Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Suddenly starting up very slowly


  • Please log in to reply
5 replies to this topic

#1 Parsifal

Parsifal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 12 March 2018 - 05:50 AM

Hi, I encountered this problem rather randomly this morning when I switched my PC on, normally it starts up to desktop within a matter of seconds once windows begins to boot however this time and upon rebooting my PC is taking roughly 12-15 minutes to boot into windows desktop, while this is happening the indicator light on the case seems to be loading quite a lot and once the windows splash screen finishes i end up at desktop with just a mouse cursor and a black screen while it takes another 6-7 minutes for it to fully get into the desktop, once that's done loading the PC runs normally from there. I haven't changed or installed any software in the last week and I'm at a loss to as to why it's suddenly acting this way. The only odd thing I've noticed is in the event viewer, there are several new entries which I hadn't seen before in the rest of the logs but I cant make heads or tails of them. I have attached a copy of the hijack this and mini toolbox logs, hope someone can make sense of it all. If it would help I can do boot log too. Edit: Safe mode appears to boot normally. Any advice or help would be most
Edit: Attached boot log
 
Thanks guys.

Attached Files


Edited by Parsifal, 12 March 2018 - 06:16 AM.
Moved from Windows 7 forum as logs posted.


BC AdBot (Login to Remove)

 


#2 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:13 AM

Posted 12 March 2018 - 06:41 PM

Hello Parsifal and :welcome: to Bleeping Computer!

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

Some set of instructions may be long or you can stay without Internet connection for a while so I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please read the instructions carefully and follow the directions in the order listed.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.


Follow the instructions below to download and execute a scan on your system with FRST, and provide the two logs in your next reply.

  • Download FRST 64-bit for your system and move the executable FRST64.exe on your computer Desktop;
  • Right-click on the executable and select Run as Administrator;
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please attach both FRST.txt and Addition.txt in your next reply and wait for further instructions;

 

Thank you.

Android8888
(Rui)


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#3 Parsifal

Parsifal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 13 March 2018 - 12:41 AM

Hi Android, thanks for your reply! I've followed your instructions and have attached the 2 FRST log files. I also ran malware bytes and trend micro online virus scan which turned up nothing thus far.

Thanks again! Kind regards, Parsifal.

Attached Files



#4 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:13 AM

Posted 14 March 2018 - 06:06 PM

Hi Parsifal. Thank you for your patience.

Just a note: Since HijackThis is completely outdated for detecting malware and is also no longer supported, you can delete it.

That being said, I do not see signs of malware in your logs.


You have System Restore disabled. This is a very important feature of Microsoft Windows that allows the user to revert the computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems.

 

Please enable System Restore. You can read here on how to do it: https://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html


Going over your logs I also noticed that you have qBittorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use it, it will be just a question of time so you get infected.
I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until we finished the cleanup process.


Please run the following scans in the order listed in Normal mode.


Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file at the bottom of this post, and save it on your computer Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.

 

Next,
Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it finds. They may not all be malicious and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.
  • Please attach the RKlog.txt to your next reply.

In your next reply please attach the following logs for my review:
Fixlog.txt
AdwCleaner clean log
RogueKiller log (RKlog.txt)

How is the computer running now? Does it still taking to much time to boot into Windows Desktop?

Android8888

(Rui)

Attached Files


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#5 Parsifal

Parsifal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 17 March 2018 - 02:52 AM

Hi Android apologies for my late reply, I managed to get it working normally again before your last post buy using CClean and Spybot but to be on the safe side I've also done as you requested to be on the safe side and have attached the logs, I'm still not sure what was the cause but I'm just happy that its working well again. Thanks very much for your kind help.

 

Warm Regards, Parsifal.

Attached Files



#6 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:13 AM

Posted 17 March 2018 - 08:59 AM

Hello Parsifal.

Thank you for providing me those logs.

I'm glad to hear the computer is running better but we still have some work to do, yet. You need to remove some entries that RogueKiller found and then run another couple of scans as follow.

 

  • Click on Remove Selected button.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please attach the RKlog.txt to your next reply.


Please download Zemana.Antimalware.Portable and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Wait a few seconds until the update of database signature is complete.
  • Without changing any options, click the Scan button to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your computer's Desktop and click the Save button.

Please attach the saved report in your next reply.


Next,

Please scan your computer with ESET Online Scanner to search for leftovers. This is a very thorough scan and can take several hours to complete so please be patient.

  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
  • Close all your programs and browsers and disconnect any USB flash drives from the computer.
  • Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
  • Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.
  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan or another as long as you remember it in case you need to search for it. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your Antivirus program.


To summarize please attach the following logs to your next reply for my review:
RKlog.txt
Zemana log
ESET log (if it produced one)
 
 
Android8888
(Rui)


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users