Jump to content

slower pc after recent malware infection


Recommended Posts

my pc has become slow after recent malware infection.last time some hitman driver was misused that started in trojan infection...my browsers open very slowly,pc hangs so much.i have ran malwarebytes scan,no infection found.i ran eset online scanner ,it detects utorrent setup,but i already uninstalled long back,still it detects.my pc hangs after i upload a file online,saying browser unresposive,i wait it to coorect on itself but continues to crash...i have ran sfc scan, defrag windows but still i don't know why pc became slow,browser crash during upload.please help me, i did followed &

 

Addition.txt FRST.txt

Link to post
Share on other sites

Hi
 
Welcome smile.png
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. smile.png

Let's begin... smile.png

  • Download the enclosed file. Fixlist.txt Save it in the same locations FRST64.exe is saved. Open FRST64 as an Administrator. This time around click on the Fix button and wait.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this report to your next reply.
 
Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

  • Delete IFEO keys
  • Delete tracing keys
  • Delete Prefetch files
  • Reset Proxy
  • Reset IE Policies
  • Reset Chrome policies
  • Reset Winsock
  • Reset HOSTS file
  • Click Scan Now ...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.

Please post the contents of the file in your next reply.

Link to post
Share on other sites

adwcleaner log

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-01-2023
# Duration: 00:00:25
# OS:       Windows 10 (Build 19045.3516)
# Scanned:  32101
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy             C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F066007E-96DE-4ADF-93BD-B22A9C03BB57}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F066007E-96DE-4ADF-93BD-B22A9C03BB57}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

Fixlog.txt

Link to post
Share on other sites

Cracked software are the source of many nasties, including ransomware. It is not recommended.

 

  • Download the enclosed file. Fixlist.txtSave it in the same locations FRST64.exe is saved. Open FRST64 as an Administrator. This time around click on the Fix button and wait.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this report to your next reply.

 

AdwCleaner - Clean

  • Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

  • Delete IFEO keys
  • Delete tracing keys
  • Delete Prefetch files
  • Reset Proxy
  • Reset IE Policies
  • Reset Chrome policies
  • Reset Winsock
  • Reset HOSTS file
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check all boxes and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start AdwCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please attach this report to your next reply.

How is the computer doing?

Link to post
Share on other sites

it is same as before,now only something is crashing system files & i constantly get notifications about app default was reset,also slowness continues...only now file upload works in browser which was not working before

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-01-2023
# Duration: 00:00:16
# OS:       Windows 10 (Build 19045.3516)
# Cleaned:  14
# Awaiting reboot:4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SUPPORTASSIST
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F066007E-96DE-4ADF-93BD-B22A9C03BB57}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F066007E-96DE-4ADF-93BD-B22A9C03BB57}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Hosts File
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed   C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed   C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [2776 octets] - [01/10/2023 21:45:40]
AdwCleaner[S01].txt - [2837 octets] - [01/10/2023 22:36:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 

Fixlog.txt

Link to post
Share on other sites

1️⃣According to the logs, the default browser is Edge. Click on the three dots on Edge. Select Settings -> Default Browser. Make Edge your default browser and leave.

2️⃣If that does not help, lets boot the computer as a Clean Boot.

A clean boot is a troubleshooting technique that starts Windows with a minimal set of drivers and startup programs. This helps you determine whether a background program is interfering with your game or program 1. It is similar to starting Windows in Safe Mode, but provides you more control over which services and programs run at startup to help you isolate the cause of a problem 1.

Here are the steps to perform a clean boot in Windows 10 :

  1. Sign in to the computer as an administrator.
  2. Press the Win + R keys to open Run, type msconfig into Run, and press Enter to open System Configuration.
  3. On the Services tab of System Configuration, select Hide all Microsoft services, and then select Disable all.
  4. Select Apply.
  5. On the Startup tab of System Configuration, select Open Task Manager.
  6. On the Startup tab in Task Manager, for each Enabled startup item, select the item and then select Disable. (Keep track of which items have been Disabled. You will need to know this later.)
  7. Close Task Manager.
  8. On the Startup tab of System Configuration, select OK.
  9. When you restart the computer, it will be in a clean boot environment.
  10. After performing a clean boot, you can follow troubleshooting steps to install, uninstall, or run your application 1. Your computer might temporarily lose some functionality while in a clean boot environment 1. Reset the computer to start normally after clean boot troubleshooting and resume functionality.
  11. This will be running msconfig and selecting items (4 at a time) until the issue is recreated. When the issue is re-created, one or more of the items deselected may be the culprit.
  12. Perform a troubleshoot in a Clean Boot environment and let me know the outcome.

In your position I will boot in Safe Mode with Networking and First remove Webroot SecureAnywhere as an antivirus. It may be in conflict with Defender.

3️⃣Your computer is not Active. 

To find and activate Windows product key on a Dell laptop:

 

  1. Press The Windows key + X
  2. Select the CMD (Administrator)
  3. At the prompt type the following:

wmic path softwarelicensingservice get OA3xOriginalProductKey

That will show your product key. Then 

Press Windows key + R
Type: slui.exe
Hit Enter.

Change the product key with the one above and click on Next.

Link to post
Share on other sites

Yes. You had many profiles

 

Quote

CHR Profile: C:\Users\Samadhan\AppData\Local\Google\Chrome\User Data\Default [2022-08-09] 
CHR Profile: C:\Users\Samadhan\AppData\Local\Google\Chrome\User Data\Profile 12 [2023-01-31] 
CHR Profile: C:\Users\Samadhan\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-08-09] 
CHR Profile: C:\Users\Samadhan\AppData\Local\Google\Chrome\User Data\Profile 9 [2023-10-01] 
CHR Profile: C:\Users\Samadhan\AppData\Local\Google\Chrome\User Data\System Profile [2022-08-09] 

Is there a profile you wish to restore?
 

Did you experience the slowness during the Clean Boot?

Link to post
Share on other sites

You will need to troubleshoot Windows in a Clean Boot State.

Since the issue disappears in a can boot state, you will need to isolate the entry in the Configuration Utility that is causing the issue.

Take a look at this page. It will teach you how to isolate that entry. Once done, let me know the outcome.

Edited by JSntgRvr
Typo
Link to post
Share on other sites

1️⃣Reset Edge

-Open Edge and click the 3 dots at the upper right side of your screen.
-Go to Settings
-Look for Reset Settings
-Click Restore settings to their default values.

(This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your favorites, history and saved passwords will not be cleared.)

Restart and check the Edge.

 

2️⃣Shut down SecureAnywhere (webroot.com) and test the computer without this protection to see if it contributes to the slowness.

 

  • 3️⃣Download the enclosed file.  Fixlist.txt  Save it in the same locations FRST64.exe is saved. Open FRST64 as an Administrator. This time around click on the Fix button and wait.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this report to your next reply.

 

Wonder why you haven't activated your Operating System.  It is a Dell, isn't?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.