We have received an assistance request from Colitsa.
Hello Grecian Geek! After having a 'stubborn donkey' of a computer, I visited your website and followed your suggestions on trying to solve my Windows issues. These are the links for you to evaluate the extent of the problem:
FRST.txt
Addition.txt
-------------------------------------------------------------
Grecian Geek replies:
Hi, Colitsa.
Welcome to GGG.
My first comments/instructions:
No sign of active infection in your logs.
1. RAM issue
The following lines in your logs show that the computer's slowness has to do with the percentage of the usable RAM. You have only 4GB RAM installed, and 84% of it is in use.
Percentage of memory in use: 84%
Total physical RAM: 3547.95 MB
Available physical RAM: 539.12 MB
What I would suggest:
Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept.
You can do that after we finish the procedure here.
Meanwhile, you can take some steps to improve the computer's performance:
2. Uninstall programs
Adobe Shockwave reached its end of life two years ago.
https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html
Java: There are very few reasons these days to continue having Java installed on your computer and I recommend that you uninstall it.
Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
To uninstall these programs:
Press the Windows Key + R.
Type appwiz.cpl in the Run box and click OK.
The Add/Remove Programs list will open. Locate the following programs in the list:
Adobe Shockwave Player 12.3
Java 7 Update 60
Select the above programs, one by one, and click Uninstall.
Restart the computer.
3. Remove Kaspersky
Windows 10 has its own built-in antivirus, Windows Defender. Using third-party antivirus, like Kaspersky is your choice, but sometimes these third-party antivirus cause issues including slowness. Since you have a RAM issue, I recommend you to uninstall Kaspersky and stay with Windows Defender. See the difference and make your choice then.
To uninstall Kaspersky Internet Security and Kaspersky Password Manager
• Visit
this site and follow the steps to run the Kaspersky Antivirus Removal Tool
• If not done automatically reboot your computer
4. Remove an app
Click on the Start button and find McAfee® Central for HP . Right click and Uninstall.
5. FRST Fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy". No need to paste anything to anywhere.
- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
Feedback
- In a comment below, I would like to see if everything went well with Java and Adobe Shockwave uninstalls. What have you decided about Java?
- In a second comment please post: What have you decided about Kaspersky? Have you removed it?
- In a third comment please paste the fixlog.txt content.
- In a fourth comment post anything regarding the procedure. Any issues, questions, concerns.
Good luck!
Thank you! All steps successfully completed. This is the link to the Fixlog doc: https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing
ΑπάντησηΔιαγραφήHello! Please make the link public so I can review it. I assume that Shockwave, Java and Kaspersky are all uninstalled now, right?
ΑπάντησηΔιαγραφήDone: https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing
ΑπάντησηΔιαγραφήYes, all 3 are now uninstalled!
Thank you!
ΑπάντησηΔιαγραφήLet's do some additional scans, to ensure that the system is completely clean.
1. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
Double click AdwCleaner.exe to run it.
Click Scan Now.
When the scan has finished, a Scan Results window will open.
Click Cancel (at this point do not attempt to Quarantine anything that is found)
Now click the Log Files tab.
Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
A Notepad file will open containing the results of the scan.
Please paste the contents of the file in your next reply.
AdwCleaner process complete. This is the new file: https://drive.google.com/file/d/1TCHEV7et0Denz7M68WSwb9aKwV89TEa2/view?usp=sharing
ΑπάντησηΔιαγραφήLet me explain to you the AdwCleaner's result. The findings in the Files and Chromium part of the logs are detected as PUPs, meaning potentially unwanted applications. I recommend you to uninstall them both (the second one refers to an extension regarding doc to pdf conversion and I will give you later some alternatives for it). The findings at the end of the report are preinstalled software, programs that were installed in the computer when you bought it. You may use/need or not these programs. Personally, I do not keep anything I don't use/need, and yes, I would recommend you to uninstall everything. But it is your computer, so your decision.
ΑπάντησηΔιαγραφήTo proceed... see my next comment.
AdwCleaner (Clean mode)
ΑπάντησηΔιαγραφήDouble click AdwCleaner.exe on your Desktop, to run it as you did before.
Click Scan Now.
When the scan has finished a Scan Results window will open.
Please check all the boxes and then click Quarantine.
Click Next.
If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
Check any pre-installed software items you want to remove.
Click Quarantine.
A prompt to save your work will appear.
Click Continue when you're ready to proceed.
A prompt to restart your computer will appear.
Click Restart Now.
Once your computer has restarted:
If it doesn't open automatically, please start AdwCleaner.
Click the Log Files tab.
Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
A Notepad file will open containing the results of the removal.
Please paste the contents of the file in your next reply.
Done. This is the latest report: https://drive.google.com/file/d/185x3wsaTpGurzGjjD4LMKJsRg_2wDmWf/view?usp=sharing
ΑπάντησηΔιαγραφήGood!
ΑπάντησηΔιαγραφήSince you decided to get rid of the preinstalled software, check these programs and uninstall whatever you do not use/need:
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 12
CyberLink YouCam
Energy Star
HP Registration Service
HP SharePoint Plugin
HP SimplePass
HP Support Assistant
HP Support Solutions Framework
HP System Event Utility
HP Touchpoint Analytics Client
HP Update
HP Utility Center
I have uninstalled everything except for the YouCam!
ΑπάντησηΔιαγραφήYou did a good job, Colitsa!
ΑπάντησηΔιαγραφήNow, let me see fresh FRST logs, please.
Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please upload the content of these two logs in the drive and send me the links.
Thank you!
ΑπάντησηΔιαγραφήThese are the two links:
https://drive.google.com/file/d/1me-dx2inWdl6j-60FsJyZY0v9mHgyflD/view?usp=sharing
https://drive.google.com/file/d/1O3_GhkiHPSmwcmevK_aPHlpFBb1k-f-E/view?usp=sharing
I thought you uninstalled Kaspersky products. They are still there. Please go on and uninstall the following before we move on:
ΑπάντησηΔιαγραφήKaspersky Internet Security
Kaspersky Password Manager
After that, run FRST once more and let me see the fresh FRST logs (Addition and FRST).
It doesn't let me uninstall the Internet Security as there is an update happening at this moment...
ΑπάντησηΔιαγραφήUpdate regarding Kaspersky Internet Security? If yes, let it complete, and after that go on to uninstall both the programs.
ΑπάντησηΔιαγραφήOkay, will do!
ΑπάντησηΔιαγραφήThe Password Manager has been uninstalled, but the Internet Security not. Can we proceed with the next step?
ΑπάντησηΔιαγραφήNot yet. Are you getting any error while trying to uninstall Kaspersky?
ΑπάντησηΔιαγραφήKaspersky is uninstalled! These are the 2 new files after running FRST:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1kZK1eT6xNZtXGlav-d64zLQCrUHCLCPs/view?usp=sharing
https://drive.google.com/file/d/14d0F5XtWKSjbHLflODi_XkUB0gumYa7B/view?usp=sharing
Hi, Colitsa.
ΑπάντησηΔιαγραφήYou uninstalled Kaspersky, but unfortunately it is still there and it doesn't allow Windows Defender to get completely enabled.
Please do the following:
1. Remove Kaspersky extension from Edge:
Open Edge, click on the 3 horizontal dots at the upper right corner, choose Extensions.
Find Kaspersky Protection and choose Remove.
2. FRST fix
Download fixlist on your Desktop.
Double click on the FRST tool to open it and click on the FIX button.
A fixlog will open after the restart.
Please paste its contents or upload it in Drive and send me a link for it.
Thank you, done! These are the new links:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1AW4wwFUHJBIfOpMrSD0u3CVTc8EXey_X/view?usp=sharing
https://drive.google.com/file/d/1cv72gYvYhtO1fA8Wv_OkMPpLHZQvy-Ht/view?usp=sharing
OUPS... It seems that you click on the Scan button instead on the FIX one.
ΑπάντησηΔιαγραφήI will be waiting for the fixlog. :)
Really sorry, I hadn't realised...
ΑπάντησηΔιαγραφήHope this is the correct link:
https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing
Yes! This is what I wanted to see!
ΑπάντησηΔιαγραφήNow...
Since you said that you have a slow start up...
1. Right click anywhere on your task bar and choose Task Manager.
2. If you see a window with a More details button, choose More details. Otherwise move on to the step 3 directly.
3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable. Personally, I have only the Windows Security notification icon enabled.
