Status
Not open for further replies.

Star777

New Member
Hello,
I started having issues with this laptop around October, just after a Windows 10 update. It kept freezing for a few seconds with anything I did. I looked up and apparently there were many similar issues cause by Windows Update. So i kept on, hoping it would clear after another update. But it did not.
Also the wifi got very slow but thought it was a problem with the internet provider.
Suddenly just before Christmas everytime I would use a Microsoft Office program like Words or Excel a window would pop up saying that The Product License was not activated and I had to do so before 30 days. When I clicked the button to activate it, it was giving me an error.
I have Bitdefender Total Security installed and all the scans did not detect anything but there was an incresing amount of notifications that pishing attempts were being blocked which I hardly had before.
So as soon as I had some money (I am an Artist) I took it to the local PC Shop where I bought the PC second hand last June. Just before the license expired. (2 days ago)

He said there were 3 viruses. He had to install Microsoft Office again. He said one of the viruses cancelled the license. I suppose this is a legal License and product.
He also said that one virus was linked to Chrome and he was unable to delete it completely, referring to it as the New Tab Virus. He told me not to use Chrome and use Edge instead but if I kept having issues i would have to format the Pc and start fresh.
I arrived at home from the shop,(yesterday) the pc was running very smooth and fast.
I opened Edge I put an ad block extension (UBlock) the Pc started flashing and freezing, the wifi got disconnected and edge shut off on its own! I freaked and opened Edge again and uninstalled the exstention but something has happened because since then the pc started freezing again, Edge keeps asking to close all the tabs and it suddenly shuts off on its own.
So I deleted Chrome, (I needed to do urgent work) even from the files in the C: directory. Re-installed it. Went to Setting, On Start up open on a set of pages, I put google.com. I have Chrome in the task bar when i click on it opens in a different one and still in the New Tab page. I am running it from incognito window now. It was ok at the beginning and now after a couple of hours it is starting to freeze again.
Yesterday I spoke with Bitdefender Support but unable to help me. I ran a full system scan, Nothing detected. While I was changing my passwords I found Malwaretips.com password which I had forgotten and decided to ask for your help before having to go back to the shop again and having to format the pc. Also to check if what he did was right.
I downloaded Malwarebytes, run it. It did not detect anything too.
In one post I found on the internet it gave an instruction to look for the id extension in the registry which I did but there are no extensions. Only this
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.microsoft.browsercore
I do not know what it is if it is adware or normal.
I am really Sorry for the lengthy explanation, I do not know how to explain it otherwise
I attach the files from the FARBAR RECOVERY TOOL.
I attach screen shots of the Malwarebytes report. I copy the report on the clipboard but nothing is there (??)
I tried to retrieve the system scan report from Bitdefender but cannot find it anywhere, even following their instruction.
Thank you so much if you are able to help!!
 

Attachments

nasdaq

Moderator
Verified
Staff member
Hello, Welcome to MALWARETIPS.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.[/*]
  • Doubleclick on TDSSKiller.exe to run the application.[/*]
  • Then click on Start Scan.[/*]
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.[/*]
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.[/*]
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.[/*]
===

Wait for further instructions.
 

Star777

New Member
Thank you so much Nasdaq for replying so quickly being the weekend. I just downloaded TDSSKiller and it has not found any threats. I attach the screen capture of the result.
 

Attachments

nasdaq

Moderator
Verified
Staff member
Hi,

The Farbar program must be executed in an Administrator account.
Ran by TEDDY (ATTENTION: The user is not administrator)
You only have one Profile with Administrator Rights.
Administrator (S-1-5-21-12248003-3668409592-3184054334-500 - Administrator - Disabled) <- it's disabled.

You should be able to change the account status.

To exit the command windows type EXIT and hit the Enter key at the prompt.

Restart the computer in the Administrator account and run the Farbar program.

Post both logs for my review.
 

Star777

New Member
Hello, Thank you for your reply. Sorry to disturb you on a Sunday. I have followed the instruction in the article. I restarted the pc and run from my normal administrator account Sunfreestar, it did not ask me the password I put in the command prompt but my usual one. There are no other administrator accounts that I can see. I run the Faber tool again from this administrator account and attach both the files. Thank you so much!
 

