Σάββατο 12 Ιουνίου 2021

'Ελεγχος υπολογιστή Colitsa

52

 


We have received an assistance request from Colitsa.

Hello Grecian Geek! After having a 'stubborn donkey' of a computer, I visited your website and followed your suggestions on trying to solve my Windows issues. These are the links for you to evaluate the extent of the problem:

FRST.txt

Addition.txt

-------------------------------------------------------------  

Grecian Geek replies:

Hi, Colitsa.

Welcome to GGG.


My first comments/instructions:

No sign of active infection in your logs.

1. RAM issue

The following lines in your logs show that the computer's slowness has to do with the percentage of the usable RAM. You have only 4GB RAM installed, and 84% of it is in use.

Percentage of memory in use: 84%

Total physical RAM: 3547.95 MB

Available physical RAM: 539.12 MB

What I would suggest: 

Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. 

You can do that after we finish the procedure here.

Meanwhile, you can take some steps to improve the computer's performance:


2. Uninstall programs

Adobe Shockwave reached its end of life two years ago.
https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html

Java: There are very few reasons these days to continue having Java installed on your computer and I recommend that you uninstall it.

However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. 

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. 

To uninstall these programs:

Press the Windows Key + R.
Type appwiz.cpl in the Run box and click OK.
The Add/Remove Programs list will open. Locate the following programs in the list:

Adobe Shockwave Player 12.3 
Java 7 Update 60 

Select the above programs, one by one, and click Uninstall.
Restart the computer.


3. Remove Kaspersky

Windows 10 has its own built-in antivirus, Windows Defender. Using third-party antivirus, like Kaspersky is your choice, but sometimes these third-party antivirus cause issues including slowness. Since you have a RAM issue, I recommend you to uninstall Kaspersky and stay with Windows Defender. See the difference and make your choice then.

To uninstall Kaspersky Internet Security and Kaspersky Password Manager

• Visit this site and follow the steps to run the Kaspersky Antivirus Removal Tool
• If not done automatically reboot your computer

4. Remove an app

Click on the Start button and find McAfee® Central for HP . Right click and Uninstall.


5. FRST Fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy". No need to paste anything to anywhere.


  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.

Feedback
  • In a comment below, I would like to see if everything went well with Java and Adobe Shockwave uninstalls. What have you decided about Java?
  • In a second comment please post: What have you decided about Kaspersky? Have you removed it?
  • In a third comment please paste the fixlog.txt content.
  • In a fourth comment post anything regarding the procedure. Any issues, questions, concerns.

Good luck!




52 σχόλια :

  1. Thank you! All steps successfully completed. This is the link to the Fixlog doc: https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing

    ΑπάντησηΔιαγραφή
  2. Hello! Please make the link public so I can review it. I assume that Shockwave, Java and Kaspersky are all uninstalled now, right?

    ΑπάντησηΔιαγραφή
  3. Done: https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing

    Yes, all 3 are now uninstalled!

    ΑπάντησηΔιαγραφή
  4. Thank you!

    Let's do some additional scans, to ensure that the system is completely clean.

    1. Run AdwCleaner (Scan mode)

    Download AdwCleaner and save it to your desktop.

    Double click AdwCleaner.exe to run it.
    Click Scan Now.
    When the scan has finished, a Scan Results window will open.
    Click Cancel (at this point do not attempt to Quarantine anything that is found)
    Now click the Log Files tab.
    Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    A Notepad file will open containing the results of the scan.
    Please paste the contents of the file in your next reply.

    ΑπάντησηΔιαγραφή
  5. AdwCleaner process complete. This is the new file: https://drive.google.com/file/d/1TCHEV7et0Denz7M68WSwb9aKwV89TEa2/view?usp=sharing

    ΑπάντησηΔιαγραφή
  6. Let me explain to you the AdwCleaner's result. The findings in the Files and Chromium part of the logs are detected as PUPs, meaning potentially unwanted applications. I recommend you to uninstall them both (the second one refers to an extension regarding doc to pdf conversion and I will give you later some alternatives for it). The findings at the end of the report are preinstalled software, programs that were installed in the computer when you bought it. You may use/need or not these programs. Personally, I do not keep anything I don't use/need, and yes, I would recommend you to uninstall everything. But it is your computer, so your decision.

