Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Not sure if I have malware!

Started by rogerbid , May 12 2020 01:27 AM

  • Please log in to reply

#91
rogerbid
Posted 29 May 2020 - 04:44 PM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Thank you Ron,

It will take a while to work through this list and I will get a reply off to you later today,

Best wishes,

Roger
  • 0

Advertisements

#92
rogerbid
Posted 30 May 2020 - 01:11 AM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Hello Ron,

 

Here are the files/reports you asked for:

 

Temperatures:  With no programs running:  hovered around 48deg C and was seen to go to 50 briefly

                         Whilst running an AV Scan for 5 mins plus: hovering between 69 and 71, fan speed 2597rpm

                         Whilst running fixlist: mostly around 55deg but finished at 65 on completion after 45 minutes.

 

FRST64 reports:  FRST.txt and Addition.txt attached

 

Latency Monitor: Drivers tab screenshot attached

                            Processes tab screenshot attached

                            Report pasted at end of this reply

 

Process Explorer: Hardware Interrupts and DPCs.txt attached (VPN enabled, not sure if I should have disabled it!)

 

Thanks as always,

 

Roger

 

 

Latency Monitor report:

 

_________________________________________________________________________________________________________

CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:01:18  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DESKTOP-7AI4U6K
OS version:                                           Windows 10 , 10.0, build: 18363 (x64)
Hardware:                                             X551CAP, ASUSTeK COMPUTER INC.
CPU:                                                  GenuineIntel Intel® Pentium® CPU 2117U @ 1.80GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  3981 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1796 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   685.20
Average measured interrupt to process latency (µs):   4.967474
 
Highest measured interrupt to DPC latency (µs):       660.60
Average measured interrupt to DPC latency (µs):       1.566986
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              38.162584
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.030798
Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.031562
 
ISR count (execution time <250 µs):                   2264
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              686.060134
Driver with highest DPC routine execution time:       ntoskrnl.exe - NT Kernel & System, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.045540
Driver with highest DPC total execution time:         ntoskrnl.exe - NT Kernel & System, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.124109
 
DPC count (execution time <250 µs):                   33499
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                14
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 latmon.exe
 
Total number of hard pagefaults                       7
Hard pagefault count of hardest hit process:          3
Number of processes hit:                              4
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.581498
CPU 0 ISR highest execution time (µs):                38.162584
CPU 0 ISR total execution time (s):                   0.049247
CPU 0 ISR count:                                      2264
CPU 0 DPC highest execution time (µs):                686.060134
CPU 0 DPC total execution time (s):                   0.185876
CPU 0 DPC count:                                      33074
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.088505
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                78.591871
CPU 1 DPC total execution time (s):                   0.007771
CPU 1 DPC count:                                      439
_________________________________________________________________________________________________________
 

 

 

 

Attached Thumbnails

  • Drivers tab.jpg
  • Processes tab.jpg

Attached Files


  • 0

#93
RKinner
Posted 30 May 2020 - 06:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I'm missing the fixlog.  Also the FRST & Addition.txt logs are not new.  They are the same as previously posted.

 

Forgot to respond to your earlier comment.  Don't think there is any hope for the US unless we are able to vote out our wanna-be-Hitler-but-more-like-Nero president in November.  Besides being a total idiot and disgraceful liar he is enabling and encouraging racists and bigots.  Just hope that if he does lose the election that he steps down and doesn't start a civil war.


  • 0

#94
rogerbid
Posted 30 May 2020 - 06:50 AM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Very sorry Ron, I don't know how I attached old logs, and how I missed the dialog!

It's nearing 11pm here so will get the correct files off to you in the morning. I think I will start from scratch again.

Bye for now,

Roger
  • 0

#95
RKinner
Posted 30 May 2020 - 09:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

New FRST scan is OK but please try and find the original fixlog.


  • 0

#96
rogerbid
Posted 30 May 2020 - 03:49 PM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Hello Ron

 

Here are the logs from yesterday.  Sorry I attached the wrong files!

 

I hear you re your President and can appreciate your situation, surely he wont win another term??

 

Thanks again,

 

Roger 

Attached Files


  • 0

#97
RKinner
Posted 30 May 2020 - 09:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I think this is the support page for your PC:

 

https://www.asus.com...pDesk_Download/

 

I think you need the latest BIOS:

Version 211 2019/06/03

Your current BIOS is from 2014.

 

and perhaps the Touchpad Driver:

Version V4.0,5 2015/07/23

 

Make sure you have Ublock Origin as an Extension for Edge.

