[SOLVED] Need help in ruling out malware as the source of severe system slowdown during downloads

[AlucardSX]

Weirdly enough, whether or not I'm logged into my (only) Edge account, there's no Avira Password Manager anywhere to be found. The only reason I can think of is, that since all my Edge extensions were imported from Chrome when Edge switched to Chromium and I decided to give it a (short lived) tryout, my something went wrong with this particular extension and now there are some remnants laying dormant somewhere in the background.
As for the rest:

DISM:


sfc /scannow:


chkdsk: Unfortunately, we've got a bit of a problem here. The original language of my Windows installation was German. But since Microsoft, in their infinite wisdom, decided to automatically tie their first party games' language to the system's language, and I like to play games in their original language, I decided a while ago to simple switch Windows to English, since I don't really care either way. Annoyingly, though, it seems like chkdsk still saves its log in German, which I only realized afterward. Not sure how you want to handle this. Maybe deepl.com would be enough to get the gist of it, otherwise I could offer to help translate. For now, here's the log:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 9/8/2023 10:21:48 PM >------
Category: 0
Computer Name: DESKTOP-4F0VDIR
Event Code: 1001
Record Number: 142922
Source Name: Microsoft-Windows-Wininit
Time Written: 09-08-2023 @ 20:20:52
Event Type: Information
User:
Message:

Dateisystem auf C: wird überprüft.
Der Typ des Dateisystems ist NTFS.

Eine Datenträgerüberprüfung ist geplant.
Die Datenträgerüberprüfung wird jetzt ausgeführt.

Phase 1: Die Basisdatei-Systemstruktur wird untersucht...
Instanzkennung für Datei 0x983d wird aufgeräumt.
Instanzkennung für Datei 0x391f6 wird aufgeräumt.
1570816 Datensätze verarbeitet.


Dateiüberprüfung beendet.
Phasendauer (Datei-Datensatz Überprüfung): 11.05 Sekunden.
33762 große Datensätze verarbeitet.


Phasendauer (Wiederherstellung für verwaisten Datei-Datensatz): 0.00 Millisekunden.
0 ungültige Datensätze verarbeitet.


Phasendauer (Prüfung auf falschen Datei-Datensatz): 0.40 Millisekunden.

Phase 2: Die Dateinamenverknüpfung wird untersucht...
108585 Analysedatensätze verarbeitet.


2065308 Indexeinträge verarbeitet.


Indexüberprüfung beendet.
Phasendauer (Indexüberprüfung): 31.69 Sekunden.
0 nicht indizierte Dateien überprüft.


Phasendauer (Wiederverbindung für verwaisten Datensatz): 6.53 Sekunden.
0 nicht indizierte Dateien wiederhergestellt.


Phasendauer (Wiederherstellung für verwaiste Datensatz): 5.12 Sekunden.
108585 Analysedatensätze verarbeitet.


Phasendauer (Überprüfung von Analysepunkts und Objekt-ID): 137.38 Millisekunden.

Phase 3: Sicherheitsbeschreibungen werden untersucht...
2891 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt.
2891 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt.
2891 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt.
CHKDSK komprimiert den Datenstrom für die Sicherheitsbeschreibung
Überprüfung der Sicherheitsbeschreibungen beendet.
Phasendauer (Überprüfung für Sicherheits-Deskriptor): 143.64 Millisekunden.
247247 Datendateien verarbeitet.


Phasendauer (Datenattributüberprüfung): 0.46 Millisekunden.
CHKDSK überprüft USN-Journal...
Die Überprüfung von USN-Journal ist abgeschlossen.

Phase 4: Es wird nach fehlerhaften Clustern in Benutzerdateidaten gesucht...
1570800 Dateien wurden verarbeitet.


Dateidatenüberprüfung beendet.
Phasendauer (Benutzerdateiwiederherstellung): 58.38 Minuten.

Phase 5: Es wird nach fehlerhaften, freien Clustern gesucht...
118461171 freie Cluster verarbeitet.


Verifizierung freien Speicherplatzes ist beendet.
Phasendauer (Wiederherstellung von freiem Speicherplatz): 0.00 Millisekunden.
Fehler in Volumebitmap werden berichtigt.

Es wurden Korrekturen am Dateisystem vorgenommen.
Es sind keine weiteren Aktionen erforderlich.

1952419503 KB Speicherplatz auf dem Datenträger insgesamt
1476156388 KB in 985892 Dateien
706264 KB in 247250 Indizes
0 KB in fehlerhaften Sektoren
1712163 KB vom System benutzt
65536 KB von der Protokolldatei belegt
473844688 KB auf dem Datenträger verfügbar

4096 Bytes in jeder Zuordnungseinheit
488104875 Zuordnungseinheiten auf dem Datenträger insgesamt
118461172 Zuordnungseinheiten auf dem Datenträger verfügbar
Gesamtdauer: 59.29 Minuten (3557620 ms).

