Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Computer taking forever to start

  1. #11
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    148

    Default

    Here is the logfile for AdwCleaner:

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.2.0
    # -------------------------------
    # Build: 01-27-2020
    # Database: 2020-02-17.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-20-2020
    # Duration: 00:00:39
    # OS: Windows 10 Home
    # Scanned: 34851
    # Detected: 57


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy C:\Users\Lillian\AppData\Roaming\Tencent
    PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers

    ***** [ Files ] *****

    PUP.Optional.DriverUpdate C:\Users\Lillian\Downloads\DRIVERUPDATE-SETUP.EXE

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackjack +.lnk

    ***** [ Tasks ] *****

    PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN

    ***** [ Registry ] *****

    Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
    PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
    PUP.Optional.Legacy HKLM\Software\Classes\METNSD
    PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
    PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
    Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17DC42A2-F68C-4C6E-A685-B484C8ECF152}
    Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
    Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
    Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
    Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
    Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F57CADA-CB76-426E-816A-BCE06E750A54}
    Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
    Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
    Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
    Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
    Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
    Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}
    Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
    Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
    Preinstalled.SamsungSmartSwitch Folder C:\Users\Lillian\AppData\Roaming\SAMSUNG\SMART SWITCH PC
    Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
    Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
    Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
    Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


    Here is the MBam text:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/20/20
    Scan Time: 10:09 PM
    Log File: 4b7ed6d4-5468-11ea-96c7-10e7c6012b55.json

    -Software Information-
    Version: 3.8.3.2965
    Components Version: 1.0.613
    Update Package Version: 1.0.14905
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17763.1039)
    CPU: x64
    File System: NTFS
    User: DESKTOP-MNATPML\Lillian

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 348877
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 8 hr, 29 min, 45 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    I didn't do the FRST and the fix for it because I was worried I'd delete things that belonged to the kids' games. I saw a lot of Minecraft in there!

  2. #12
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Run Adware again, when the list appears make sure to click on the below entries.




    PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN

    ***** [ Registry ] *****

    Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
    PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
    PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
    PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
    PUP.Optional.Legacy HKLM\Software\Classes\METNSD
    PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
    PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com







    The other items found wont hurt anything.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #13
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    148

    Default

    I ran AdwCleaner again and I check marked PUP.Optional.Legacy, then went to the second screen and didn't see any of the other things you listed. This is what I see on the Preinstalled Software screen:
    Preinstalled.HPAudioSwitch
    Preinstalled.HPJumpStartBridge
    Preinstalled. HPJumpStartLaunch
    Preinstalled.HPRegistrationService
    Preinstalled.HPSupportAssistant
    Preinstalled.HPSureConnect
    Preinstalled.SamsungSmartSwitch
    Preinstalled.WildTangentGamesBundle

    So I quarantine and restarted the computer and ran the scan again and the PUP.Optional.Legacy showed up again! But I know I got rid of it. And of course all the Preinstalled stuff was still there, but none were the ones you listed.

  4. #14
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    PUP.Optional.Legacy is a game or part of bundled games that wasn't deleted so it will show up on another scan, also a part of Preinstalled.WildTangentGamesBundle

    Give the computer a day or two, don't download anything, and if everything is working well we will remove the tools and folders from scanning.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    148

    Default

    So it's been a couple of days and no issues! But should I have check marked all of those Preinstalled items I listed in my last reply and quarantined them? I'm not sure what they are.

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Their mostly HP pre-installed functions and games.
    I think for now with no issues, let's leave those alone.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    148

    Default

    Ok I will just leave them alone.
    So is my next step to delete all the software I installed?

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Use this tool to remove quarantined items:

    Please download KpRm by Kernel-panik and save to your Desktop.
    • Click on KpRm.exe to run the tool.

    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Put a check mark next to these items:
      - Delete tools

    • Click the "Run" button.


    • When the tool has finished, it will create and open a log report and delete itself.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    148

    Default

    Here is the logfile:

    # Run at 25-Feb-2020 6:34:05 AM
    # KpRm (Kernel-panik) version 2.7
    # Website https://kernel-panik.me/tool/kprm/
    # Run by Lillian from C:\Users\Lillian\Desktop
    # Computer Name: DESKTOP-MNATPML
    # OS: Windows 10 X64 (17763)
    # Number of passes: 1

    - Checked options -

    ~ Delete Tools

    - Delete Tools -


    ## AdwCleaner
    [OK] C:\Users\Lillian\Desktop\adwcleaner_8.0.2.exe deleted

    ## FRST
    [OK] C:\Users\Lillian\Desktop\Addition.txt deleted
    [OK] C:\Users\Lillian\Desktop\FRST.txt deleted
    [OK] C:\Users\Lillian\Desktop\FRST64.exe deleted

    - Other Lines -


    ## Quarantines keeped
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\FRST (FRST)

    -- KPRM finished in 11.84s --

    But I still have 2 MalwareBytes icons on my desktop and this logfile. Do I need to just restart my computer for them to disappear or do I need to manually delete them?

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Probably but I think its a good idea to keep MalwareBytes and use it on occasion.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •