"Sprig Electron View"???

[brucemc777]

Thank you for considering my problem and thank you for your knowledge & expertise!

 

A shutdown of my PC running W11 Pro for Workstations was delayed a couple days ago in order for something called "Sprig Electron View" to close. I think i copied that correctly...

I am finding bits and pieces of that name in an internet search, but nothing exact, so i possibly wrote it down close but wrong.

Does anyone know what this might be? I'm afraid i am naturally paranoid, and this computer that i only got in Dec 2022 is running notably slower than it did at first!

Gratefully,

-Bruce

 

Device name  (reacted)(Never was taught that word in high school nor college...)
Processor    Intel(R) Xeon(R) W-1370P @ 3.60GHz   3.60 GHz
Installed RAM    16.0 GB (15.7 GB usable)
Device ID    3B3F6463-0503-4BE7-98A5-45740BA2A2F5
Product ID    00391-50000-00000-AAOEM
System type    64-bit operating system, x64-based processor
Pen and touch    No pen or touch input is available for this display

Edition    Windows 11 Pro for Workstations
Version    22H2
Installed on    ‎12/‎28/‎2022
OS build    22621.1992
Experience    Windows Feature Experience Pack 1000.22644.1000.0
 

[Porthos]

6 minutes ago, brucemc777 said:

and this computer that i only got in Dec 2022 is running notably slower than it did at first!

Please do the following so that we may take a closer look at your system.

Please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply
  
   

Thank you

[brucemc777]

Glad you know what you are doing, because i sure don't... Over the years i have done a lot (A LOT) of damage having just enough knowledge to be dangerous. I finally, after decades of messing up, learned to seek help of good smart folk like you!

 

Thank you, here we are!mbst-grab-results.zip

[brucemc777]

Oh, when i did the restart i ran into Sprig again, scrambled to take a picture and did so just in time. Looks like DropBox, but anyone can borrow an icon... (attached)

 

Edited August 4, 2023 by AdvancedSetup
Fixed inline image placement

[Porthos]

7 minutes ago, brucemc777 said:

Looks like DropBox, but anyone can borrow an icon.

Just a thought. Could you exit Dropbox fully before you restart just to see if it is the issue?

[brucemc777]

At first i felt a bit stoooopid as when i shut DropBox down and then shut the computer down, it did not delay shutdown. Then i shut the computer down again without exiting DropBox and there again was no Sprig Electron View delaying anything. Did that a couple times before i had to get back to business! Guess no matter what i am paranoid-

[AdvancedSetup]

Hello @brucemc777

Please give me some times. I'm reading your logs now. Will be back with some suggestions soon

 

[Porthos]

5 minutes ago, brucemc777 said:

when i shut DropBox down and then shut the computer down, it did not delay shutdown. Then i shut the computer down again without exiting DropBox and there again was no Sprig Electron View delaying anything.

Shutting down is different from restarting. You have fast start enabled in Windows.

I suggest turning off fast startup in Windows. Then restart.

 

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

 

 

Edited August 4, 2023 by AdvancedSetup
Updated information

[brucemc777]

Thank you, never had a clue that existed!

I started with a Commodore 64 and stayed pretty much well informed up to roughly 2000, then the train blew by me...

[AdvancedSetup]

Please get me an updated set of scan logs using the following program @brucemc777

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[brucemc777]

Anyone that respects TOS has my respect...Addition.txt

Thank you!

FRST.txt

[AdvancedSetup]

Please follow the steps below @brucemc777

 

[ 1 ]

Please create a NEW System Restore Point

Create System Restore Point in Windows 11
https://www.elevenforum.com/t/create-system-restore-point-in-windows-11.3602/

 

[ 2 ]

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled. I would recommend disabling all PUSH notifications unless you really need them.

FF Notifications: Mozilla\Firefox\Profiles\anqkyi9q.default-release -> hxxps://forum.kee.pm; hxxps://www.elevenforum.com; hxxps://forum.glasswire.com

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

[ 3 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

• Bonjour

 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

[ 4 ]

Your current DNS Servers:  192.168.1.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

• Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
• Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
• OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
• DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 5 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

• NOTICE: This script was written specifically for this user, for use on this particular machine.
• Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder D:\BEM\Downloads\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
               Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[brucemc777]

Thank you VERY much (Live Long and Prosper - Sorry, i was born in 1956 and grew up on Star Trek).

I'm afraid i will have to approach this tomorrow - wife had her knee replaced at the end of last week and i have been at my desk all day, need to make her some dinner otherwise once she recovers she might kill me...

Once again, thank you and thanks to Porthos!!!!!!!!!!!!!!!!!!!!!

[AdvancedSetup]

No rush @brucemc777

I fully understand. I've had to take care of my wife after surgery a couple of times. She doesn't care so much for how much time I spend on the computer either  😁

I'll check back on you again sometime this weekend or on Monday

Have a great weekend and hope your wife is feeling much better soon

Cheers

 

[brucemc777]

I might have screwed up - i kept the Bonjour service as i believe it is necessary fFixlog.txtor a program suite called "CopyTrans" that allows me to connect with my iPhone and back up/transfer texts, contacts, pictures & music. Once i launched FRST64 and ran FIX i realized it might of been necessary to kill it so FRST64 could do it's job. Please advise if i need to go back, kill it , re-run FRST64 and the fix-

Also, i was surprised i had let any browser push notifications, guess i do make mistakes...

 

Also i re-allowed Logitech and Glasswire through my firewall - was this another of my mistakes or is that OK?

 

Many thanks for the help!

[AdvancedSetup]

I actually have CopyTrans for my wife's phone and I DO NOT need Bonjour. Sorry but that is a garbage program from Apple. It bashes the network stack with constant messages to the point that some computers cannot even do normal operations.

 

Let me have you run the following please

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

• Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
• The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

Thank you

 

[brucemc777]

Got rid of Bonjour, downloaded MSERT, shutting down everything i was using and gonna walk away (Glad this is a Saturday...)

[AdvancedSetup]

Sounds good. Go ahead and post back the log when ready.

Then go ahead and run the following for me as well

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

• Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• If Microsoft SmartScreen blocks the download, click through to save the file
• This tool is safe.   Smartscreen is overly sensitive.
• If SmartScreen blocks the file from running click on More info and Run anyway
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

 

Thank you

 

 

[brucemc777]

Here is the log from MSERT - Will work on my new assignment now! btw, do you have any thoughts on what i have seen claimed as a automated cleanup for anything and everything called TRON? Anything that claims to do everything without and warnings makes me think there's a big orange bridge near San Fransisco for sale cheap...

msert.log

Edited August 6, 2023 by brucemc777

[AdvancedSetup]

That log looks okay. Microsoft doesn't like the program but it's not a threat.

 

[brucemc777]

I trashed SmartScreen long ago, far too annoying!

SecurityCheck.txt

[AdvancedSetup]

There is reason to use it. One can always tell SmartScreen to allow

 

I know many people find this annoying, but it can actually help you if you're falling asleep at the desk and accidentally click on something this can still alert you.

The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^

 

Please uninstall, update or otherwise address the following as appropriate for your system.

 

• Adobe Acrobat DC v.15.009.20077 Warning! Download Update | ^Please run Acrobat DC and go Help - Check for updates...^
• qBittorrent v.4.5.2 Warning! Download Update
• Zoom v.5.13.10 (13305) Warning! Download Update

---------------------------- [ UnwantedApps ] -----------------------------
VdhCoApp 1.6.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

 

 

Then restart the computer and check for Windows Updates and install any found.

 

 

 

The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is illegal, and there is always a chance of prosecution if caught by the authorities.
Torrenting non-copyrighted material is perfectly fine and is allowed. However, be aware that we have seen increased malware bundled with software downloads over P2P.

Recent Ransomware infections have been seen to encrypt user data so that no one can decrypt the data without the private key.
When sharing files, please keep in mind that you're increasing your system's attack surface area, which can increase the risk of infection.

Scan all files before running them. https://www.virustotal.com

If you don't need or use the P2P software, you should uninstall it.

P2P File-Sharing: Know the Risks
https://www.bankinfosecurity.com/p2p-file-sharing-know-risks-a-737

 

Hidden risks in pirated software https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/
Why You Shouldn't Use Pirated Software (But Why People Still Do) https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software

 

 

[brucemc777]

Thank you!!!

Not sure how i missed the Adobe update as i thought i just did one, but yes, it needed an update. As to both qBittorrent and Zoom, i frankly can not recall the last time i used either - i think i installed Zoom to get a feel for it before working on the installation on my wife's computer, who uses it daily, and i can't recall which, but there was the option to download a "regular" program either from the website or to use a torrent, and the regular site's link, i presumed, would take an awful long time (why else would they give the option?), so i used what i found was claimed to be the most popular bit torrent client.

Now, as to SmartScreen and by implication that other one they have that alerts one every time something wants to run that i set on no alerts, because you say there is value, i'm going to give them both another try... I have, in the past, caused myself great troubles due to my arrogance, but with not all the brain cells reliably connecting and worsening as i get older, it seems like a worthy idea!

 

I did used to run a program i purchased that did what the other now part of Windows did in warning about a program wanting to start up - i'm afraid i can only recall that his icon was a small black Scottie dog. I think, like SmartScreen, i just got tired of clicking to allow over and over...

 

If i may ask, what should i do about this?:

---------------------------- [ UnwantedApps ] -----------------------------
VdhCoApp 1.6.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

And a final note for now as i am between mugs of coffee, i had edited an above post but you had already replied to it - asking your thoughts on the "TRON" script (i really wonder how many people actually know where the acronym "TRON" is from...)

OK, time to restart..... and THANK YOU!!!

 

[AdvancedSetup]

15 hours ago, brucemc777 said:

I did used to run a program i purchased that did what the other now part of Windows did in warning about a program wanting to start up - i'm afraid i can only recall that his icon was a small black Scottie dog. I think, like SmartScreen, i just got tired of clicking to allow over and over...

That would be WinPatrol - the older version was a pretty good program. Sadly it was sold off to someone else and now I'm not aware of anyone that recommends it anymore

If i may ask, what should i do about this?:

---------------------------- [ UnwantedApps ] -----------------------------
VdhCoApp 1.6.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

There should be an uninstaller for it. If not let me know and I can help you to remove it.

And a final note for now as i am between mugs of coffee, i had edited an above post but you had already replied to it - asking your thoughts on the "TRON" script (i really wonder how many people actually know where the acronym "TRON" is from...)

Great idea, great coding, but sadly it dismantles the default security the Microsoft provides for Windows. If your computer is so bad off that only a tool like that can fix it, then do a full RESET of Windows or do a CLEAN install of Windows. I would not run a computer long term that had been "fixed" by Tron.

 

OK, time to restart..... and THANK YOU!!!

 

 

Please click EXPAND above to review inline replies.

How is the computer running now?

Are there still any signs of infection or other issues I can assist you with?

 

Thank you @brucemc777

 

Edited August 7, 2023 by AdvancedSetup
Updated information

[brucemc777]

Yes! WinPatrol!!! :)

Found VdhCoApp in Control Panel | Programs, exterminated it.

All should be as good as it gets now, though i am continuously paranoid. I am a broker for commercial finance and as such have many, many, files with people's personal info - no secret, the website (that i have not kept up in years so i use it for a test bed when i have to do some experimental work for our other main website) lets everyone know that, so it is possible (likely?) that i am a target for some hackers. I think i am cautious, but just like you stated, someday i might be half asleep and hit the wrong button. A touch of paranoia is good-

I guess one last item (other than constant thanks for you being out there to help!)- I use a combination of Microsoft's "Defender" - both AV and primary FW - (used to always use eSet or other high rated antiviral), MWB and GlassWire. In your expert opinion, should i go back to something a little more robust than Defender? It was my impression that they brought it up in strength some time ago, but i have not checked out recent stats on it (used to refer to av-test.org), nor am i really qualified to draw longer term inferences from those state