 

See if Ucheck finds any updates you need:

https://www.adlice.com/download/ucheck/ 

Free version is all you need.  I'd get

UCheck.exe (portable 64 bits) since it won't need to be uninstalled.  Download Save Right click and Run As Admin then hit Scan.  Once it finishes

Click on Updates then Select All, Update All.  There may be one or two that need you to go to their website to update.  Watch out for optional software that needs to be unchecked before downloading.

 

See if you can rebuild the font cache using either of the two methods on

https://troubleshoot...-in-windows-10/

 

Then rerun Latency Monitor.  I want to see if that removes fontdrvhost from the list of hard pagefaults.

Also give me a new Process Explorer.

 

We certainly hope he doesn't get reelected but the fear is that he will cheat plus he has so much money that he can bribe most people.  He is already running reelection ads on TV


  • 0

#98
rogerbid
Posted 31 May 2020 - 12:44 AM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Hello Ron,

 

Thank you again.  I am hesitating updating the BIOS and Touchpad because my laptop is marked F551C but the download link is for a X551CA.  Obviously something in the reports has told you the laptop details but I thought it wise to check with you that it will be OK to proceed.  Maybe the 551 is the critical identification and the other letters signify whether it has a DVD player, case color etc?  (I cannot see an ASUS support page specifically for a F551C.)   Is it likely that an incorrect BIOS update etc will do irreparable harm and would a System Restore Point be a useful safeguard?  While awaiting your advice I will go ahead with your other suggestions,

 

Thanks,

 

Roger


  • 0

#99
rogerbid
Posted 31 May 2020 - 04:24 AM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Back again!

 

I didn't have total success with the tasks you set me this time!  Ucheck went OK, but I ran into problems with the rebuild of the Font Cache.

 

I went to the Troubleshoot website and initially opted to follow Method 2.  This failed with the following error message:

 

     Rebuild Font Cache Failed screenshot.JPG

 

I then thought nothing ventured nothing gained and followed Method 1 until....

 

at Step 6."Do the same (Follow the steps 3 to 5) Windows Presentation Foundation Font Cache 3.0.0.0."  for there was no such Service, see the attached screenshot.

 

      No Presentation Foundation.JPG

 

Then Step 8 delete Font Cache and .dat files - no such files present

 

     No Font Cache dat files.JPG

 

Continuing to Step 9, deleting .dat files in the Font Cache 3 files would not delete although I could see no evidence that the files were open anywhere.  (I subsequently deleted these 3 files after rebooting)

 

      3 files will not delete.JPG

 

Undaunted, I rebooted and restarted the Font Cache Service, setting it to Automatic, but still there was no Presentation Foundation Font Cache.

 

After all this I ran Latency Monitor and Process Explorer and the files are attached as requested.

 

I am not sure what is the effect of the missing Windows Presentation Foundation Font Cache, but I have so far seen no adverse results from the actions I have taken!

 

Sorry to bring you these problems!  all the best,

 

Roger

 

 

 

Attached Thumbnails

  • Drivers Tab 2.jpg
  • Processes tab 2.jpg

Attached Files


  • 0

#100
RKinner
Posted 31 May 2020 - 08:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

System Restore would not help with a bad BIOS update.  Usually tho the PC makers use the same BIOS for all versions of a motherboard.  I was going by something that Latency Monitor said.  Go to the ACER site and put in the info from your PC and see if you get a different BIOS.  (Some sites will detect your PC or will use the serial number to show you just the updates that apply.)

 

I expect the bat file failed because they forgot to tell you to Right click and Run As Admin.  I will have to go through both methods and see where they go wrong but appears that what you were able to do worked.  Interrupts is now below the magic 1.4 mark even with the VPN running.

 

If you are happy with how it is running now then we can stop.  No need to mess with the BIOS.


  • 0

Advertisements

#101
rogerbid
Posted 01 June 2020 - 03:12 AM

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi Ron,

I am relieved that I didn't proceed with the BIOS update after all, I suspected the System Restore would only cover changes to the operating system etc after the system booted up. I have been unable to find any BIOS download specifically aimed at the F551C so will play safe and stick with what I have. As you say, the system seems to be so much better with your help and I am very happy to end this thread.

I am very grateful to you for your help, you have been very thorough and taken me to areas in the system I never knew existed.

Thanks again,

Roger
  • 0

#102
RKinner
Posted 01 June 2020 - 05:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

This is my standard goodbye post:

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.  Latency Monitor should be uninstalled.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee (now renamed Intel) Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.  (Doesn't yet work with the newer version of Facebook so best to revert back to the old version)


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.   If you don't know how, visit the router maker's website.  Most have detailed step by step instructions or a wizard you can download.  If you need help come back here and tell me the make and model number of the router.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want Open Shell: 

https://github.com/O...Open-Shell-Menu

This program will make Win 10 act like Win 7 with the same controls you are used to.



Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP