Very Long Startup Time

[gigglepot]

20-Sep-2022 21:52:18 PM
Files scanned: 1018542
Detected files: 34
Cleaned files: 33
Total scan time 06:21:04
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20200220.215416\15\DRIVERUPDATE-SETUP.EXE#DF884AB0F9E7E5C1 a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting

C:\Program Files\AVAST Software\Avast\setup\securebrowser_setup_15703353509084.exe a variant of Win32/CCleaner.A potentially unsafe application error while cleaning (Access denied)

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\07BD12FE-00007364.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\1AC4658E-0000480F.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\1D2B0EC9-0000759C.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\1D922AD7-00007B32.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\1E486889-0000720E.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\1F0577AE-000061F0.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\2023560F-0000480E.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\26E77908-00005E01.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\2C9E2DD7-0000696B.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\2CA51BAC-00006B0F.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\33E41ACC-0000625A.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\3B591934-000064CF.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\3B643F5F-00004BD4.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\3E634F5E-000069A5.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\4E9B59A0-00005120.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\58BE5D0B-000071B6.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\58FE2142-00004E2C.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\59DB5178-0000649F.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\5C66360B-000069EB.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\5EE212BD-00007564.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\617D3EB0-00004A0C.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\675258DB-000073FE.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\67DC16EE-00004976.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\6C655385-00004D4B.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\6FCA09AD-0000517B.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\771B612B-00005E1C.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\78A97FB6-00006F38.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\7B0E5CA1-00005590.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (lilli eed\Deleted Items\7F6B7147-00004F90.eml HTML/ScrInject.B trojan deleted

C:\Users\Lillian\AppData\Local\Microsoft\Windows Live Mail\Shaw (msimm 701\Deleted Items\25C3254F-00000303.eml HTML/ScrInject.B trojan deleted

C:\Windows\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application cleaned by deleting

C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting

[Juliet]

SECOH-QAD.exe is synonymous with KMSPico found which is a hack tool
Your version of Microsoft Office is compromised by an illegal activator. It's possible you won't receive updates to this version.

The above emails coming through Windows Live Mail, did all of these have attachments or redirect to a web site?
Kinda of odd that your antivirus didn't pick up on this. I can't see the dates received or who the sender is, I think I would block or just delete those without opening.

How is the computer now?

[gigglepot]

I don't even know what these emails are. Where do I find them? I don't even open emails that I don't know who they're from. How do I find out where these are and delete them permanently?

When I started the computer this morning, it took 10 minutes on the welcome screen. So no change after all of these steps so far.

[Juliet]

As for whats starting and loading at boot up I can't tell. What we can do is check for a few things.

I haven't used Outlook - Windows Live Mail in forever
See id the below link can add info
https://www.bleepingcomputer.com/tut...ows-live-mail/

One problem could be Avast doing a scan at boot up, not sure but you might want to look into it
https://forum.avast.com/index.php?topic=238227.0


https://support.microsoft.com/en-us/...7-375e92dddeb2
Manually check for windows updates

[gigglepot]

I don't think my Windows Live Mail is causing the issue because I delete the Deleted Items regularly and because I don't have it starting up when the computer starts.

I disabled Avast and restarted the computer just to see if it's causing lag, it dropped to 6-7 minutes start-up from 9-11 minutes. A little improvement but not much. What is a reasonable time for the computer to start up anyway? I read 45 seconds for a new computer!

I checked and I'm up to date on my Windows Updates.

Can you help me go through the programs that start-up when my computer starts up to see if I can disable some of them?

[Juliet]

Let me direct you to a help forum that I think can better help with startup issues. If I attempt it I'm just guessing.
They know of tools to use for a diagnosis that I'm unfamiliar working with.

Create an account, and start a new topic and if you like or if they request you can copy and paste this link to show them what we have done here.
https://www.sysnative.com/forums/forums/windows-10.148/

The above forum are people I have seen working for years and are members of the trusted community.

Let's remove tools and quarantine folders.


Use this tool to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.

• Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

• Put a check mark next to these items:

- Delete tools
- Delete now

• Click the "Run" button.

• When the tool has finished, it will create and open a log report and delete itself.

[gigglepot]

I've attached the log file for KpRm below.

After doing this I still have on my computer:

Tweaking.com
Malwarebytes
MBSetup
ESETScan.txt
KpRm log

Do I just manually delete them from my desktop or from Programs?

Also, I posted a thread on Sysnative forums and they told me that I should completely uninstall Spybot as it's not needed in modern computers and will definitely slow down my computer. Should I? My computer was purchased May 2018.

# Run at 26-Sep-2022 12:03:58 PM
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Lillian from C:\Users\Lillian\Desktop
# Computer Name: DESKTOP-MNATPML
# OS: Windows 10 X64 (19044)
# Number of passes: 2

- Checked options -

~ Delete Tools
~ Delete Quarantines

- Delete Tools -


## AdwCleaner
[OK] C:\Users\Lillian\Desktop\adwcleaner.exe deleted
[OK] C:\AdwCleaner deleted

## AswMBR
[OK] C:\Users\Lillian\Desktop\aswMBR.exe deleted

## ESET Online Scanner
[OK] C:\Users\Lillian\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\Lillian\Desktop\esetonlinescanner.exe deleted
[OK] C:\Users\Lillian\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\Lillian\Desktop\Addition.txt deleted
[OK] C:\Users\Lillian\Desktop\Fixlog.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted

-- KPRM finished in 207.72s --