DobyB27 Posted November 20, 2021 ID:1489277 Share Posted November 20, 2021 Dear support, I ask for help for the removal of two files that Malwarebytes has detected on laptop. My laptop's performance became very slow, it was creating random beeping sounds, and I watched the that task manager says it is running on max memory even tough I have almost no programs on my laptop. What malwarebytes detected were two files called PUP.Optional Spigot and as a location it says HKU S 1-5-21 with other following numbers. I have noticed an extension which I have removed, and quarantined the two files. However I still don't know if I have removed all completely. Can you please help me out? Thank you so much and I am waiting to hear from you! Here I have posted the txt file from the scanning history: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/19/21 Scan Time: 10:32 PM Log File: 9ff10eaa-4988-11ec-b65f-a01d48a8aed0.json -Software Information- Version: 4.4.11.149 Components Version: 1.0.1513 Update Package Version: 1.0.47385 License: Trial -System Information- OS: Windows 10 (Build 18363.1556) CPU: x64 File System: NTFS User: DESKTOP-97185F6\Krasimir -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 328336 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 12 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Spigot, HKU\S-1-5-21-925016652-2326629312-3528064532-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{489FE4AC-606D-4ED6-904A-7608BF46D063}, Quarantined, 145, 243431, 1.0.47385, , ame, , , Registry Value: 1 PUP.Optional.Spigot, HKU\S-1-5-21-925016652-2326629312-3528064532-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{489FE4AC-606D-4ED6-904A-7608BF46D063}|URL, Quarantined, 145, 243431, 1.0.47385, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489280 Share Posted November 20, 2021 Hello In order to begin to help you properly, I will need a diagnostic report in order to review & diagnose. Specifically the FRST Farbar diagnostic report. It is safe to get & use.https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs Attach FRST.txt + Addition.txt with your reply. You may if you wish, ZIP the 2 into a zip file & then attach. { just please do not copy, paste their contents in main body of reply box here.) 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 20, 2021 Author ID:1489285 Share Posted November 20, 2021 Dear Maurice, Thank you so much for your reply! Here are the files as requested. Addition.txt FRST.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489287 Share Posted November 20, 2021 Hello. Thank you. I am listing here the next steps. Please do as much of them as you can. [ 1 ] As a next basic step, Please make very very sure to set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
DobyB27 Posted November 20, 2021 Author ID:1489290 Share Posted November 20, 2021 Dear Maurice, here I have attached the log. As well I have enabled for my file explorer to show all files and there were some transparent temp files that showed up. The only thing that the adwcleaner found was a pre-installed software in the name of preinstalled.lenovo.easy.camera from vimicro.corp and with its registered key. The program is asking me if I want to quarantine the file? Let me know what you think! cleanlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489291 Share Posted November 20, 2021 If the preview screen is still there .... you can de-select the line for LenovoEasyCamera and then proceed with Cleaning the rest. 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 20, 2021 Author ID:1489292 Share Posted November 20, 2021 Dear Maurice, So I have deselected now the lenovoeasycamera , while the 8 pup legacy files still remained selected, and now the adwcleaner is asking me that all the processes will be closed before quarantining the selected items, so the correct step to press continue, right? Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489293 Share Posted November 20, 2021 Yes, continue, go forward. Push the Clean button & go forth. I am in process of mapping out the next steps for your machine. 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 20, 2021 Author ID:1489295 Share Posted November 20, 2021 Thank you! I have a message from windows that pops up frequently too that the account password might be changed and it sends me to fix it in the shared experiences from the settings. However, I am not the owner of this computer, but it is my sister's boyfriend who gave it to me last year, so I do not have access to the Microsoft account itself. Should I warn him to check regularly his account for any activities outside of himself? Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489297 Share Posted November 20, 2021 Try to get a screen-image-grab of that screen so I can see what it looks like. > Do keep in mind that we will run some other different scans later. Next steps: You need to Uninstall 2 Adobe Flash apps because they are obsolete & no longer supported, nor recommended. Adobe Flash Player 32 NPAPI Adobe Flash Player 32 PPAPI 1. Press & hold the Windows key on keyboard & then tap the R key to open the Run box-windoww. 2. Type appwiz.cpl and tap Enter. The Programs and Features window will appear. 