Jump to content

Recommended Posts

Hi,

I'm not sure if my PC has been infected with something but, for the past week, it takes longer than normal to start-up and shutdown. Also, windows explorer is occasionally sluggish opening and minimising (I usually have to restart it for it to start acting normal again).

I've checked the health of my hard drive and RAM and they seem to be okay. However, mbam did find a bunch of PUP files.

If anyone can assist, it would be greatly appreciated.

Thanks.

FRST.txt Addition.txt Addition (2).txt mbam.txt

Link to post
Share on other sites

Hello @Vetiver   :welcome:

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

Thank you. Do as much as you can of all of the following.  Keep going down the list.

I see that Chrome browser has some involvement.  One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s).  Especially in situations like this.  And we want to Delete the cache file & the browser history.   For now, some very basics.

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync 

and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

IF you do not see it, OR if you cannot do, skip down and do all that follows.   Meaning, keep going down this list.

 

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

Link to post
Share on other sites

Thanks very much for your detailed response. It's much appreciated.

I followed all five points as instructed. Only Chrome needed its settings changed for point 4 (Firefox was fine).

I've since turned off and then turned back on my PC (as opposed to restarting it) three times, and every time it has started up normally. So, I think the problem has been resolved but I will monitor the situation for the next 2-3 days.

Out of curiosity, do you happen to possibly know why this started happening? I've been using Chrome for years but only experienced this problem over the past week or so. Also, why did the PC take so long to start-up? Did it have something to do with the registry?

Once again, many thanks.

 

Link to post
Share on other sites

When you started here, you mentioned 2 things

  1. it takes longer than normal to start-up and shutdown.
  2. windows explorer is occasionally sluggish opening and minimising

Barring a actual infection, one could attribute that to pc's having Windows 7 , plus, to most likely old hardware.  And just the need to do serious housekeeping  ( like clearing up Free space & deleting all CACHE & history in all browsers on a regular basis).

Just by the way, stay out of Registry and any thing that claims to be a registry optimizer or cleaner.  Do NOT use any !!!

Which by the way, why is CCleaner Smart Cleaning set to run on auto ?  What is that set to do ?

If it is doing anything other than removing temporary files, then remove that.

You can use the Windows built-in CLEANMGR applet to cleanup space by hand on-demand under your own control.  Plus CCleaner could be one thing slowing down pc.

>

This pc seems to have Avast Antivirus.  Has that identified any virus or infection recently?

And has it been the only antivirus ever installed on this rig?  If pc has ever had any other name-brand A-V recently, we need to know which one.

>

This pc has SUPERAntiSpyware,   Has it reported any actual infection recently?

Are you done with it ?  Is it just the free version ?

If trial mode, then why is it set to auto-start ?   Taking out of auto-start will gain you back some additional speed.

>

Before I relay some other general advice, let me suggest you do one quick scan.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select QUICK scan.

Then start the scan. Have  patience. 

  • Once you see it has started, take a long  break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Let me know the result of this.    

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

 

Link to post
Share on other sites

Okay, I’ll try and answer your comments and questions the best I can.

1) Yes, it is a Win7 system but, unless something is malfunctioning or dying, I very much doubt the problem is due to ‘old hardware’. As I said before, the problem only started very recently (and I’ve already stated that I tested some of the hardware).

2) I do ‘housekeeping’ every few weeks, so that’s not an issue.

3) I’ve never gone directly into the registry or used a registry optimiser.

4) So, you wouldn’t advise using CCleaner? I use the CLEANMGR applet on a regular basis too. What’s your thoughts on TFC? Would that make a better substitute? Btw, I've just uninstalled CCleaner.

5) The CCleaner Smart Cleaning and SUPERAntiSpyware auto-start-up settings you mentioned were set that way by default. I’ve now deactivated the auto-start-up for SUPERAntiSpyware but I’ve been using that program for years. I’m sure I deactivated auto-start-up in the past but I probably forgot when I last upgraded it.

6) Yes, I have the trial version of SUPERAntiSpyware. It has only detected cookies for as long as I can remember.

7) Avast Antivirus is the only antivirus program that I have installed and have been exclusively using it for years. No infections were identified.