4. Restart the computer and check if it is still slow at start-up.
5. Report your comments in your next reply.
Thank you! The restart is definitely much faster than before!
ΑπάντησηΔιαγραφήI disabled everything besides the Windows Security and the YouCam.
Moving on.
ΑπάντησηΔιαγραφήCheck disk
Click on the Start button and in the search box, type Command Prompt.
When you see Command Prompt on the list, right-click on it and select Run as administrator.
Enter the command below and press on Enter and wait for it to finish (~15 minutes up to several hours, depending on disk's condition).
chkdsk C: /r
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
The process will take some time, depending on the disk condition.
Download ListChkdskResult by SleepyDude and save it on your Desktop.
Double click on the created icon.
A notepad file will open. Copy its content and paste it in your next reply or upload it on the drive providing a link to me.
Done! This is the link to the notepad file:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1ppG_Pcc1xICZIQ23nBbpog5c7mz_soQB/view?usp=sharing
According to the log: "Windows has made corrections to the file system. No further action is required."
ΑπάντησηΔιαγραφήLet's upgrade the operating system now, with an in-place upgrade. This will reinstall Windows in its latest version (21H1) and fix any possible corruptions, without removing any file or program.
1. Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
2. Save the tool on your Desktop and double click to run it.
3. On the License terms page, if you accept the license terms, select Accept.
4. On the What do you want to do page, select Upgrade this PC now, and then select Next.
6. Follow the instructions and select Keep personal files and apps, when you are asked to.
7. It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
8. After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.
Let me know if the in-place upgrade completes successfully.
Hi! As far as I can tell, the update procedure was successful! Is there anything else to do?
ΑπάντησηΔιαγραφήWell done!
ΑπάντησηΔιαγραφήYes! Now I would like you to check if everything is fine with Windows Security. Since you got rid of Kaspersky, let's see if Defender took care of your security.
Go to Settings (Windows icon on the keyboard + i)
Select Update & Security
From the left pane, Windows Security
Open Windows Security
Please take a screenshot of what you see, upload it on the Drive and give me a link.
Thank you!
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1pnR5cRdqeTv-Jn1tBXMw-2n7GHlXDLQf/view?usp=sharing
Everything looks fine!
ΑπάντησηΔιαγραφήWindows Security can keep you safe without the need of any third-party antivirus. However, I would recommend the use of an anti-malware, specifically Malwarebytes free. These two are good enough to protect you.
See here how to download and perform a scan with it. If threats found, please export the result to a txt file and upload it for me.
Grecian Geek Genius : Malwarebytes Antimalware
When I click on the icon, what downloads is the following:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/15Za870mFF7rBPeGmllkmB3XpXBdUjCLs/view?usp=sharing
There is a yellow FREE DOWNLOAD button at the top right of that page. Click on that and choose Save as to save the exe file on your Desktop.
ΑπάντησηΔιαγραφήIf Trial Premium is installed, you can deactivate it. See here:
ΑπάντησηΔιαγραφήDeactivate Premium Trial in Malwarebytes for Windows v3 – Malwarebytes Support
This is the last report:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/12KgA_RuFSorTgkaMhya2OAWnlL3vr-az/view?usp=sharing
Sorry, I don't know why the content didn't paste correctly... Try this one:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1eZIJlMQg__N-ezWnnwh1qewqkIqtsuOr/view?usp=sharing
Wow! Malwarebytes did find many things. Just to ensure that everything is clean, let's perform a last scan.
ΑπάντησηΔιαγραφήDownload Eset Online Scanner and save it to your desktop.
Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time. Actually, you can have a cup of coffee (or two maybe! ).
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
=====================
After that, I would like to see fresh FRST logs, Addition and FRST.
Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Upload the two logs in the Drive, take links and post them mere.
Eset online scanning complete with no threads:
ΑπάντησηΔιαγραφή23/06/2021 18:20:37
Files scanned: 11998
Detected files: 0
Cleaned files: 0
Total scan time: 01:00:08
Scan status: Finished
And the last 2 logs:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1-ZEdPd_Qoby_kAd7Q4q-LVrUzfW5SDxO/view?usp=sharing, https://drive.google.com/file/d/1zZmeoafSqKCzSyDNMOeTnOl8-jbMZShM/view?usp=sharing
Hi, Colitsa.
ΑπάντησηΔιαγραφήApologies for the delay.
It appears that you have a couple (at least) of pirated/cracked programs installed in your computer, and Windows Defender detected them. Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. We don't want that, right?
So...
I would like you to uninstall the following programs, since my fixes will remove the keygens and the patches used to activated them:
Foxit PhantomPDF
Guitar Pro 5.2
Let me know your thoughts about this.
Deleted both programmes. These are the new logs:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1KD-0mtzvGyuXBn6Hgsjx29lIp8G9l0cQ/view?usp=sharing, https://drive.google.com/file/d/1qBokUazLeUlg1lmtCAA8O3YdVLcVgc7a/view?usp=sharing
Hi, Colitsa!
ΑπάντησηΔιαγραφήI really apologize for the delay! It was a busy week! The logs are good and I can see that the memory in usage right now is 76%, much better than what it was at the beginning.
Let's finish it!
1. Change a Malwarebytes setting:
Open Malwarebytes.
Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
>>>Under the title Scan Options, all the options are checked.
>>>Under the title Windows Security Center (Premium only) the option is NOT checked.
>>>Under the title Potentially unwanted items all options are set to Always.
Close Malwarebytes.
2. Run FRST fix
Just some tidiness:
Download fixlist
Save it at the same place the FRST tool is located.
Open FRST tool and click on FIX.
The tool will run and produce a fixlog at the end.
Please copy and paste its content in your next reply.
Also please report how is the computer running now. Any remaining questions, issues, concerns?
Morning Grecian Geek!
ΑπάντησηΔιαγραφήThank you!
Two things:
1) for some reason there was no fixlog at the end of the last FIX run...
2) the Malwarebytes Premium trial expires today, and I won't be signing up for it; is there an alternative?
Thank you!
Colitsa
Good morning to you too, Colitsa!
ΑπάντησηΔιαγραφή1. If you save the fixlist at the same location the FRST tool is, then open the FRST tool and click on the FIX button, the tool will run the fix and a fixlog will be created at the same location where FRST tool and the fixlist are. I need to see that log, please.
2. I recommend the use of Malwarebytes, along with the built-in Windows 10 antivirus, free or premium. The difference between free and premium is regarding the real time protection. Premium offers real time protection, while free doesn't. However, if you don't want to buy the Premium version, you can deactivate the license and use the product as free, meaning that you will have to run it from time to time (e.g. once a week, depending on how often you use your computer), making a full scan.
How to de-activate license so you can use Malwarebytes free:
> Open Malwarebytes
> Click on the little gear at the top right to get into the Settings
> Click on the Account tab
> Choose Deactivate
> That's it. Now the product uses the free license.
I think I managed to find the fixlog:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1DxkIaAz7kFrKGyFmAT102VP54hH9WstY/view?usp=sharing
And managed to convert the Malwarebytes Premium to the free version!
ΑπάντησηΔιαγραφήThank you!
Good. There is only one error regarding System Restore, but we can fix that with the next tool.
ΑπάντησηΔιαγραφήAny remaining issues/questions/concerns, Colitsa?
No other concerns to report!
ΑπάντησηΔιαγραφήPerfect!
ΑπάντησηΔιαγραφήThe following tool will remove the tools we used as well as reset system restore points:
> Download KpRm by kernel-panik and save it to your desktop.
> Right-click kprm_(version).exe and select Run as Administrator.
> Read and accept the disclaimer.
> When the tool opens, ensure all boxes under Actions are checked.
> Under Delete Quarantines select Delete Now, then click Run.
> Once complete, click OK.
> A log will open in Notepad titled kprm-(date).txt.
> Please copy and paste its contents in your next reply.
And the last log:
ΑπάντησηΔιαγραφήhttps://drive.google.com/file/d/1r_o9xqoebOjajeS-Pj-oO87GZxGRCftJ/view?usp=sharing
Everything seems fine. :)
ΑπάντησηΔιαγραφήSince your computer is clean, here are some final tips about your computer's security from now on:
Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:
1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.
3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.
4. Be careful about what you download and what you open!
Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.
6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.
7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.
8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. As I already told you, Windows Security along with Malwarebytes are good enough to keep you protected.
TAKE CARE, STAY SAFE!