Jump to content

Recommended Posts

Hi there

Had a couple of strange things happen to my laptop in the past week and would like to do a check to make sure the system is clean/safe.

Firstly on 17th Jan I left it on sleep for about half an hour; locked, not connected to wifi and not plugged in and when I came back the battery was at 1% and the recycle bin folder was open. I reinstalled Windows (keeping files and folders) but didn't think to check battery useage before doing that (I've got ADHD so bit of an impulsive move there from me). No-one else had physical access to the laptop in the time I was away.

After looking up a few possibilities I thought I might've been mousejacked so I have switched to a wired mouse (was previously using Logitech M310). 

Last night after using a HDMI cable to project to another screen I removed the cable and the laptop restarted of it's own accord and took a lot longer than usual to go from initial Acer screen to Windows login.

Are there a few system scans I can do to check everything is ok? I have Bitdefender Total and Antispyware installed

Thank you

Eddie

Link to post
Share on other sites

  • Root Admin

Hello @EddieM

Let us get some logs and we'll see what we can find and proceed from there.

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

I don't see an obvious infection but something is causing services or apps to fault.

Please temporarily disable your Bitdefender antivirus and run the following antivirus scanner.

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

  • Thanks 1
Link to post
Share on other sites

Hi, thanks for the clear instructions, it's appreciated

I ended up having to do two scans (one partial, one full) as I didn't realise it would take so long (nearly 2 hours) and had to turn the laptop off during the first scan as I didn't have the time to let it run. The first one produced a .klr file but the second produced a .klr.enc1 file that when opened with notepad doesn't look like readable information? I've attached both

Both scans came up with nothing detected.

Thanks, Eddie

report_2022.01.25_13.27.04.klr.txt report_2022.01.25_19.06.07.klr.enc1.txt

Link to post
Share on other sites

  • Root Admin

Yes, the second one is encrypted which is why the special instructions. Since nothing was found that helps confirm my findings too. @EddieM

Let's go ahead and do some other checks though

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Great, the only item out dated there is OneDrive. You should update that. If you don't use it you can actually uninstall it but Microsoft will keep trying to get you to install and use it. They push their Cloud services too heavy these days, I wish they back down a bit from that.

------------------------------- [ Backup ] --------------------------------

Microsoft OneDrive v.19.043.0304.0013 Warning! Download Update

 

How is the computer working now otherwise?

Any obvious issues or concerns before we finish up here @EddieM

 

  • Thanks 1
Link to post
Share on other sites

I use OneDrive very rarely (usually when doing backups of things) so I'll update that thanks.

It is being a little buggy occasionally: little flickers on the screen/screen refresh when I switch between apps or close something down but it's not all the time. Conflicting apps? I appreciate it's an old-ish laptop and might be starting to gradually deteriorate in terms of performance.

Do you have any idea what could have caused the battery to drop to 1% and the recycle bin be opened? It's such a random thing I've never seen before in any laptop or pc I've had.

Thanks, Eddie

Link to post
Share on other sites

  • Root Admin

I mean about the only way to greatly improve speed, performance, and safety would be to format the drive and reinstall Windows.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

We can do a Generic cleanup script if you want to see if that helps to improve some performance.

Please temporarily disable Bitdefender and run the following fix below.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • 2 weeks later...

Hey sorry for slow response, Fixlog attached

I haven't had chance to do the windows reinstall yet

System seems to be running ok. I've been getting a desktop notification every 24-48 hours saying Bitdefender has updated and system needs to restart (this is a lot more frequent than usual - I can go on their forum to check this though if necessary).

Thanks, Eddie

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Yes I'd recommend you check with the Bitdefender support if update notices are happening too often.

The log looks good.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  3. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  4. Install a content blocker for your browser. Malwarebytes Browser Guard (Free)
    Firefoxhttps://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/  
    Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee 
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • 3 weeks later...

Hey again

Bit of a delay getting this done. Tried it today, seemed to pause/hang on 'delete windows module installer' for about 15 minutes (been having problems with this using high cpu in task manager recently as well). Checked it wasn't using any disk memory/cpu and turned laptop off (not sure if it coincided with a windows update?).

Here's the attached notepad file. Laptop not running well for past few weeks; lots of high cpu usage from various windows stuff, very unresponsive generally and takes over a minute to shut down properly. Will try to do a clean install at some point cos something isn't right

Thanks for your help

kprm-20220227170434.txt

Link to post
Share on other sites

  • Root Admin

The log did not complete and the System Restore it was supposed to have created at the end is not shown.

If you've rebooted it's best you try to create your own new System Restore Point now.

Again, at this point it really would behoove you to at least consider at least doing an in-place repair if you're not going to do a CLEAN install (recommended)

 

How to Do a Repair Install of Windows 10 with an In-place Upgrade
https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html
 

If you do decide to do a CLEAN install of Windows then here is a great link for that

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.