Attachments

woomera

Level 7
Verified
Try these (this is what I would do in a situation like yours).

-Take a screenshot of your device manager window and post it here (right-click on start button > device manager)
-Run "msconfig" command (right-click on start button and select "run") and under "Boot" select "Safe Boot" with Network selection and then reboot. Open chrome/edge and browse a few websites and work with your machine for a couple of minutes and see if you experience the same issues.
-While in "safe mode" it is good to run SFC and DISM:
1. Open command prompt/powershell with admin privilege and type "sfc /scannow" and let it finish and reboot if it detects and fixes anything.
2. Open command prompt/powershell with admin privilege and type "DISM /Online /Cleanup-Image /CheckHealth "
if DISm find any issues then follow up by running this: "DISM /Online /Cleanup-Image /RestoreHealth "

Post your result here.
 

Star777

New Member
Try these (this is what I would do in a situation like yours).

-Take a screenshot of your device manager window and post it here (right-click on start button > device manager)
-Run "msconfig" command (right-click on start button and select "run") and under "Boot" select "Safe Boot" with Network selection and then reboot. Open chrome/edge and browse a few websites and work with your machine for a couple of minutes and see if you experience the same issues.
-While in "safe mode" it is good to run SFC and DISM:
1. Open command prompt/powershell with admin privilege and type "sfc /scannow" and let it finish and reboot if it detects and fixes anything.
2. Open command prompt/powershell with admin privilege and type "DISM /Online /Cleanup-Image /CheckHealth "
if DISm find any issues then follow up by running this: "DISM /Online /Cleanup-Image /RestoreHealth "

Post your result here.
Thank You so much Woomera for your reply. I attach the device manager screenshot. I booted in Safe Mode as you indicated and everything was working very fine and fast. Tried both Browsers and the Graphic programs I use and all worked very fast with no freezing. Also the Internet was really fast!
I run the SFC and did not find anything "Did not find Integrity violations"
I run the DISM and nothing too "No component store corruption detected"
I have restarted the PC and everything seems to work very fine without freezing. Edge opens up much more faster than Chrome. Chrome is quite slow in opening, maybe because it has the Bitdefender anti tracking extension and the AdBlocker. I have set it up to open in google.com page and it is doing it although in the taskbar there are two Chrome icons whenever Chrome is open which it never used to that before.
I dare not to install any extensions in Edge in case it does the same thing it happened before!
I really can't understand what is happening and if I should just continue as normal, as nothing is detected and everything seems to work fine?
Thank you so much for your help!
 

Star777

New Member
Thank You so much Woomera for your reply. I attach the device manager screenshot. I booted in Safe Mode as you indicated and everything was working very fine and fast. Tried both Browsers and the Graphic programs I use and all worked very fast with no freezing. Also the Internet was really fast!
I run the SFC and did not find anything "Did not find Integrity violations"
I run the DISM and nothing too "No component store corruption detected"
I have restarted the PC and everything seems to work very fine without freezing. Edge opens up much more faster than Chrome. Chrome is quite slow in opening, maybe because it has the Bitdefender anti tracking extension and the AdBlocker. I have set it up to open in google.com page and it is doing it although in the taskbar there are two Chrome icons whenever Chrome is open which it never used to that before.
I dare not to install any extensions in Edge in case it does the same thing it happened before!
I really can't understand what is happening and if I should just continue as normal, as nothing is detected and everything seems to work fine?
Thank you so much for your help!
Sorry I forgot to put the attachment!
 

Attachments

Star777

New Member
Hi,

The Farbar program must be executed in an Administrator account.


You only have one Profile with Administrator Rights.
Administrator (S-1-5-21-12248003-3668409592-3184054334-500 - Administrator - Disabled) <- it's disabled.

You should be able to change the account status.

To exit the command windows type EXIT and hit the Enter key at the prompt.

Restart the computer in the Administrator account and run the Farbar program.