Interne Informationen:
00 f8 17 00 a0 d0 12 00 f9 6e 20 00 00 00 00 00 .........n .....
18 07 00 00 11 a1 01 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------

 

[DR M]

Hi! No problem! I used Google translation!

This is what I would like you to see:

Es wurden Korrekturen am Dateisystem vorgenommen.
Es sind keine weiteren Aktionen erforderlich.

Which means:

Corrections were made to the file system.
No further action is required.


Although the report says that no further action is required, the fact that corrections were made to the system is a kind of an alert. The disk started to have issues. So, I strongly recommend you to backup everything you need on an external drive, in case the disk fails suddenly. I'm not saying that this will happen tomorrow or in a week or in a month, but it's good and important to be ready.

What you can do regularly from now on, and from time to time, is having a disk check using a free third party software, so you can take precautions if there is a failure sign.

• Download CrystalDiskInfo from here and save it to your Desktop.
• Run the installer to install the program.
• When finished, open the installed program by double clicking on it.
• If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
• The program will also show the disk temperature, so please take a not of that too.
• You can check all your hard disks with this way, not only C.
• Do that from time to time, so you can be aware of your disk's health. As soon as you see anything else than Good, you must replace the disk immediately.

How is the computer running now??

 

[AlucardSX]

CrystalDiskInfo shows my Windows SSD at Good 99% and running at 50°C, so that should hopefully be fine for now (as much as that missing 1% offends my OCD ). I hope it keeps going a while yet, since it's only a bit over 2 years old. I'll definitely keep checking. All other Drives are at Good as well, except for the 2TB HDD, which is at Caution. But that comes as no surprise. It's my oldest disk by far, and I had already planned on replacing it soon. Everything else about the system seems to be running fine as well. I can't really test for the download slowdowns right now, since I just booted up my PC and it always took a while for the slowdowns to occur. But since they were gone during the two trial downloads yesterday and the day before, fingers crossed that they stay gone.

 

[AlucardSX]

Forgot to add: I have it set so my Documents folder, game saves, etc., are regularly backed up to OneDrive, so there should hopefully be no bad awakening there.

And also: thank you so much for everything you've done. I've fixed a lot of PC troubles with the help of the internet over the years, but I've never seen such systematic, thorough support anywhere as I have on here. You're awesome!

 

[DR M]

Excellent!

So, you are already prepared. Do not wait very long to replace the problematic disk, however. Better now, rather than when you will not be able to do anything because of its failure.

And also: thank you so much for everything you've done. I've fixed a lot of PC troubles with the help of the internet over the years, but I've never seen such systematic, thorough support anywhere as I have on here. You're awesome!

You are very welcome!

Now, let's finish it:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

 

[AlucardSX]

Done.

# Run at 9/10/2023 7:28:35 PM
# KpRm (Kernel-panik) version 2.15.0
# Website https://kernel-panik.me/tool/kprm/
# Run by aluca from C:\Users\aluca\Desktop
# Computer Name: DESKTOP-4F0VDIR
# OS: Windows 10 X64 (19045) (10.0.19045.3324)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\aluca\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2023-09-10-19-28-35

- Delete Tools -


## AdwCleaner
[OK] C:\Users\aluca\Desktop\AdwCleaner.exe deleted
[OK] C:\Users\aluca\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## ESET Online Scanner
[OK] C:\Users\aluca\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\aluca\Desktop\esetonlinescanner.exe deleted
[OK] C:\Users\aluca\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\aluca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
[OK] C:\Users\aluca\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\aluca\Desktop\Addition.txt deleted
[OK] C:\Users\aluca\Desktop\Fixlog.txt deleted
[OK] C:\Users\aluca\Desktop\FRST.txt deleted
[OK] C:\Users\aluca\Desktop\FRST64.exe deleted
[OK] C:\Users\aluca\Downloads\Addition.txt deleted
[OK] C:\Users\aluca\Downloads\FRST.txt deleted
[OK] C:\Users\aluca\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

## ListParts
[OK] C:\Users\aluca\Downloads\p95v294b7.win64\results.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Removed Java 8 Update 181 (64-bit) created at 09/06/2023 12:43:40 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_07/09/2023_11:54:41 created at 09/07/2023 09:54:50 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 09/10/2023 17:29:01

-- KPRM finished in 47.38s --

 

[DR M]

Excellent!

Now, the computer is clean. You can download the latest version of Java, but only if you really need it. You mentioned that you need it for some games. Have you tried to play now you don't have Java installed? If it's not needed, then, my recommendation is not to install it.

Note in case you choose to install Java: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

And now, it is time for my favorite "speech".

Some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like qBitTorrent, Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.


I'm glad I was able to help you.

 

[AlucardSX]

Thanks for the tips, I'll definitely keep them in mind. And again, thank you very much for your help. I've made a small donation to the cause, please distribute equally between keeping the boards running and acquiring enough beer to drown the tech support blues

 

[DR M]

Again, you are very welcome!

Thanks for the donation to the Sysnative Forums. Donations keep it alive!