    To proceed... see my next comment.

    ΑπάντησηΔιαγραφή
  7. AdwCleaner (Clean mode)

    Double click AdwCleaner.exe on your Desktop, to run it as you did before.
    Click Scan Now.
    When the scan has finished a Scan Results window will open.
    Please check all the boxes and then click Quarantine.
    Click Next.
    If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    Check any pre-installed software items you want to remove.
    Click Quarantine.
    A prompt to save your work will appear.
    Click Continue when you're ready to proceed.
    A prompt to restart your computer will appear.
    Click Restart Now.
    Once your computer has restarted:
    If it doesn't open automatically, please start AdwCleaner.
    Click the Log Files tab.
    Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    A Notepad file will open containing the results of the removal.
    Please paste the contents of the file in your next reply.

    ΑπάντησηΔιαγραφή
  8. Done. This is the latest report: https://drive.google.com/file/d/185x3wsaTpGurzGjjD4LMKJsRg_2wDmWf/view?usp=sharing

    ΑπάντησηΔιαγραφή
  9. Good!

    Since you decided to get rid of the preinstalled software, check these programs and uninstall whatever you do not use/need:

    CyberLink LabelPrint
    CyberLink Media Suite 10
    Cyberlink PhotoDirector
    CyberLink Power2Go 8
    CyberLink PowerDirector 10
    CyberLink PowerDVD 12
    CyberLink YouCam
    Energy Star
    HP Registration Service
    HP SharePoint Plugin
    HP SimplePass
    HP Support Assistant
    HP Support Solutions Framework
    HP System Event Utility
    HP Touchpoint Analytics Client
    HP Update
    HP Utility Center

    ΑπάντησηΔιαγραφή
  10. You did a good job, Colitsa!

    Now, let me see fresh FRST logs, please.

    Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
    Press Scan button and wait for a while.
    The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
    Please upload the content of these two logs in the drive and send me the links.

    ΑπάντησηΔιαγραφή
  11. Thank you!

    These are the two links:

    https://drive.google.com/file/d/1me-dx2inWdl6j-60FsJyZY0v9mHgyflD/view?usp=sharing

    https://drive.google.com/file/d/1O3_GhkiHPSmwcmevK_aPHlpFBb1k-f-E/view?usp=sharing

    ΑπάντησηΔιαγραφή
  12. I thought you uninstalled Kaspersky products. They are still there. Please go on and uninstall the following before we move on:

    Kaspersky Internet Security
    Kaspersky Password Manager

    After that, run FRST once more and let me see the fresh FRST logs (Addition and FRST).

    ΑπάντησηΔιαγραφή
  13. It doesn't let me uninstall the Internet Security as there is an update happening at this moment...

    ΑπάντησηΔιαγραφή
  14. Update regarding Kaspersky Internet Security? If yes, let it complete, and after that go on to uninstall both the programs.

    ΑπάντησηΔιαγραφή
  15. The Password Manager has been uninstalled, but the Internet Security not. Can we proceed with the next step?

    ΑπάντησηΔιαγραφή
  16. Not yet. Are you getting any error while trying to uninstall Kaspersky?

    ΑπάντησηΔιαγραφή
  17. Kaspersky is uninstalled! These are the 2 new files after running FRST:

    https://drive.google.com/file/d/1kZK1eT6xNZtXGlav-d64zLQCrUHCLCPs/view?usp=sharing

    https://drive.google.com/file/d/14d0F5XtWKSjbHLflODi_XkUB0gumYa7B/view?usp=sharing

    ΑπάντησηΔιαγραφή
  18. Hi, Colitsa.

    You uninstalled Kaspersky, but unfortunately it is still there and it doesn't allow Windows Defender to get completely enabled.

    Please do the following:

    1. Remove Kaspersky extension from Edge:
    Open Edge, click on the 3 horizontal dots at the upper right corner, choose Extensions.
    Find Kaspersky Protection and choose Remove.

    2. FRST fix
    Download fixlist on your Desktop.

    Double click on the FRST tool to open it and click on the FIX button.
    A fixlog will open after the restart.
    Please paste its contents or upload it in Drive and send me a link for it.

    ΑπάντησηΔιαγραφή
  19. Thank you, done! These are the new links:

    https://drive.google.com/file/d/1AW4wwFUHJBIfOpMrSD0u3CVTc8EXey_X/view?usp=sharing

    https://drive.google.com/file/d/1cv72gYvYhtO1fA8Wv_OkMPpLHZQvy-Ht/view?usp=sharing

    ΑπάντησηΔιαγραφή
  20. OUPS... It seems that you click on the Scan button instead on the FIX one.

    I will be waiting for the fixlog. :)

    ΑπάντησηΔιαγραφή
  21. Really sorry, I hadn't realised...

    Hope this is the correct link:
    https://drive.google.com/file/d/1uSHkgkzv4P7OW7jNLs7LsCb5cvNRVMod/view?usp=sharing

    ΑπάντησηΔιαγραφή
  22. Yes! This is what I wanted to see!

    Now...

    Since you said that you have a slow start up...

    1. Right click anywhere on your task bar and choose Task Manager.
    2. If you see a window with a More details button, choose More details. Otherwise move on to the step 3 directly.
    3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable. Personally, I have only the Windows Security notification icon enabled.
    4. Restart the computer and check if it is still slow at start-up.
    5. Report your comments in your next reply.

    ΑπάντησηΔιαγραφή
  23. Thank you! The restart is definitely much faster than before!

    I disabled everything besides the Windows Security and the YouCam.

    ΑπάντησηΔιαγραφή
  24. Moving on.

    Check disk
    Click on the Start button and in the search box, type Command Prompt.
    When you see Command Prompt on the list, right-click on it and select Run as administrator.
    Enter the command below and press on Enter and wait for it to finish (~15 minutes up to several hours, depending on disk's condition).

    chkdsk C: /r

    You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
    The process will take some time, depending on the disk condition.
    Download ListChkdskResult by SleepyDude and save it on your Desktop.
    Double click on the created icon.
    A notepad file will open. Copy its content and paste it in your next reply or upload it on the drive providing a link to me.


    ΑπάντησηΔιαγραφή
  25. Done! This is the link to the notepad file:

    https://drive.google.com/file/d/1ppG_Pcc1xICZIQ23nBbpog5c7mz_soQB/view?usp=sharing

    ΑπάντησηΔιαγραφή
  26. According to the log: "Windows has made corrections to the file system. No further action is required."

    Let's upgrade the operating system now, with an in-place upgrade. This will reinstall Windows in its latest version (21H1) and fix any possible corruptions, without removing any file or program.

    1. Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
    2. Save the tool on your Desktop and double click to run it.
    3. On the License terms page, if you accept the license terms, select Accept.
    4. On the What do you want to do page, select Upgrade this PC now, and then select Next.
    6. Follow the instructions and select Keep personal files and apps, when you are asked to.
    7. It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
    8. After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

    Let me know if the in-place upgrade completes successfully.

    ΑπάντησηΔιαγραφή
  27. Hi! As far as I can tell, the update procedure was successful! Is there anything else to do?

    ΑπάντησηΔιαγραφή
  28. Well done!

    Yes! Now I would like you to check if everything is fine with Windows Security. Since you got rid of Kaspersky, let's see if Defender took care of your security.

    Go to Settings (Windows icon on the keyboard + i)
    Select Update & Security
    From the left pane, Windows Security
    Open Windows Security
    Please take a screenshot of what you see, upload it on the Drive and give me a link.

    ΑπάντησηΔιαγραφή
  29. Thank you!
    https://drive.google.com/file/d/1pnR5cRdqeTv-Jn1tBXMw-2n7GHlXDLQf/view?usp=sharing

    ΑπάντησηΔιαγραφή
  30. Everything looks fine!

    Windows Security can keep you safe without the need of any third-party antivirus. However, I would recommend the use of an anti-malware, specifically Malwarebytes free. These two are good enough to protect you.

    See here how to download and perform a scan with it. If threats found, please export the result to a txt file and upload it for me.
    Grecian Geek Genius : Malwarebytes Antimalware

    ΑπάντησηΔιαγραφή
  31. When I click on the icon, what downloads is the following:
    https://drive.google.com/file/d/15Za870mFF7rBPeGmllkmB3XpXBdUjCLs/view?usp=sharing

    ΑπάντησηΔιαγραφή
  32. There is a yellow FREE DOWNLOAD button at the top right of that page. Click on that and choose Save as to save the exe file on your Desktop.

    ΑπάντησηΔιαγραφή
  33. This is the last report:
    https://drive.google.com/file/d/12KgA_RuFSorTgkaMhya2OAWnlL3vr-az/view?usp=sharing

    ΑπάντησηΔιαγραφή
  34. Sorry, I don't know why the content didn't paste correctly... Try this one:
    https://drive.google.com/file/d/1eZIJlMQg__N-ezWnnwh1qewqkIqtsuOr/view?usp=sharing

    ΑπάντησηΔιαγραφή
  35. Wow! Malwarebytes did find many things. Just to ensure that everything is clean, let's perform a last scan.

    Download Eset Online Scanner and save it to your desktop.

    Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    When the tool opens, click Get Started.
    Read and accept the license agreement.
    At the Welcome to ESET Online Scanner window, click Get Started.
    Select whether you would like to send anonymous data to ESET.
    Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    Click on the Full Scan option.
    Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    ESET will now begin scanning your computer. This may take some time. Actually, you can have a cup of coffee (or two maybe! ).
    When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    =====================

    After that, I would like to see fresh FRST logs, Addition and FRST.

    Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
    Press Scan button and wait for a while.
    The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
    Upload the two logs in the Drive, take links and post them mere.

    ΑπάντησηΔιαγραφή
  36. Eset online scanning complete with no threads:

    23/06/2021 18:20:37
    Files scanned: 11998
    Detected files: 0
    Cleaned files: 0
    Total scan time: 01:00:08
    Scan status: Finished

    ΑπάντησηΔιαγραφή
  37. And the last 2 logs:
    https://drive.google.com/file/d/1-ZEdPd_Qoby_kAd7Q4q-LVrUzfW5SDxO/view?usp=sharing, https://drive.google.com/file/d/1zZmeoafSqKCzSyDNMOeTnOl8-jbMZShM/view?usp=sharing

    ΑπάντησηΔιαγραφή
  38. Hi, Colitsa.

    Apologies for the delay.

    It appears that you have a couple (at least) of pirated/cracked programs installed in your computer, and Windows Defender detected them. Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. We don't want that, right?

    So...

    I would like you to uninstall the following programs, since my fixes will remove the keygens and the patches used to activated them:

    Foxit PhantomPDF
    Guitar Pro 5.2

    Let me know your thoughts about this.

    ΑπάντησηΔιαγραφή
  39. Deleted both programmes. These are the new logs:

    https://drive.google.com/file/d/1KD-0mtzvGyuXBn6Hgsjx29lIp8G9l0cQ/view?usp=sharing, https://drive.google.com/file/d/1qBokUazLeUlg1lmtCAA8O3YdVLcVgc7a/view?usp=sharing

    ΑπάντησηΔιαγραφή
  40. Hi, Colitsa!

    I really apologize for the delay! It was a busy week! The logs are good and I can see that the memory in usage right now is 76%, much better than what it was at the beginning.

    Let's finish it!

    1. Change a Malwarebytes setting:
    Open Malwarebytes.
    Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    >>>Under the title Scan Options, all the options are checked.
    >>>Under the title Windows Security Center (Premium only) the option is NOT checked.
    >>>Under the title Potentially unwanted items all options are set to Always.
    Close Malwarebytes.

    2. Run FRST fix
    Just some tidiness:

    Download fixlist
    Save it at the same place the FRST tool is located.
    Open FRST tool and click on FIX.
    The tool will run and produce a fixlog at the end.
    Please copy and paste its content in your next reply.

    Also please report how is the computer running now. Any remaining questions, issues, concerns?

    ΑπάντησηΔιαγραφή
  41. Morning Grecian Geek!

    Thank you!

    Two things:
    1) for some reason there was no fixlog at the end of the last FIX run...
    2) the Malwarebytes Premium trial expires today, and I won't be signing up for it; is there an alternative?

    Thank you!
    Colitsa

    ΑπάντησηΔιαγραφή
  42. Good morning to you too, Colitsa!

    1. If you save the fixlist at the same location the FRST tool is, then open the FRST tool and click on the FIX button, the tool will run the fix and a fixlog will be created at the same location where FRST tool and the fixlist are. I need to see that log, please.

    2. I recommend the use of Malwarebytes, along with the built-in Windows 10 antivirus, free or premium. The difference between free and premium is regarding the real time protection. Premium offers real time protection, while free doesn't. However, if you don't want to buy the Premium version, you can deactivate the license and use the product as free, meaning that you will have to run it from time to time (e.g. once a week, depending on how often you use your computer), making a full scan.

    How to de-activate license so you can use Malwarebytes free:
    > Open Malwarebytes
    > Click on the little gear at the top right to get into the Settings
    > Click on the Account tab
    > Choose Deactivate
    > That's it. Now the product uses the free license.

    ΑπάντησηΔιαγραφή
  43. I think I managed to find the fixlog:
    https://drive.google.com/file/d/1DxkIaAz7kFrKGyFmAT102VP54hH9WstY/view?usp=sharing

    ΑπάντησηΔιαγραφή
  44. And managed to convert the Malwarebytes Premium to the free version!
    Thank you!

    ΑπάντησηΔιαγραφή
  45. Good. There is only one error regarding System Restore, but we can fix that with the next tool.

    Any remaining issues/questions/concerns, Colitsa?

    ΑπάντησηΔιαγραφή
  46. Perfect!

    The following tool will remove the tools we used as well as reset system restore points:

    > Download KpRm by kernel-panik and save it to your desktop.
    > Right-click kprm_(version).exe and select Run as Administrator.
    > Read and accept the disclaimer.
    > When the tool opens, ensure all boxes under Actions are checked.
    > Under Delete Quarantines select Delete Now, then click Run.
    > Once complete, click OK.
    > A log will open in Notepad titled kprm-(date).txt.
    > Please copy and paste its contents in your next reply.

    ΑπάντησηΔιαγραφή
  47. And the last log:
    https://drive.google.com/file/d/1r_o9xqoebOjajeS-Pj-oO87GZxGRCftJ/view?usp=sharing

    ΑπάντησηΔιαγραφή
  48. Everything seems fine. :)

    Since your computer is clean, here are some final tips about your computer's security from now on:

    Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

    1. Keep your Windows updated!
    It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

    2. Update 3rd Party Software Programs
    Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

    3. Update the browsers you use
    Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

    4. Be careful about what you download and what you open!
    Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
    Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
    Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
    Do not open any files without being certain of what they are!

    5. Avoid questionable web sites!
    Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

    6. Registry cleaners/driver boosters/system optimizers
    I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

    7. PC means personal computer!
    Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

    8. Back-up your work!
    Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

    9. Must-Have Software
    An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. As I already told you, Windows Security along with Malwarebytes are good enough to keep you protected.

    TAKE CARE, STAY SAFE!

    ΑπάντησηΔιαγραφή