Deep scan (threat scan with scan for rootkits enabled) takes 14-18 hours

[plaurits]

Deep scan (threat scan with scan for rootkits enabled) takes 14-18 hours to complete – threat scan is fine.Deep scan (threat scan with scan for rootkits enabled) takes 14-18 hours to complete – threat scan is fine.

Details:

Hi

I have noticed below issue on my Dell Opliplex 745 windows10 20h2 with 256 GB SSD system disk and 6GB ram.

Malwarebytes set in windows security center.

 

When performing threat scan, this scan completes OK in less than 30 minutes.

However when including scan for rootkits, scan takes 14-18 hours to complete – I have tried multiple times.

If I perform deep scan with avast free antivirus, which includes scanning for rootkits, this scan takes less than 6 hours (on same PC of course).

Hence adding scan for rootkits to threat scan is not an option.

Pls. advise.

Peter Lauritzen

Seodenmark.com

 

210524 deep scan.txt 210528 threat scan.txt 210530 threat scan.txt

[Porthos]

2 hours ago, plaurits said:

Deep scan (threat scan with scan for rootkits enabled) takes 14-18 hours to complete – threat scan is fine.Deep scan (threat scan with scan for rootkits enabled) takes 14-18 hours to complete – threat scan is fine.

Threat scan is all that is needed

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

If you need a flat file scanner to check archived data/drives, I would recommend using one of the many available free AV scanners such as Kaspersky's Virus Removal Tool, ESET's Free Virus Scan, or even the built in Windows Defender that ships with Windows 8/8.1 and Windows 10.  Links to the first two scanners I mentioned can be found below:

https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool
https://www.eset.com/us/home/online-scanner/

More info HERE https://forums.malwarebytes.com/topic/253972-malwarebytes-4-faqs/?do=findComment&comment=1346719

[1PW]

Hello @plaurits and

I do not wish to belittle your computer in the least but with little doubt that probably near fourteen-year-old, $60.00USD computer is seriously resource starved.  Ticking a threat scan's "Scan for rootkits" will always add significantly to total scan time.

Please follow the advice given by @Porthos above or...

Do not invest any new money in that rig.  Do consider upgrading to something new or more recent where RAM can be around 16GB.  I'm very surprised the capacitors on that motherboard haven't started manifesting ESR issues.

Good luck and HTH.

[plaurits]

Thanks a lot Porthos for detailed and constructive response.

Two comments:

1. I guess that conclusion is that I do not need to scan for rootkits on system drive regularly?

2. Since I used avast free antivirus earlier on, why is avast deep scan incl. scan for rootkits much faster?

br Peter

[Porthos]

8 hours ago, plaurits said:

I guess that conclusion is that I do not need to scan for rootkits on system drive regularly?

That is correct.

8 hours ago, plaurits said:

Since I used avast free antivirus earlier on, why is avast deep scan incl. scan for rootkits much faster?

No two rootkit scanners are the same.

8 hours ago, plaurits said:

Since I used avast free antivirus

Do you use the free Malwarebytes or the paid?

Please also refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Avast.

[plaurits]

Hi Porthos

Thanks again for swift reply.

I was using malwarebytes free until recently, where I decided to switch to premium version, primarily to get scheduling feature.

One last question: I have set Malwarebytes in windows security center, I guess this is recommended although this is not the default setting? I.e. Defender turned off.

br

Peter

 

 

[Porthos]

1 minute ago, plaurits said:

One last question: I have set Malwarebytes in windows security center, I guess this is recommended although this is not the default setting? I.e. Defender turned off.

Personally, I turn off Malwarebytes in the security center. I belive in having both MB and Defender active.

Quote

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution-only.

And,

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

An AV will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, you get an email with an infected attachment, Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made. Macrium Reflect free is the program I use and place on every computer I service.

 

[plaurits]

Thanks again Porthos

1. I have followed your advise and made defender default AV - as per the default setting in MB.

2. I already run daily incremental/weekly full backup using macrium reflect on all my windows PCs.

 

[Porthos]

12 minutes ago, plaurits said:

I already run daily incremental/weekly full backup using macrium reflect on all my windows PCs.

Backup images are even more important than any security program you can install. Good job.

I hope you keep the external drive disconnected between backups. If not I recommend the paid version of Macrium that adds image guard .

[plaurits]

Yes, I already use the paid version of macrium reflect including image guard

[AdvancedSetup]

Hello @plaurits

If you can get us some logs we can better tell what is running on the computer and possibly add other suggestions

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[plaurits]

Thanks

Issue in this case was performance of mb with scan for rootkits enabled.

Porthos has already explained that this is as expected on this old dell optiplex 745 pc.

