cpctech 0 Posted November 4, 2018 Report Share Posted November 4, 2018 HP EnVY TS 17 Notbook PC Has an I7 4700 processor and 16 GB ram. This machine should be running real fast. However it seems to be really slow. After running a full clean up using Techsuite (which includes EMSI soft removal tools) I was ready to give it back to the client..AFter a reboot it started running real slow again. I ran the techsuite software again and removed 17 new items. The only thing the machine had done was site idle on the internet. Attached is the EEK report. The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home) Thanks, scan_181029-172340.txt Link to post Share on other sites
Kevin Zoll 309 Posted November 5, 2018 Report Share Posted November 5, 2018 Let's See what AdwCleaner turns up. Download AdwCleaner and save it on your Desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop. Attach that log file to your reply.NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Link to post Share on other sites
cpctech 0 Posted November 6, 2018 Author Report Share Posted November 6, 2018 AdwCleaner[C00].txt Link to post Share on other sites
Kevin Zoll 309 Posted November 7, 2018 Report Share Posted November 7, 2018 OK, Try running FRST. If it runs successfully attach the scan logs generated by FRST. If not, I will have you run RogueKiller. Link to post Share on other sites
cpctech 0 Posted November 7, 2018 Author Report Share Posted November 7, 2018 Tried running FRST and it crashed in the same place (just after pushing scan) I ran Roguekiller from within Techsuite, then ran FRST, and still have the same result. I suspect I need the Rogue killer download from you next. Link to post Share on other sites
Kevin Zoll 309 Posted November 7, 2018 Report Share Posted November 7, 2018 Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply. Link to post Share on other sites
cpctech 0 Posted November 9, 2018 Author Report Share Posted November 9, 2018 Something is interfering with Roguekiller also. see attached screenshot Link to post Share on other sites
Kevin Zoll 309 Posted November 10, 2018 Report Share Posted November 10, 2018 Try the 64-bit Portable version: https://www.adlice.com/download/roguekiller/?wpdmdl=59&ind=aHR0cDovL2Rvd25sb2FkLmFkbGljZS5jb20vYXBpP2FjdGlvbj1kb3dubG9hZCZhcHA9cm9ndWVraWxsZXImdHlwZT14NjQ Link to post Share on other sites
cpctech 0 Posted November 14, 2018 Author Report Share Posted November 14, 2018 Ok. Sorry it was so long to reply... I had to figure out how to run that w/o having it clean up stuff. It did detect screenconnect.exe which is the software I am using to remote control the machine so that is safe. here is the log RogueKiller_portable64.log Link to post Share on other sites
Kevin Zoll 309 Posted November 14, 2018 Report Share Posted November 14, 2018 I don't see anything malicious in the RogueKiller scan. Please read through these instructions before starting. Create a Windows 10 recovery USB stick: https://www.techrepublic.com/article/be-prepared-create-a-windows-10-recovery-drive/ Using the clean machine, download a fresh copy of FRST64.exe that has never touched the 'sick' machine, and copy it to a separate USB stick. DO NOT INSERT THE USB STICK INTO THE 'SICK' MACHINE YET. Once you're ready with the USB stick and the Windows 10 recovery USB stick (yes, two sticks), shut down the sick computer completely. As in shut down power off. Follow the instructions here to boot from the Windows 10 recovery USB stick: https://craftedflash.com/info/how-boot-computer-from-usb-flash-drive Use the Repair -> Troubleshoot -> Command Prompt option within recovery mode. Once there, plug in the second USB stick that has FRST64 on it. Find your USB drive by running notepad.exe, clicking File->Open, then noting which drive says "Boot". Normally that is 😧 or E:, depending on how many drives are in your machine. Either way, we're looking for the USB stick drive letter. You can also find it by typing (in the command prompt) "dir d:", "dir e:" etc. until you find the FRST64.exe program you downloaded earlier. Type "FRST64" to run it. Click the Scan button. Please send the FRST.txt file that it creates. If all goes well, FRST64 will have killed the malware driver, and you'll be able to reboot into normal mode where we can finish the removal. Link to post Share on other sites
cpctech 0 Posted November 14, 2018 Author Report Share Posted November 14, 2018 In trying to review your instructions I recived this on clicking the link for step 3. craftedflash.com uses an invalid security certificate. The security certificate for craftedflash.com is not trustworthy because the issuing organization failed to follow security practices. Certificates issued by Symantec, including the Thawte, GeoTrust, and RapidSSL brands, are not considered safe. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED I find it odd that Symantec is on the "not trusted" list. Link to post Share on other sites
cpctech 0 Posted November 14, 2018 Author Report Share Posted November 14, 2018 What if I don't have a USB stick that is fresh. Should I wait until I can travel the 150 miles round trip (this friday) to staples and buy a new one? (We live out in the sticks) Link to post Share on other sites
cpctech 0 Posted November 14, 2018 Author Report Share Posted November 14, 2018 Not to mention now you have me worried, as I have been using a usb stick to nike network files from that machine to my work PC to make these posts. Link to post Share on other sites
cpctech 0 Posted November 14, 2018 Author Report Share Posted November 14, 2018 I ran FSRT64.exe from a fresh download on to a USB I am failrly certain is clean. I booted into repair on a media creation tool created windows 10 installer usb I created earlier. Here is what I got. FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted November 15, 2018 Report Share Posted November 15, 2018 I am not seeing any malware in the FRST log. Try running FRST from normal mode again. Link to post Share on other sites
cpctech 0 Posted November 20, 2018 Author Report Share Posted November 20, 2018 At this point, the client wants their machine back. I am going to wipe and reload it. Thanks for trying. Link to post Share on other sites
Kevin Zoll 309 Posted November 20, 2018 Report Share Posted November 20, 2018 Topic Closed Link to post Share on other sites
Recommended Posts