3. Locate on the list "Adobe Flash Player 32 NPAPI". Do a right-click on it. Then choose Uninstall. Let it proceed. 4. Locate on the list "Adobe Flash Player 32 PPAPI". Do a right-click on it. Then choose Uninstall. Let it proceed. 5. Exit out of the Programs and Features app when completed. > We will use FRST64.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for DobyB27 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will clear the cache for Chrome browser & the EDGE browser. It will look for leftover (if any) entries for Adobe Flash & remove them. NOTE-2: This build of Windows 10 is out of support at Microsoft. Meaning, there needs to be ( at some later point. action by someone) to get it updated t the latest current Release. This script will do a housecleaning to get Microsoft Windows Update in good shape. The current build on this machine is from Fall 2019. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Start the Windows Explorer and then, to your Downloads folder RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it run and finish. In later rounds, I will guide you to a couple of report requests & other scans. Patience & persistence recommended. I will check back as I can. Simply keep in mind I am a volunteer & doing this as I get free time. 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 20, 2021 Author ID:1489299 Share Posted November 20, 2021 Dear Maurice, Thank you so much for your help! I will perform these step when I have some more time as well to follow the procedures. It was of utmost importance for me that the laptop is not in immediate malware threat and with your help I really think it is all good for now! Thank you again and take care of yourself! I will keep the post updated. With respect, Doby 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 21, 2021 ID:1489313 Share Posted November 21, 2021 Just to point out. The fix script can be started at like the end-of-day when you are not needing to use the system otherwise. You would start the run as outlined. Once you see it has started & is progressing, then you can walk away and let it just run. When you get back, you should see the result message. Or if Windows ent into sleep mode, you would just log back on. and then see. Just makin a suggestion to help this system along. It would not take much effort. After you finish this, there would be a couple of other reports to get. 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 21, 2021 Author ID:1489327 Share Posted November 21, 2021 Dear Maurice, The fix and restart actually took like just 10 min. Here I have attached the file as well as the other antivirus found another file from adobe that is quarantined now as suggested by the program. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 21, 2021 ID:1489344 Share Posted November 21, 2021 Good afternoon. Thank you for the Fixlog. The custom run is good. The Windows System File Checker did not find any problem. This machine should be in a much better state for future Microsoft Updates. Let me have you run 2 reports. These do not take a lot of time. Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file. [ 2 ] Now a readout report as to update status of some key apps. I need this to get additional detail on status of Microsoft Defender. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 21, 2021 Author ID:1489350 Share Posted November 21, 2021 Thank you for your reply! Hope you are doing alright! Here are the two files are requested. Previously I have been using a program for video editing and I think that the security check found something about it. Let me know what you think! SecurityCheck.txt FSS.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted November 21, 2021 Solution ID:1489351 Share Posted November 21, 2021 Doing well, thanks. The FSS report is good and normal. What follows are the items that you need to look at & insure they have the latest Update release ( or in a few cases, to be Uninstalled ) as per the SecurityCheck. WinRAR 5.70 (64-bit) v.5.70.0 Warning! Download Update Zoom v.5.7.7 (1105) Warning! Download Update µTorrent v.3.5.0.43916 Warning! Ad-supported P2P-client. iTunes v.12.5.4.42 Warning! Download Update ^Please use Apple Software Update tool.^ Mozilla Firefox (x64 en-US) v.94.0.1 Warning! Download Update Avast Secure Browser v.95.0.12827.70 Warning! Download Update Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. 1 Link to post Share on other sites More sharing options...
DobyB27 Posted November 21, 2021 Author ID:1489354 Share Posted November 21, 2021 Thank you! I will update what needs to be updated and have also deleted the program and the extension that I do not use anymore. Thank you again for your help, guidance and support! I wish you all the best! With respect, Doby Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 21, 2021 ID:1489355 Share Posted November 21, 2021 Hello Doby. You are very welcome. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete Fss.exe Delete Securitycheck.exe Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 21, 2021 ID:1489356 Share Posted November 21, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts