Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: Suspiciously Slow Computer

  1. #11
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default The missing logs

    I was able to find and post the original logs, they weren't as clean as I thought.

    # AdwCleaner v6.047 - Logfile created 27/05/2017 at 08:38:06
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-26.6 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : oldman - EUSTACE
    # Running from : C:\Users\oldman\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MySafeSavings
    Key Found: HKCU\Software\MySafeSavings
    Key Found: HKLM\SOFTWARE\MySafeSavings
    Key Found: [x64] HKCU\Software\MySafeSavings
    Key Found: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Data Found: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [1834 Bytes] - [27/05/2017 08:38:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1907 Bytes] ##########

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/28/17
    Scan Time: 12:14 PM
    Log File: Malbytes.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.122
    Update Package Version: 1.0.2038
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: eustace\oldman

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 413450
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 15 min, 34 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

    Zemana AntiMalware 2.72.2.388 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/5/27
    Operating System : Windows 10 64-bit
    Processor : 2X AMD A4-4300M APU with Radeon(tm) HD Graphics
    BIOS Mode : UEFI
    CUID : 12018F519C08B72150B30E
    Scan Type : System Scan
    Duration : 31m 13s
    Scanned Objects : 165171
    Detected Objects : 10
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Internet Settings (System)
    Status : Scanned
    Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Potentially Unwanted Modification
    Cleaning Action : Delete
    Related Objects :
    Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000086000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    Internet Settings (System)
    Status : Scanned
    Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Potentially Unwanted Modification
    Cleaning Action : Delete
    Related Objects :
    Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000004000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    {1f1c0436-e2de-4156-a74b-889d60e6ded4}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{1f1c0436-e2de-4156-a74b-889d60e6ded4}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {3c785ce0-09eb-489c-b381-60032ad92402}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{3c785ce0-09eb-489c-b381-60032ad92402}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {52c5b2de-2ee0-492f-b7ae-f81b21beee4f}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{52c5b2de-2ee0-492f-b7ae-f81b21beee4f}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {580471d0-bb6a-4fbe-a33b-60459ea2a71a}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{580471d0-bb6a-4fbe-a33b-60459ea2a71a}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {6f64d097-c335-470b-804c-66d6a23e63da}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{6f64d097-c335-470b-804c-66d6a23e63da}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {7418df81-a921-495e-84c4-f48070d276ab}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{7418df81-a921-495e-84c4-f48070d276ab}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {951ff928-0242-4f90-982c-0f11fe1ed05f}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{951ff928-0242-4f90-982c-0f11fe1ed05f}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {f1d1c249-fd8f-4d57-bdca-269963eb78c6}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{f1d1c249-fd8f-4d57-bdca-269963eb78c6}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 10
    Reported as safe : 0
    Failed : 0

  2. #12
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default The log I forgot to add to the last post

    Emsisoft Emergency Kit - Version 2017.4
    Scan log

    Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
    5/28/2017 3:36:53 PM Malware 82100 0 0:09:20 Manual scan EUSTACE

  3. #13
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,756

    Default

    Emsisoft Emergency Kit - Version 2017.4
    Scan log
    Looks as if the log cut off or it didn't find anything?

    Machine seem normal?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default Emsisoft log

    That was a some what abbreviated log I posted, sorry. This is what I believe you were looking for. The computer is running much better, I would say it is cured but your opinion is what counts. If you don't see anything of note in the logs I would say we have been successful. I'll be waiting to hear your opinion and as always I want to thank you for your help.

    Emsisoft Emergency Kit - Version 2017.4
    Last update: 5/31/2017 5:13:40 PM
    User account: eustace\oldman
    Computer name: EUSTACE
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 6/1/2017 11:59:08 AM
    Key: HKEY_USERS\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A) [270440]

    Scanned 143157
    Found 1

    Scan end: 6/1/2017 12:10:12 PM
    Scan time: 0:11:04

    Key: HKEY_USERS\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Application.Win32.WSearch (A)

    Quarantined 1

  5. #15
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,756

    Default

    The computer is running much better, I would say it is cured but your opinion is what counts. If you don't see anything of note in the logs I would say we have been successful. I'll be waiting to hear your opinion and as always I want to thank you for your help.
    Your looking good. If something was wrong you would know it.

    And, your welcome.

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default done

    Thanks for the links.

  7. #17
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default Done (maybe)

    As an afterthought, I'd like to try an experiment with my Granddaughter and her minecrafting. I think the problems, Searchscopes, MySafeSavings etc. are coming from her using custom servers to play on as well as voting for them. I would like to let her play her game without using the external servers and then see what happens. Please let me know if that would be acceptable with you. (I don't want to push your patience too far)

  8. #18
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,756

    Default

    custom servers to play on as well as voting for them
    I don't play Minecraft or allow any else to on my laptop.

    I think, you need a fully secured machine (If thats possible) to connect to an outside server. It's just a gut feeling because I have no knowledge of the in's and out's exactly....
    Now, when voting on games and or going to winners circles, make sure your host and firewall rules are up to date.
    No applications on your machine are exploitable and run NoScript so nothing can insert a bad/run java script.

    Can you set her up with a user profile with limited permissions?
    https://www.laptopmag.com/articles/l...nts-windows-10

    Might not give her all she wants when on the web but should keep your computer safer.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Senior Member
    Join Date
    Jun 2014
    Posts
    143

    Default This just might work !

    Excellent advice, thanks. I have a lot to learn when it comes to setting up security, firewall rules etc. but I guess I might as well get started unless I want to keep dealing with these problems(I don't). I'm going to see what I can do, especially blacklisting the redirects that cause the problem in the first place. She is the only other person that uses this machine and I never have any of the usual "Teen on the internet problems" this one in particular seems to keep reoccurring though. I may end up having to set her up with a limited account if that's what it takes but I'm curious as to the nature of the infection and want to understand these problems better, so the education continues. Thanks again.

  10. #20
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,756

    Default

    Read over a couple of the links I posted from quietman and Lawrence Abrams, they provide good details and steps you can take.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •