Slow PC. Unable to install MBAM.

[glivo1]

Family member's PC running very slow.  Excessive background HDD activity.

MBAM will not run after install so no "threat scan logs".

MBAM.exe - bad image. C:\WINDOWS\System32\napinsp.dll is either not designed to run on Windows or it contains an error.  etc etc.

A different Virus scan software already on the PC (Total AV) runs briefly then causes "Blue Screen" followed by restart and then goes to BIOS.

Highly suspicious of Malware.

Addition.txt FRST.txt

[kevinf80]

Hello glivo1 and welcome to Malwarebytes,

Continue please:

Uninstall TotalAV as follows: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Total AV to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option. Reboot when complete... Next, Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here When complete:- Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" If English is not your primary language Rename FRST/FRST64 to FRSTEnglish/FRST64English before running.... (right click on FRST, select "Rename") FRST must be run from ans account with Admistrator status... Let me see those logs in your reply... Thank you, Kevin....

[glivo1]

Kevin,

That took some doing. napinsp.dll error message up almost continuously.

Anyway, after finally getting MBAM to run, it detected nothing and there was no log file.

Here is the Adwcleaner log copy/pasted and the FRST and Addition files are attached.

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-18-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  7
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\ProgramData\TotalAV
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1948 octets] - [18/03/2021 12:19:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Addition.txt FRST.txt

[kevinf80]

Hiya glivo1, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied:   Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply... Thank you, Kevin...

fixlist.txt

[glivo1]

Kevin,

Here are the 3 files.

Computer still very sluggish and at times completely unresponsive for minutes at a time.  Other times is seems to be functioning normally.  When it is unresponsive Task Manager Disk 0 is running 100% Active time.  Not sure if this has anything to do with my problem.

Still occasionally getting the napinsp.dll error, most recently in relation to LogiOptionsMgr.exe - Bad Image.

Greg

Addition.txt Fixlog.txt FRST.txt

[kevinf80]

Hiya Greg,

From FRST logs the following entriesare indicative of a failing hard drive 2021-03-18 09:30 - 2021-03-18 09:30 - 000000000 __SHD C:\found.002 2021-03-17 21:21 - 2021-03-18 04:34 - 000000000 ____D C:\found.001 2021-03-17 14:18 - 2021-03-17 14:18 - 000000000 ____D C:\found.000 Try the following: Open an elevated command prompt, At the Command prompt, type or copy/paste CHKDSK C: /R hit the Enter key. You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot. The CHKDSK may take a few hours depending on the size of the drive, so be patient! After the CHKDSK has run use the following instructions to find the log: Check Disk report:   Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK. In the left panel, expand Windows Logs and then click on Application. Now, on the right side, click on Filter Current Log. Under Event Sources, (expand the drop down arrow) check only Wininit and click OK. You mayl be presented with one or multiple Wininit logs. Click on an entry corresponding to the date and time of the disk check. On the top main menu, click Action > Copy > Copy Details as Text. Paste the contents into your next reply. Thanks, Kevin..

 

[glivo1]

Hi Kevin,

Yes!!!  Hmmmm???  Thanks.  I was highly suspicious of the HDD at first, and I still am. However, one of the first things I did, before logging on here, was to swap the HDD out with a known good HDD from a decommissioned system of mine.  This only confuses the issue though, as it was sluggish as well. So, I was actually wondering if it may be a problem with the Motherboard.    My first thought was hardware but then I started to get the errors with running Total AV and the installation of MBAM which made me suspect possible malware.   It could have been both I guess.  I have already used Administrator Command Prompt and run CHKDSK the other day without the Repair switch and it didn't report any errors on either partition.

Either way, there will be a slight delay today as my daughter's boyfriend (a photographer) tries to back up nearly 800 Gb of digital photos on the D:\ partition. Last night I suggested it is best to attempt this now while the drive is still alive and before I run CHKDSK /R.   I'm amazed that he doesn't have a backup copy on an External Drive.

By the way, apparently Total AV was only recently installed on this machine after the boyfriend bought a new laptop only a few months ago. This included the licence to install Total AV for 4 devices with that purchase.  I don't know anything about the program.

Update: Oh dear!!  I have just gone to the kitchen to make a coffee and turned the monitor on. The screen is telling me that it is "Repairing disk errors. This might take over an hour to complete."  I have no idea how long it has been like that as it was normal Windows screen when I went to bed.  I guess we'll have to wait and see what happens here.

Before I end up wasting any more of your time, did you notice anything in the logs that indicated Malware?  If it is just a hardware problem I don't think we should tie you up.  If we get that far I will post you the report from CHKDSK /R either way.

Cheers and Thanks so far,

Greg

It's all academic now. Catastrophic failure of HDD. BIOS says SATA Port 1 is Empty.  I had installed a second working System disk and booted to Windows from that as the original HDD would no longer boot.  I was able to see both partitions of the original HDD (now I:\Windows and J:\Data) in File Explorer. I had an external 2 TB USB HDD connected which was showing as drive K:\.  I created a new folder on the External drive, but as soon as I tried to copy a few data files over it told me "You are trying to access a device that doesn't exist".  I tried to actually view a photograph file from the J:\Data drive but the Photos App could not open the file.  I thought shut every thing down and try again, clicked Power / Shut down and Windows told me "Preparing to Shut Down Windows. Do not turn you computer off."  After a long delay with the spinning wheel the computer appeared to shut down normally.  Both HDDs are now DEAD. We are now hoping that all of the data can be recovered by a specialist data recovery service.

 

Edited March 20, 2021 by glivo1

[kevinf80]

Hiya Greg,

There was indications in your logs showing the hard drive was having problems and failure was a possibility, chkdsk can sometimes help. I guess your HDD was in a worse state than the logs indicated.

It is still possible to recover data from a dead drive, specialists can be expensive but maybe very worthwhile if important personal data is involved. There is software available that may help to recover the data yourself.

Disk Drill maybe worth trying out yourself. It comes in two versions, Free and Pro. Before committing to the Pro version you could try the free version first. The free version only allows 500mb of data recovery, try that one out and if successful you could buy the Pro version. The following link gives good advice on data recovery and also includes a link to d/l Disk Drill...

https://www.cleverfiles.com/howto/dead-hard-drive-recovery.html   Let me know howyou get on..   Regards,   Kevin..

 

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you