Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 - its time to reach out for hel


  • Please log in to reply
19 replies to this topic

#1 AquarianJD

AquarianJD

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 April 2018 - 05:20 AM

Hi all, 

 

I am having a number of issues with an ACER aspire one s1003 that came with a preinstalled version of windows 10.

 

Symptoms of the problem include:

 

1. Random icons appear in the start app list, desktop and tile list that I cannot uninstall and tend to be weblinks upwards in size of 100MB to MSN, Amazon or other type sites (they are not links to this site)

2.The time is constantly disconnecting from the timeweb server - randomly jumping to the past or near future. When time is corrected app icons flicker wherever they are displayed

3. Wifi and networking devices disappear completely at random reappearing at start up. Safe mode does not recognise any network adapters when started in networking mode

4. Error messages indicating a failure to update appear for my antivirus and malware scanners (Defender and previously kapersky and Malwarebytes). The applications themselves do not indicate a problem with updates and successfully update (very quickly) - which generates another failure event. The scans are completed very quickly. 

5. Drivers are all over the place - Bluetooth seems to be constantly migrating devices and and requiring further installation even though no Bluetooth devices are attached to the device (ie. Device BTH\MS_BTHBRB\6&10b60113&0&1 requires further installation."

6. My administrative profile does not have access to change a number of basic settings unless in safe mode

7. Cmd prompt never elevates to administrative level - but displays that it is so. 

8. App lists show no installed apps. 

9. Popups are relentless when googling - often covering information without the ability to close on known sites. 

10. Data use is off the scale - idle with no apps running wireshark can indicate up to 100MB being sent in a 5 minute period with the IPs returning only generic UCP and TCP traffic

and on and on it goes. 

 

Bizarrely - items 2,3,9,10 also occur on my iPhone - and on my android with the addition of 4 and 8 but I need to focus on the laptop for now.

 

What I have done to date:

1. Scanned with Antivirus (Kaspersky first clean install - then Avast - Now defender). Same update errors in event viewer and PFRO.txt - scans rapid (under a minute) if in full scan mode and all return no issues found and database up to date

2. Ran windows offline scan - whilst running indicated 9 issues found. End result reports no issues found. Same with safety scanner

3. Reset the PC to the factory settings using the UI and recovery interface. Operating system runs smoothly until rebooted. Then all hell breaks loose.

3. Started fresh with complete data wipe using the UI and clean install in the recovery interface. Operating system runs smoothly until rebooted. Then all hell breaks loose. 

4. Tried to do a clean install of windows - this particular laptop is very particular about the USB it will boot from. Managed to boot from USB only for the file to be unrecognised.  

5. Returned the PC to the ACER to have a clean install of the image. Turns out they took two weeks to do what I had done in step 2. Back to the drawing board. 

 

Hopefully I don't sound like a madman - can someone help me out?


Edited by britechguy, 11 April 2018 - 08:00 AM.
Moved from Win10 to AII, as this has all the hallmarks of an infection of some kind.


BC AdBot (Login to Remove)

 


#2 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 13 April 2018 - 07:17 AM

No takers?



#3 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 16 April 2018 - 12:18 PM

Wow what a mess. I will see what I can do to try and help.
 
Are you know starting from Step 5 or ?

Please follow the steps below to help troubleshoot your system. Let me know if you have any questions.

Step 1:
Speccy
Download Speccy to your desktop

1. File > Save Snapshot. This will create a file called [hostname].speccy
2. File > Publish Snapshot. This saves your snapshot to their servers
3 Copy and Paste the link to your next Reply

Step 2:
Click on Start menu
Type command to start searching
Right click on command prompt in list and select Run Administrator
Copy and Paste each the commands below into the command prompt and press Enter key

1. sfc /scannow (best to run 2-3 times, rebooting after each time)

(Windows 8 or higher)
2. dism /online /cleanup-image /restorehealth

When these have completed:
Right click on the top bar command window
Left click on Edit then Select All
Right click on the top bar again
Left click on edit then copy
paste into your reply

If any Errors are found with sfc /scannow then:
Type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
Upload sfcdetails.txt from your desktop

Step 3:
Download Process Explorer to your desktop

1. Right Click on the procexp64.exe or procexp.exe and Select Run As Administrator
3. In the View menu click on Select Columns
4. Check Verified Signer, Virus Total and Click OK
5. Select Options Menu and Check Verify Image Signatures, VirusTotal.com > Check Virustotal.com
6. Double Click on the CPU Column to sort by highest CPU usage.
7. (Highest CPU Processes should be at the top once sorted properly)
8. Wait approximately a minute
9. Select Save or Save As from the File menu
10. Save SystemIdleProcess.txt to Desktop
11.Upload or Paste to next reply

Step 4:
Download Event Viewer Tool to your desktop

1. Right click on Vew.exe program and select Run as Administrator
2.. Under Select log to query
3. select System
4. Under Select type to list
Select:
* Error
* Warning
Choose the Number of events as follows:
Click on number of events
Type 20 in the box (1 to 20)
Click the Run button (Notepad will open the log)
Upload files to next reply
Rename to SystemLog.txt or it will be overwritten

Run the above steps again Except at step 3.
Select Application
Rename log file to ApplicationLog.txt
Upload or Paste to next reply

Next Steps if Needed

We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#4 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 08:20 AM

my apologies for the delay- thank you for getting back to me! I have been traveling and its been a little hectic. I will be getting into these instructions toight and post the results in about an hour

 

Are you know starting from Step 5 or ?