On 6/1/2021 at 12:32 AM, Porthos said:

Threat scan is all that is needed

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily),

I have been running mb incl. scan for rootkits multiple times and mb found nothing.

So why run farbar recovery tool? I.e. are you suspecting some issues which mb did not find?

br Peter

[AdvancedSetup]

Nope, not looking for malware. Just looking to possibly add some advice on items that may not be needed, or some type of clean up on an old computer, but if you're happy with how the computer is running then no need.

Thanks and have a great day

Cheers

 

[plaurits]

PC is working fine, but I will send the files you requested anyway whenever scan has completed.

[plaurits]

files added

Addition.txt FRST.txt

[AdvancedSetup]

You have the following listed Antivirus that does not appear to be installed.

AV: System Shield (Disabled - Up to date) {CFD1F43D-7501-B54F-88CE-D3F6D5EF8990}

You have elements of Avast software in both browser and WMI entries - I would highly recommend full removal of left over Avast software no longer being used.

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AutoUpdate" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\Heimdal Security Service Monitor" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\malwarebytes" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d70a0bb0d9a9aa" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2999565233-1362888185-979996595-500" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\WD Device Agent Task peter" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\WD Discovery Service Task peter" /ENABLE
Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE

Not sure if this plugin was involved but Avast was caught selling user data before. You might want to consider removal

FF Extension: (Avast SafePrice | Sammenligning, tilbud, kuponer) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\8j32ck7d.default-release\Extensions\sp@avast.com.xpi [2019-02-19]
FF Extension: (Avast SafePrice | Sammenligning, tilbud, kuponer) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\x2u3dogo.default\Extensions\sp@avast.com.xpi [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\8j32ck7d.default-release\Extensions\wrc@avast.com.xpi [2020-06-10] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Avast Online Security) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\x2u3dogo.default\Extensions\wrc@avast.com.xpi [2018-07-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-02-16]
CHR Extension: (Avast Online Security) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-28]

C:\ProgramData\AVAST Software
C:\WINDOWS\system32\Tasks\Avast Software

Adobe Flash Player has been discontinued and should be uninstalled

Adobe Flash Player 32 NPAPI (HKLM-x32\...\{3D5C181E-07C2-4964-BD0F-76F14CA9A0DD}) (Version: 32.0.0.465 - Adobe)

Bonjour is not needed on Windows and is a very noisy discovery program. About the only reason you may need it is if you're trying to connect an Apple TV throgh Windows, otherwise I'd highly recommend you uninstall it. Your network will thank you.

CCleaner is no longer recommended by most experts.

Is CCleaner Safe? Not Quite. And We Show You How to Replace It
https://www.makeuseof.com/tag/stop-using-ccleaner-windows/

These policies appear to date back to the old NT4 days. Are you sure you want or need them?

If you enable the Disable legacy run list Group Policy at User Configuration\Administrative Templates\System\Logon/Logoff or
Computer Configuration\Administrative Templates\System\Logon/Logoff, the applications in the the Registry RUN key, at
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
will not run when a user logs on.

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1

You also have a policy disabling System Restore. I highly recommend that you do not do that. Having a good System Restore Point can save you time and grief

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION

No real concern, just asking because almost no one uses a FAX anymore. Do you still need or use Fax functionality ?

HKLM\...\Print\Monitors\HP Fax Port: C:\WINDOWS\system32\hppfaxprintermon5.dll [22016 2009-09-22] (Hewlett-Packard Company) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]

You're alternate shell is blank
AlternateShell:

You have group and policy restrictions - nothing wrong with that in many cases as long as it was you that set them and not some Trojan or malware

GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

There is more I'd personally clean up but it's late and you didn't seem too interested in cleaning up so I wouldn't want to waste your time if you're not interested.

Thanks and have a great day

 

[plaurits]

Hi

Thanks a lot for analysis, I will check your findings to see if I can optimize this PC.

I surely want to clean up as much as possible.

Br

Peter

[plaurits]

This PC was installed on win7 and later upgraded to win10.

[AdvancedSetup]

It's up to you. I can write a script to clean up and remove most items automatically as well as other general maintenance. If that's something you''d like to do let me know.

Cheers

 

[plaurits]

 

Hi  AdvancedSetup

 

Thanks for input, pls. find below my comments with your input in italics.

 

 

You have the following listed Antivirus that does not appear to be installed.

 

1. AV: System Shield (Disabled - Up to date) {CFD1F43D-7501-B54F-88CE-D3F6D5EF8990}

 

You have elements of Avast software in both browser and WMI entries - I would highly recommend full removal of left over Avast software no longer being used.

 

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

 

PL/210602:       I have used avastclear removal program a number of times, are you saying that this is not sufficient? If yes how to remove completely?

 

2.  

