Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC slow, often hanging, and multiple (large) instances of Chrome


  • Please log in to reply
83 replies to this topic

#16 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 September 2017 - 11:34 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017
Ran by Tom Read (13-09-2017 17:26:24) Run:2
Running from C:\Users\Tom Read\Downloads
Loaded Profiles: Tom Read (Available Profiles: Tom Read)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

Hosts:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.


The system needed a reboot.

==== End of Fixlog 17:27:09 ====



BC AdBot (Login to Remove)

 


m

#17 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 13 September 2017 - 12:45 PM

Any remaining issues?

#18 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 September 2017 - 01:31 PM

Things seem to be running smoothly.  Still just on Firefox atm.  I'm just waiting to see if everything seizes up again and I have to kill the browser process from the Task Manager.



#19 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 September 2017 - 03:38 PM

Yeah, I've suffered two big "hangs" since the post above, both of which required me to kill off the Firefox processes (now multiple, in contrast to what I reported earlier) in order to free up the running of the PC once more.

 

Attached Files



#20 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 14 September 2017 - 07:42 AM

Hi,

These Chrome entries were probably not deleted when you removed Chrome.


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (BestY NewTab) - C:\Users\Tom Read\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajcmdlkeklfmbjffnlofgfkjcnpfckab [2017-07-26]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-829265061-3599930395-3358602587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
2017-07-26 10:04 - 2017-08-17 23:39 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists please run this program.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please let me know if the problem persists with this computer.

#21 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 September 2017 - 03:49 AM

Attached File  Fixlog_19-09-2017 09.42.09.txt   7.14KB   2 downloads



#22 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 19 September 2017 - 06:54 AM

Hi,

Any remaining issues?

#23 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 September 2017 - 08:38 AM

Did the FRST thing first.  Still the same issue after that.

 

Just done the RogueKiller thing, report attached.

 

Attached File  ReportRogue.txt   3.78KB   4 downloads

 

 

It only seems to have pulled up a couple of McAfee things - these were auto-installed on my computer when I downloaded Adobe Acrobat earlier today when I needed to view and print some PDFs.  (Strangely there did not seem to be an option to 'opt-out' - I definitely downloaded from Adobe's official site).

 

Anyway, I removed the items when prompted to in RogueKiller anyway.

 

Any more problems?  Running OK right now, but we will see later if Firefox starts swelling and multiplying again forcing me to kill the processes.



#24 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 September 2017 - 10:22 AM

No, still the same problem.



#25 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 19 September 2017 - 12:05 PM

Hi,

Run the Farbar program and post fresh FRST and Addition.txt logs for my review.

Check the box to create a fresh Addition.txt log.

#26 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 September 2017 - 02:25 PM

Attached File  Addition.txt   38.01KB   1 downloads

 

Attached File  FRST.txt   63.76KB   2 downloads



#27 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 20 September 2017 - 07:14 AM

Hi,

If present, remove these programs in bold via the Control Panel > Programs > Programs and Features.
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.3 - McAfee, Inc.)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2017-08-30] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404368 2017-08-21] (McAfee, Inc.)
2017-09-19 10:58 - 2017-09-19 10:58 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-09-19 10:58 - 2017-09-19 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-19 10:57 - 2017-09-19 10:57 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-19 10:33 - 2017-09-19 10:33 - 000000000 ____D C:\Users\Tom Read\AppData\Local\McAfee_Inc
2017-09-19 10:32 - 2017-09-19 10:32 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2017-09-19 10:32 - 2017-09-19 10:32 - 000001109 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2017-09-19 10:30 - 2017-09-19 10:30 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run the RogueKiller one more time.
If you still see sign of McAfeeSafeConnect

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
McAfeeSafeConnect
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Please let me know what problem persists with this computer.

#28 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 26 September 2017 - 04:48 PM

I followed the rest of the instructions too, but there was no sign of the McAfee products after I uninstalled them:

 

Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
Ran by Tom Read (26-09-2017 14:51:13)
Running from C:\Users\Tom Read\Downloads
Boot Mode: Normal

================== Search Registry: "McAfeeSafeConnect" ===========


====== End of Search ======

Attached Files



#29 nasdaq

nasdaq

  • Malware Response Team
  • 37,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 PM

Posted 27 September 2017 - 07:12 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#30 m1eyp

m1eyp
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 27 September 2017 - 07:21 AM

Unfortunately not.  I still have this issue where every so often (sometimes an hour, sometimes just a few minutes) my PC slows down to a standstill, and I have to kill several instances of Firefox (some very large) from the task manager.  The problem is now worse than how it was when I initially reported it when I was using Chrome as my browser.  Chrome is not on my PC at present, although IE is.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users