Post both logs for my review.
Sorry Nasdaq I just realized I had to hit reply so you could be notified of my answer?
This is my reply from yesterday, everything seems to work fine now (see above answer) so I really do not know what to think. Thank you so much for your help. You can check the attached files above.

Hello, Thank you for your reply. Sorry to disturb you on a Sunday. I have followed the instruction in the article. I restarted the pc and run from my normal administrator account Sunfreestar, it did not ask me the password I put in the command prompt but my usual one. There are no other administrator accounts that I can see. I run the Faber tool again from this administrator account and attach both the files. Thank you so much!
 

woomera

Level 7
Verified
Alright, So, Since the problem disappears when you load up with safe mode indicates that it is not hardware related ! which is good news. Your windows system files seem to be intact too.

Now, Something loads during your startup which is causing this. Either a bad driver or an application or a missing link from a deleted file/application. There is also a chance that you have bad sectors on your hard drive, So try these steps now:

-Run Crystal Disk Info (Downloading File /72256/CrystalDiskInfo8_4_0.zip - CrystalDiskInfo - OSDN) and post the screens (extend the window so all info can be seen). post for all of your hard drives if you have more than one.

-download Sysinternals Suite (https://download.sysinternals.com/files/SysinternalsSuite.zip)
run "autoruns" and "process explorer"
inside Autoruns, click on "Options" and hit "hide Microsoft entries". locate the tabs "Drivers" and "Logon" and see if there is anything in there that you don't recognize or is a residue from an uninstalled application and before removing them post their screens here to make sure.
The run "Process Explorer" and keep it in tray, now work with the system until slow-downs appear and check to see if there is any process that is hitting the CPU hard. I.E process that is using more than 15% cpu. Also enable "Check Virutotal.com" under Options>VirusTotal.com and see if any of the running process's return a positive detection under VirusTotal column.

-After the steps mentioned above, you might wanna try disabling all the non-microsoft services and reboot to see if any of the third-party services is causing this.
you can do that within Msconfig > Services, check the "Hide all Microsoft services" box and then hit "disable all" followed by a reboot and then try working with the computer and see if the issue is fixed.

Report back and lets see what we are dealing with.
 

Star777

New Member
Hello, Thank you for your reply. Sorry to disturb you on a Sunday. I have followed the instruction in the article. I restarted the pc and run from my normal administrator account Sunfreestar, it did not ask me the password I put in the command prompt but my usual one. There are no other administrator accounts that I can see. I run the Faber tool again from this administrator account and attach both the files. Thank you so much!
Hi,

The Farbar program must be executed in an Administrator account.


You only have one Profile with Administrator Rights.
Administrator (S-1-5-21-12248003-3668409592-3184054334-500 - Administrator - Disabled) <- it's disabled.

You should be able to change the account status.

To exit the command windows type EXIT and hit the Enter key at the prompt.

Restart the computer in the Administrator account and run the Farbar program.

Post both logs for my review.

Unfortunately after a few hours working with the pc, it has started to freeze again, and Edge closing all tabs on its own. It seems that it happens after a few hours I am working on it. For example if I want to open a file from a graphic program or to upload to Drive, it keeps freezing and will not let me scroll down to see all the files! It happens in both Browsers. It is faster though than Saturday.
 

Star777

New Member
Alright, So, Since the problem disappears when you load up with safe mode indicates that it is not hardware related ! which is good news. Your windows system files seem to be intact too.

Now, Something loads during your startup which is causing this. Either a bad driver or an application or a missing link from a deleted file/application. There is also a chance that you have bad sectors on your hard drive, So try these steps now:

-Run Crystal Disk Info (Downloading File /72256/CrystalDiskInfo8_4_0.zip - CrystalDiskInfo - OSDN) and post the screens (extend the window so all info can be seen). post for all of your hard drives if you have more than one.

-download Sysinternals Suite (https://download.sysinternals.com/files/SysinternalsSuite.zip)
run "autoruns" and "process explorer"
inside Autoruns, click on "Options" and hit "hide Microsoft entries". locate the tabs "Drivers" and "Logon" and see if there is anything in there that you don't recognize or is a residue from an uninstalled application and before removing them post their screens here to make sure.
The run "Process Explorer" and keep it in tray, now work with the system until slow-downs appear and check to see if there is any process that is hitting the CPU hard. I.E process that is using more than 15% cpu. Also enable "Check Virutotal.com" under Options>VirusTotal.com and see if any of the running process's return a positive detection under VirusTotal column.

-After the steps mentioned above, you might wanna try disabling all the non-microsoft services and reboot to see if any of the third-party services is causing this.
you can do that within Msconfig > Services, check the "Hide all Microsoft services" box and then hit "disable all" followed by a reboot and then try working with the computer and see if the issue is fixed.

Report back and lets see what we are dealing with.
Thank you so much Woomera. I was just writing that after a working with the pc until now it is starting to freeze again and Edge closes on its own. I will follow your instructions now and report. Thank you again!
 

Star777

New Member
Alright, So, Since the problem disappears when you load up with safe mode indicates that it is not hardware related ! which is good news. Your windows system files seem to be intact too.

Now, Something loads during your startup which is causing this. Either a bad driver or an application or a missing link from a deleted file/application. There is also a chance that you have bad sectors on your hard drive, So try these steps now:

-Run Crystal Disk Info (Downloading File /72256/CrystalDiskInfo8_4_0.zip - CrystalDiskInfo - OSDN) and post the screens (extend the window so all info can be seen). post for all of your hard drives if you have more than one.

-download Sysinternals Suite (https://download.sysinternals.com/files/SysinternalsSuite.zip)
run "autoruns" and "process explorer"
inside Autoruns, click on "Options" and hit "hide Microsoft entries". locate the tabs "Drivers" and "Logon" and see if there is anything in there that you don't recognize or is a residue from an uninstalled application and before removing them post their screens here to make sure.
The run "Process Explorer" and keep it in tray, now work with the system until slow-downs appear and check to see if there is any process that is hitting the CPU hard. I.E process that is using more than 15% cpu. Also enable "Check Virutotal.com" under Options>VirusTotal.com and see if any of the running process's return a positive detection under VirusTotal column.

-After the steps mentioned above, you might wanna try disabling all the non-microsoft services and reboot to see if any of the third-party services is causing this.
you can do that within Msconfig > Services, check the "Hide all Microsoft services" box and then hit "disable all" followed by a reboot and then try working with the computer and see if the issue is fixed.

Report back and lets see what we are dealing with.
Hello Woomera,

From the Drivers I do not see anything unusual, there are 3 of them I do not know what they are but I suppose they are part of the system, called Intel Corporation Client, and two of TOSHIBA, CLIENT AND CORPORATION.
Same in Logon there is only one which says "File not found" which I do not know what it is.

In Process Explorer I noticed that when I was using Edge, only two tabs open, it was using a lot of CPU (explorer.png) sometimes reaching 30
Then I closed Edge where a window would pop up continuously asking if I wanted to close all tabs without me touching anything.
I went to Chrome and even listening to music on You Tube the CPU was very low never going higher than 15%
So I opened Paint.net while on YouTube and working with images as I do normally and checked, with Paint.Net it would go up to 30/40 and every time it would freeze the CPU was 100%, one time it was also explorer.exe high (explorer1.png) and one time it was svchost.exe but for a moment, and other times when it would freeze there was only Paint.net at maybe 30 and nothing else but CPU at 100%.
Another time was System idle process that was the highest. (explorer2.png)
All this time the computer is running much faster than before but it keeps freezing.

So Hide All Microsoft Services and reboot, started working again with Paint.net and Youtube on Chrome, freezing is less but it still doing it. If I scroll it stops for a second, if I want to open a window it won't do it straight away.

One thing I did not know how to see when it turned positive on Virtual Total column. There were only numbers and colors. Many in red which were related to Bitdefender and Windows.
Hope all this helps.
Thank you again!
 

Attachments

woomera

Level 7
Verified
If the process ROW is colored, that is just to differentiate the type of process which we dont need.Under Virustotal Column, As you can see all of them are marked as 0/(69-71) which means none of them had any positive detection from VT.