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AutoUpdate" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\Heimdal Security Service Monitor" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\malwarebytes" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d70a0bb0d9a9aa" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2999565233-1362888185-979996595-500" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\WD Device Agent Task peter" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\WD Discovery Service Task peter" /ENABLE

Task: {993572AB-BFE9-4067-B47D-89B9A37F0DA5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE

 

Not sure if this plugin was involved but Avast was caught selling user data before. You might want to consider removal

PL/210602:       Agree, any impact of this as long as avast is disabled? how to remove?

 

3. FF Extension: (Avast SafePrice | Sammenligning, tilbud, kuponer) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\8j32ck7d.default-release\Extensions\sp@avast.com.xpi [2019-02-19]

FF Extension: (Avast SafePrice | Sammenligning, tilbud, kuponer) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\x2u3dogo.default\Extensions\sp@avast.com.xpi [2019-02-19]

FF Extension: (Avast Online Security) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\8j32ck7d.default-release\Extensions\wrc@avast.com.xpi [2020-06-10] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]

FF Extension: (Avast Online Security) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\x2u3dogo.default\Extensions\wrc@avast.com.xpi [2018-07-17]

CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-02-16]

CHR Extension: (Avast Online Security) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-28]

 

PL/210602:       Agree, any impact of this as long as avast is disabled how to remove?

 

4.  

C:\ProgramData\AVAST Software

C:\WINDOWS\system32\Tasks\Avast Software

PL/210602:       will remove manually. Any impact of this as long as avast is disabled?

 

 

 

5. Adobe Flash Player has been discontinued and should be uninstalled

 

Adobe Flash Player 32 NPAPI (HKLM-x32\...\{3D5C181E-07C2-4964-BD0F-76F14CA9A0DD}) (Version: 32.0.0.465 - Adobe)

 

PL/210602:       will remove

 

 

6. Bonjour is not needed on Windows and is a very noisy discovery program. About the only reason you may need it is if you're trying to connect an Apple TV throgh Windows, otherwise I'd highly recommend you uninstall it. Your network will thank you.

PL/210602:       will remove

 

7. CCleaner is no longer recommended by most experts.

 

Is CCleaner Safe? Not Quite. And We Show You How to Replace It

https://www.makeuseof.com/tag/stop-using-ccleaner-windows/

 

PL/210602:       ok, which cleanup program to use instead? Tried iolo system mechanic, but gave up due to hopeless support.

 

 

 

8. These policies appear to date back to the old NT4 days. Are you sure you want or need them?

 

If you enable the Disable legacy run list Group Policy at User Configuration\Administrative Templates\System\Logon/Logoff or

Computer Configuration\Administrative Templates\System\Logon/Logoff, the applications in the the Registry RUN key, at

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

and

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

will not run when a user logs on.

 

 

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1

HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1

 

PL/210602: I surely don’t need them. How to remove?

 

9. You also have a policy disabling System Restore. I highly recommend that you do not do that. Having a good System Restore Point can save you time and grief

 

 

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION

 

PL/210602: Not needed since macrium daily backup takes care.

 

 

10. No real concern, just asking because almost no one uses a FAX anymore. Do you still need or use Fax functionality ?

PL/210602: No and I don’t have HP printer any more.

 

 

HKLM\...\Print\Monitors\HP Fax Port: C:\WINDOWS\system32\hppfaxprintermon5.dll [22016 2009-09-22] (Hewlett-Packard Company) [File not signed]

HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]

 

11. You're alternate shell is blank

AlternateShell:

 

PL/210602: What do you suggest?

 

12. You have group and policy restrictions - nothing wrong with that in many cases as long as it was you that set them and not some Trojan or malware

 

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

PL/210602: What do you suggest?

[AdvancedSetup]

 

Personally I suggest you uninstalling anything you no longer want or use via the Control Panel, Programs, Uninstall

Then once you're done run the FRST program again and click on SCAN and attach back both new logs and I will write you a clean up script to remove what is left over.

 

[plaurits]

OK, will do.

Going forward, which automatic cleaning/optimization tool other than ccleaner and iolo system mechanic do you recommend?

[Porthos]

3 minutes ago, plaurits said:

OK, will do.

Going forward, which automatic cleaning/optimization tool other than ccleaner and iolo system mechanic do you recommend?

https://www.makeuseof.com/tag/best-way-clean-windows-10-step-step-guide/

[plaurits]

OK, I guess conclusion is that there is no automatic tool which can be recommended?

[AdvancedSetup]

Microsoft Windows 10 already performs the vast majority of required maintenance on it's own. These other options are just that, options to users that for one reason or another feel they want or need to do more.

Have you uninstalled the items you no longer want yet?

Please run a new scan with FRST and attach back both logs and I'll write up the clean up script.

Cheers @plaurits