2dd3f5773
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: b58e06d1-b4e5-442c-8b6a-8e0cbd0c3596
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/18/2017 07:41:57 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 07:41:57 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
	(HRESULT : 0x80040210) (0x80040210)

Error: (02/18/2017 07:23:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/18/2017 07:21:04 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 10:49:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7TR2UNP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/18/2017 09:19:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7TR2UNP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/17/2017 08:20:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f24

Start Time: 01d288fe01aff527

Termination Time: 13

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 45db47b4-f4f2-11e6-b4d6-1c6f65d3dcab

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (02/17/2017 08:10:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-7TR2UNP)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{9d7bbf35-38b8-45f3-8226-5dbd6d697925} was terminated because it took too long to suspend.

Error: (02/17/2017 08:10:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-7TR2UNP)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{91c3d0c7-40d3-4593-89bf-208332607619} was terminated because it took too long to suspend.


System errors:
=============
Error: (02/18/2017 07:42:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2017 07:42:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 

 

 

Link to post
Share on other sites

Had to uninstall Sophos,  reinstall but it wouldn't launch. Navigated to program directory and ran SVRTgui.exe manually. Scanning now.

Task manager seems to point to Edge and MBAM as heavy resource users. Often MBAM is at the top. I know there is something going on here. 

Edited by glivo1
Link to post
Share on other sites

OK. So that is all done and have rebooted 3 times. MBAM loaded and updated as intended. Here are FRST text logs attached.

A few things to consider.

1/ Fresh install Windows 10 on brand new / unused HDD 2 weeks ago today. Same Windows install disk used on son's computer without issue. (different reg'n license key obviously)

2/ Some Apps didn't work from scratch. (There could be more than I presently know of.)

- Bing Weather could not change location. (Removed in Powershell and reinstalled from Store) - Fixed.

- Photos would not open image files. Reset in Settings.  - Fixed.

- One Note doesn't work at all and haven't tried to fix it. I don't even know what it does really. It pops up then disappears for unknown reason on a couple of occasions. Not sure if this is "normal" for W10 or not.

3/ MBAM and Avira installed immediately. Avira removed to allow Defender instead. MBAM Trial ends today. Pay up or go Free version?

4/ When trying to perform Microsoft community forum fixes for Edge crashes, sfc/scannow reports no problems, however Apps Troubleshooter yesterday reported "Store cache may be damaged - X not fixed".  Plenty of people have issues with Edge apparently.

5/ Unexplained reappearance of files from old Windows 7 in Recycle Bin. Huge amount that remained "phantom" for 3 "Empty Bin" procedures. I can't explain this at all.

6/ Conflicting reports about levels of fragmentation. Windows disk Optimize says 3% while several 3rd party say over 50%.

I have kept a hand written daily "journal" log of almost everything done.

If you can't see anything obvious, I think I'm about to go and buy an Apple Mac. I don't expect this from a brand new build of Microsoft Windows 10. The problems began to appear and have worsened since day 0.

 

Addition.txt

FRST.txt

Edited by glivo1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.