8) The only extra piece of information I can provide is that I recently uninstalled JDownloader2, which I obtained from the official website. I had it installed for less than a month.

9) No luck with the Microsoft Safety Scanner, as I keep getting an error message (attached).

 

Error.PNG

Link to post
Share on other sites

Oh, I almost forgot to mention. Those two things I mentioned, I discovered something over the last couple of days.

Instead of logging in and experiencing the sluggish performance yet again, I restarted the system every time instead, and it started-up fine and worked as normal.

 

Link to post
Share on other sites

5 minutes ago, AdvancedSetup said:

Hello @Vetiver I'll let @Maurice Naggar continue to assist you but just wanted to interject in case it may help that maybe the computer needs one or more updates possibly?
 


 

Hi,

Thanks for making me aware of that. The problem is, I'm not sure how to check if there's something missing (although, from what I can see, the last installed update was in December 2019). The last thing I want to do is screw-up my system.

Any suggestions to approach that link would be appreciated.

 

Link to post
Share on other sites

  • Root Admin

First make sure the system is running how you like. Then create a new System Restore Point.

Then go through the links. If it has already been installed the installer will tell you and won't typically reinstall. Then move on to the next.

If you're going to stay on Windows 7 though I highly recommend you get an external USB drive that is large enough to do a back up image using something like Macrium Reflect so that you always have a full image of the system to restore back to because a fresh clean install of Windows 7 will be very difficult to do going forward.

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software


Macrium Reflect discussion
https://forums.malwarebytes.com/topic/264011-backup-files-software-which-one-to-choose-2020/?tab=comments#comment-1408188

 

Link to post
Share on other sites

Thanks, @AdvancedSetup. That's what I needed to hear.

As for using Win7, I only plan to stick it out for another year or so, solely for environmental reasons. My other devices have Win10, so it's not that I'm anti-Win10.

Thanks for mentioning Macrium Reflect. I already have an image back-up on an external hard drive but am currently using Windows Backup.

 

Link to post
Share on other sites

Hello @Vetiver

You noted 

Quote

So, you wouldn’t advise using CCleaner? I use the CLEANMGR applet on a regular basis too. What’s your thoughts on TFC? Would that make a better substitute? Btw, I've just uninstalled CCleaner.

Cleanmgr & TFC are OK for use here.

You mentioned 

Quote

I restarted the system every time instead, and it started-up fine and worked as normal.

I had no idea that you had been relying on wake from Sleep mode.  Doing a daily Shutdown at end-of-day is always best.  And then a regular power-up restart the next time is the way to go.

>

On a separate matter, it looked to me that you recently got Combofix.  That tool has not been updated in many years.  Do not use it.  One can use Malwarebytes for Windows and a number of other current tools to check for potential malware.

>

Sorry to see that the Safety scanner failed to run.  We can run other tools if you wish.

But first, lets check if some key apps are up-to-date.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

                                     If Windows's  SmartScreen block that with a message-window, then
                                     Click on the MORE INFO spot and over-ride that and allow it to proceed.

  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

Hi Maurice,

Thanks for clarifying the use of Cleanmgr together with TFC. In future, I will only use those two.

As for what you said about sleep mode, I think you misunderstood. When I first start-up the PC, it takes ages for the Windows greeting screen to appear (it's been this way for over a week). Now, instead of logging in, as I would normally do, only to discover that the system is once again sluggish, I restart immediately and that's when the system boots properly.

Btw, I always turn off my PC at the end of the day (well at least 99% of the time). If not for the cache and 'wear and tear' then most certainly to conserve on electricity!

Combofix - I downloaded it last week and ran it once. It found nothing and no changes were made. I deleted it yesterday. But thanks for letting me know about that one.

Sadly, the problem returned this morning. Before then, I downloaded and installed any missing Windows security files that @AdvancedSetup brought to my attention (at least 80% of the files were for Office).

SecurityCheck log attached.

Many thanks!

 

 

 

SecurityCheck.txt

Link to post
Share on other sites

Just so you know .... what I am urging is that you do a SHUTDOWN using the Windows menu to accomplish that....at end of day.

Thus the next time you want to use the system, you would be doing a regular new startup.

>

Thanks for the SecurityCheck report.