If a process's CPU usage spikes for a few seconds thats normal but if it stays high for a long duration like more than a minute or 2 then thats a problem unless you are aware of that program doing some intense operation like a game or a video conversion or even a system scan by an AV.

You have Bitdefender and Malwarebytes installed which I believe do not play well together. uninstall both of them (for now) and after reboot follow up by running BD cleanup utility from here: Uninstall Bitdefender.

It seems from your FRST result in the OP that Windows Defender is still running even though you have BD installed which can happen and if it is the case then it can be the culprit.

uninstall those 2 and reboot, see if you still have the issue.
 

Star777

New Member
If the process ROW is colored, that is just to differentiate the type of process which we dont need.Under Virustotal Column, As you can see all of them are marked as 0/(69-71) which means none of them had any positive detection from VT.

If a process's CPU usage spikes for a few seconds thats normal but if it stays high for a long duration like more than a minute or 2 then thats a problem unless you are aware of that program doing some intense operation like a game or a video conversion or even a system scan by an AV.

You have Bitdefender and Malwarebytes installed which I believe do not play well together. uninstall both of them (for now) and after reboot follow up by running BD cleanup utility from here: Uninstall Bitdefender.

It seems from your FRST result in the OP that Windows Defender is still running even though you have BD installed which can happen and if it is the case then it can be the culprit.

uninstall those 2 and reboot, see if you still have the issue.
Thank You so much Woomera for the explanation. I had installed Malwarebytes only when I opened this thread, I have had only Bitdefender as an antivirus. I uninstalled both and have been working all afternoon and the freezing is still there. Online everything is smooth and quite fast but if I need to upload a file or image from the PC it does the same thing of freezing for a moment, not being able to scroll etc., the window moves on its own. The same happens when I work with the programs in the PC. On Saturday I was not able to write properly online, now that has gone. I bought the computer in June and installed Bitdefender than, and it was all running smoothly until around October. As it seems there are no viruses than the only thing it could be Windows 10 that is having some issues after an update. This is what I read online somewhere. Could it be?
 

woomera

Level 7
Verified
well, from this point you can either continue trying to locate the cause of it or you could save a lot of time and just backup your sensitive data to an external drive and reset the windows. if you wanna do that its located in Settings > Update and security > Recovery > Reset this PC.

If you decide to reset it, do not install any software and just use the machine for 24 hours and see how it performs. If you still have issue with the performance after the reset and no app installed then its most likely the HDD which is faulty.
 

Star777

New Member
Thank you so much, Woomera for all your help! At least now it is running better than before we started. I think you are right the best thing to do is a reset. One question, as this is a second-hand computer which was updated to Windows 10 by the local shop who sold it to me, if I reset it will it maintain the Windows 10 and the Microsoft Office that has just been installed? Otherwise I will have to take it back there for them to do it.
 

nasdaq

Moderator
Verified
Staff member
Hi Star777

Woomera gave you good advice and glad to see that all is well with this computer.

On the second computer if you still need help please run the Farbar Program and post fresh logs.

If Woomera returns please ignore his recommendation. I will deal with the topic.and inform him on his rights to answer topics in this Forum.
 

RKRN3

Level 3
Verified
RKRN3, You are not authorized to post in the Malware Forum.
 
Last edited by a moderator:

Star777

New Member
Hi Star777

Woomera gave you good advice and glad to see that all is well with this computer.

On the second computer if you still need help please run the Farbar Program and post fresh logs.

If Woomera returns please ignore his recommendation. I will deal with the topic.and inform him on his rights to answer topics in this Forum.
Thank you so much, Nasdaq for your reply. I do not have a second computer, I was just wondering if I do a complete reset of this computer if I would lose the Windows 10 and the Microsoft Office installed as it is a re-conditioned computer, so for that, I think it is better I take it to the Local Shop and let them do it. Thank you and Woomera for all your help, at least it is good to know that there are no viruses and maybe there is a program that has a conflict with Windows 10. Best wishes.
 
Status
Not open for further replies.
Top