 

 

well not so much starting from but have resigned myself to the default position of 5 and no better off than when i attempted to fix it lol

 

And I'm having a hell of time downloading speccy. So far Winpurifier abd a Trojan have come in its place (see screenshot on Trojan) This is from hitting the green download button - save, save target as. File gets scooped up as atrojan or installs this winpurifier without propmping. 

 

Trojandetails-defenderautomaticallydeletesthisfile

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fFuery.A!cl&threatid=2147718513

 

winpurifiers

www.winpurifier.com/1089/?utm_source=1089hp&utm_campaign=1089hp_us&utm_medium=1089_new

 

no speccy and computer is lagging like crazy


Edited by AquarianJD, 20 April 2018 - 08:57 AM.


#5 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 20 April 2018 - 11:15 AM

It sounds like you may still have some malicious stuff in your computer. We need to make sure all of that is cleaned up first before attempting repairs. I can help but I am limited to some of the advanced tools I can use. If you prefer you can post to the malware forum. I am confused though if you are starting from Step 5 below you should have a fresh clean factory image? If this is incorrect let me know exactly where you are starting from and if you would prefer to start fresh with a clean install and work from there which is what I recommend or how you want to continue.

 

5. Returned the PC to the ACER to have a clean install of the image. Turns out they took two weeks to do what I had done in step 2. Back to the drawing board.
 

 

And I'm having a hell of time downloading speccy. So far Winpurifier abd a Trojan have come in its place (see screenshot on Trojan) This is from hitting the green download button - save, save target as. File gets scooped up as atrojan or installs this winpurifier without propmping. 

I just tested the filehippo link and have used it as well as many others for a long time without issue. Here is the direct link to the providers download. Although I recommend you download it from another computer since you are having issues.

https://www.ccleaner.com/speccy/download/portable


We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#6 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 01:16 PM

Success with speccy at last

 

http://speccy.piriform.com/results/WmgAOckgdTsAGRZbEBCtxY0


Success with speccy at last

 

http://speccy.piriform.com/results/WmgAOckgdTsAGRZbEBCtxY0



#7 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 20 April 2018 - 01:19 PM

Good, but Please answer my questions so I know how to help.


We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#8 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 20 April 2018 - 01:26 PM

These Win Purifier entries still remain in your scheduled tasks and need to be Removed. I assume 
 
Scheduled Tasks:
21/04/2018 12:00;: Win Purifier_DEFAULT
25/04/2018 20:35;: Win Purifier_UPDATES
Spiceworks Surface Scan Launcher
Win Purifier

Download Autoruns to your Desktop
  • Extract the Autoruns Zip file contents to a folder.
  • Right-click the Autoruns.exe and Select Run As Administrator
  • Make sure Hide Microsoft Entries is Checked Under the Options Menu
  • After Scanning is Finished
  • Go to File then Save
  • Save AutoRuns.am file to your Desktop
  • Compress to a .zip file
  • Upload file to your next reply

    See Tutorial for more information

We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#9 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 01:27 PM

My apologies I thought you were asking about where I was up to trying to resolve it on on my own. I end up in the same position without installing anything other than Malwarebytes and iTunes at every clean install so I will complete all the necessary scans as something just isn't right that it deteroriates in an identical way each time. 

 

A few additional things I have noticed - big thngs actually. my scanners keep being uninstalled as if never installed - ie. I have Malwarebytes and Kaspersky subscriptions and installs and both disappear completely on reboot and I doubt windows defender is actually scanning my device in less than 20 seconds with no infections. 

 

I am using nord VPN on al devices which is possibly the common connection. On my android device I found the manifest riddled with spelling errors (ie. "Boradcast.recievers") I contacted Nord and the answer is very strange - that they had overlooked the spelling errors and would fix them otherwise they are of no considequence - odd for a google manifest to be so casually calling on none existent google permissions and proceses. Withut sounding paranoid - could the vpn be compromising the devices? something seems inauthentic about the comms with them (but it just be them I guess)

 

I will complete the scans. I can repost this in the MWB forum now?



#10 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 20 April 2018 - 01:49 PM

It does not make sense that you are continuing having issues even after a clean install? Did you completely wipe your drive before performing the install? If you did not download the install from Microsoft then that could be an issue. I happy to help you try to clean it or you can work with the malware team if you do not want to clean install but something was missed with your session. As I showed above the scheduled tasks were one area. If yo provide the autoruns it will give me a more detailed look and we can proceed from there.

We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#11 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 02:42 PM

My apologies I thought you were asking about where I was up to trying to resolve it on on my own. I end up in the same position without installing anything other than Malwarebytes and iTunes at every clean install so I will complete all the necessary scans as something just isn't right that it deteroriates in an identical way each time. 

 

A few additional things I have noticed - big thngs actually. my scanners keep being uninstalled as if never installed - ie. I have Malwarebytes and Kaspersky subscriptions and installs and both disappear completely on reboot and I doubt windows defender is actually scanning my device in less than 20 seconds with no infections. 

 

I am using nord VPN on al devices which is possibly the common connection. On my android device I found the manifest riddled with spelling errors (ie. "Boradcast.recievers") I contacted Nord and the answer is very strange - that they had overlooked the spelling errors and would fix them otherwise they are of no considequence - odd for a google manifest to be so casually calling on none existent google permissions and proceses. Withut sounding paranoid - could the vpn be compromising the devices? something seems inauthentic about the comms with them (but it just be them I guess)

 

I will complete the scans. I can repost this in the MWB forum now?



#12 evaqueen8933j

evaqueen8933j

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 20 April 2018 - 02:46 PM

Hi buddy you should activate windows 10 by using Microsoft toolkit, its free software.

 

Download page; Microsofttoolkit.info

 

thanks



#13 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 03:15 PM

Auto-runscomplete

 

attached

 

Even-with-formatted-hard-drive-windows-10-seems-to-draw-information-from-remote-server and then it slowly unfolds into this buggy mess of a machine. 

 

https://drive.google.com/file/d/1A7h9N-TO-3NBiwpful34p_F9OPkNUhyo/view?usp=sharing

 

 

 

 



#14 dmccoy

dmccoy

  • BSOD Kernel Dump Expert
  • 1,020 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 20 April 2018 - 03:53 PM

That is very strange that it happens right after a clean install. I assume not until you connect to the internet? I see you have iDrive backup, I wonder if something might be malicious in there and it is syncing to your computer or do you sync? I do not see much with Autoruns other then I highly recommend uninstalling PC Doctor. We will try some scans and see what they show.

 

Download MiniToolBox by Farbar and save it to your desktop.

Run as Administrator to start the tool

  1. Select to Run All options
  2. Click Go and wait patiently
  3. Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.
  4. Upload or Paste the Results.txt to your next reply

 

Rkill

  1. Download Rkill from the below link.
    https://www.bleepingcomputer.com/download/rkill/I
  2. Double click on Rkill program to stop the malicious programs from running
  3. RKill will now start working in the background, please be patient while it looks for malicious process and tries to end them
  4. When the Rkill tool has completed its task, it will generate a log
  5. Do Not Reboot your computer or the malware programs will start again
  6. Upload or Paste your Log file to next reply

 

Adware Cleaner

Download Adware Cleaner to your desktop.

  1. Important! close all open programs and internet browsers 
  1. Double click on AdwCleaner.exe to run the tool
  2. Right-click on program and select Run As Administrator.
  3. Click on the scan button
  4. When the scan is ready click on the Clean button
  5. Upload or Paste the log in your next reply.

 

Junkware Removal Tool

https://www.bleepingcomputer.com/download/junkware-removal-tool/

  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

 

Please download Malwarebytes Anti-Malware to your desktop.

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

  • Launch Malwarebytes Anti-Malware Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has Started
  • Click on the Settings button
  • Click on Protection tab
  • Enable the Scan for rootkits
  • select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
  • After the restart, Open Malwarebytes
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)

 

Zenmana Cleaner

Download and install Zemana anti-malware from here.

  • Double-click to run the software;
  • Click on the gear-icon on the top right portion to navigate to Settings. Click on Scan > put a tick on Create System Restore
  • Click the home icon on top left and click on Scan
  • After scan finishes click on the report tab on the top right corner;
  • Choose the latest report by clicking on it and click on Open Report afterward.
  • Upload or Paste the log in your next reply.

 


We are all volunteers so please by kind, courteous and respectful of all staff and members

 

I try to respond in 24-48 hours normally and I am more active on weekdays than weekends. However, sometimes due to my health, family or life it may take me a little longer. If you have not heard from me within 72 hours then please PM me a reminder. 

 

BC BSOD Posting Instructions 


#15 AquarianJD

AquarianJD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 April 2018 - 04:12 PM

Iliterallyjustcreatedthedriveaccount

 

againthankyouforyourpatienceandassistance-normallyknowhowtoresolveissuesbutthisoneispersistantandnasty.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users