Q:  Do you use Windows Live Mail ?

Q: Do you use Windows Live Essentials ?

These applications are in need of updating.   Having latest updates is a key part of staying secure.

Adobe Shockwave Player 12.3 v.12.3.4.204   Warning! This software is no longer supported. Please uninstall it.
swMSM v.12.0.0.1 << Hidden   Warning! This software is no longer supported. Please uninstall it.

Advisory:

Windows Movie Maker 2012 Warning! This software is no longer supported.

WinRAR 6.01 (64-bit) v.6.01.0 Warning! Download Update
Skype version 8.57 v.8.57   Warning! Download Update

>

These here are Microsoft Updates for this Windows version  that you ought to seriously make plans to get and have them updates to thic system.

HotFix KB4012212 Warning! Download Update
HotFix KB4499175 Warning! Download Update
HotFix KB4539602 Warning! Download Update

After finilizing those updates, we need to be sure to do a SHUTDOWN  and then a RESTART.

Keep me advised on these.   Later on, I will guide you further.

Link to post
Share on other sites

28 minutes ago, Maurice Naggar said:

Just so you know .... what I am urging is that you do a SHUTDOWN using the Windows menu to accomplish that....at end of day.

But that is what I do every day. I'm sorry if you misunderstood, but you could have asked for clarification and I would have been happy to oblige.

Anyway, the following have been uninstalled:

Windows Live Essentials 
Adobe Shockwave Player
Windows Movie Maker 2012

The current versions of WinRAR and Skype have now been installed.

All three Windows HotFixes have now been installed.

swMSM v.12.0.0.1 - How can I find this? 

Out of curioisty, why has my system been missing certain Windows updates, even though I used to regularly check for updates? 

Link to post
Share on other sites

on swMSM lets hold off for later.  It will involve searching the installed programs in Programs & Features.

On Microsoft Updates cant tell just now.  Put that off for later too.

By the way, if your hardware is capable & if you want to consider updating to Windows 10 let me know.  That would extend the security of your system.  Free upgrade from Microsoft to Windows 10 is doable.

>

I would like to have you run System File Checker.  First some procedure to save copies of current registry.

We need to Show all files in Windows 7:

Press and hold Windows-key+E key on keyboard to start Windows Explorer.
From the Windows Explorer menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck "Hide protected operating system files (Recommended).
Locate and click "Show hidden files and folders and drives. "
Click Apply > OK.

Next
1. Go Here and download ERUNT EXE   and Save it to your Desktop
https://www.bleepingcomputer.com/download/erunt/

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start "ERUNT"
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked
6. Press "OK"
7. Press "YES" to create the folder.

Next
Look at this article https://www.sevenforums.com/tutorials/682-command-prompt-startup.html
Keep focus on just "Option TWO"
Do the steps to get to "Safe Mode with Command Prompt"

In the command-prompt-window type in this whole line as-is

sfc /scannow

tap Enter key to proceed.  Wait for it to finish.  Jot down the bottom line results so that you can relay that to me later.

Next

In the command-prompt-window type in this whole line as-is

chkdsk /f

tap Enter key to proceed.  Wait for it to finish.  Jot down the bottom line results so that you can relay that to me later.

Link to post
Share on other sites

Hi Maurice,

Many thanks for the Win10 offer. Let me think it over, after this dust settles with this, and I'll get back to you.

Okay, I've done everything you requested.

sfc: "Windows Resource Protection did not find any integrity violations."

chkdsk: "chkdsk cannot run because the volume is in use by another process." (I then ran it again, upon restarting, but the results scrolled past quickly. Please let me know if you need me to run this again.)

 

Link to post
Share on other sites

Hoping the safe-mode-command prompt is still there.

Type in this line as-is on the command prompt

ECHO Y|CHKDSK C: /F

and press Enter.

It will queue it up to be done on the next restart.

So then close the command-prompt  and then do a normal regular Windows startup.

The chkdsk ought to run just before the next Windows start.

Link to post
Share on other sites

Okay, I tried the new command prompt but I got the same message. When I typed 'y', it wouldn't recognise the command, so I tried the first command prompt again and filmed the final stages during the restart.

Windows found no problems with the file system and there are zero bad sectors.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.