Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% disk usage, suspected malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 fragonborn93

fragonborn93

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 03 April 2016 - 07:12 AM

My task manager is showinf 100% disk usage almost all the time, causing sluggishness and a slow running laptop. I have tried various fixes I have found such as disabling superfetch and windows search, removing onenote. Nothing seems to be working. AVG and malwarebytes aren't showing any malware however I still worry that it is malware causing the problem as nothing else seems to be working. 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:43 AM

Posted 04 April 2016 - 04:21 AM

Hello fragonborn93 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

I don’t see any sign of malware but there are a few bits that need tidied up and we can run a couple of scans to be sure that there is no adware on your computer.

Some observations though:

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

=========================

There is also a folder containing TuneUp Software and although it is not installed I have included it in the fix.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

One of the malware experts, miekiemoes, has an excellent write-up here
Another from quietman7 here

=========================

You have AVG Internet Security but your logs shows that Windows firewall is enabled. I doubt that this is the case as antivirus, (AV), software usually disables it on installation but it may be worth checking as you cannot have two firewalls working at the same time.

=========================

The final observation is regarding AVG Internet Security. Did you pay for this? AVG is known for high CPU usage and sluggishness. Try temporarily disabling it and see if things run better, (don’t use the Internet whilst it is disabled).

===================================================

Let’s tidy up what was found and run a couple of scans.

Note: Please follow these instructions in the order given.

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

SearchScopes: HKU\S-1-5-21-3989097712-1605438262-2017125512-1001 -> DefaultScope {1C35C1FF-8640-496F-871E-467E14BD45BB} URL =
SearchScopes: HKU\S-1-5-21-3989097712-1605438262-2017125512-1001 -> {1C35C1FF-8640-496F-871E-467E14BD45BB} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
2016-04-03 11:25 - 2016-04-03 11:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-04-03 11:25 - 2016-04-03 11:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
Task: {297AE8E4-7150-4A85-9776-434F1E5FD0F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3DE6CBBD-DCDB-4E55-99F1-9E889CD3BA33} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {535FBA6B-2DE9-4F59-A277-3F558BDE6E28} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {70955B8E-3B23-4F2B-BA24-B7C4BE8F17BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {751EF91A-8EE9-4E39-AE4D-3B49C4D3916C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {82AA7544-0461-48D2-B603-C5444DE6172B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9185A5E1-10D6-4B2A-BD8E-AC612E278A02} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B6A7D6D0-1965-4D53-B8C9-652EDBA0223E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C734CBA3-9B84-4967-87C3-CA4A1A07F1A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E18826E6-CE1C-4B98-8E08-396D1467FDCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5EA760E-A9A2-4B74-9C92-7F91838C297E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED3F9116-E45F-4729-9B30-F8A5D86CD2D3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF993630-0BD5-4AB1-AD6F-ACFA1C2CC497} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\Public\ASR.dat
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Logs to include with next post:

Frst.txt

AdwCleaner log
JRT.txt


Thanks

Satchfan


Edited by satchfan, 04 April 2016 - 04:21 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 fragonborn93

fragonborn93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 04 April 2016 - 08:28 AM

I had already removed utorrent before sending this, and I had also removed AVG as I knew that sometimes that can use massive disk usage. To clarify, nothing is appearing to be using the disk usage in task manager, and I would have imagined that would have appeared anyway.

 

Adwcleaner:

 

# AdwCleaner v5.108 - Logfile created 04/04/2016 at 14:13:47
# Updated 30/03/2016 by Xplode
# Database : 2016-04-03.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : silvercharm99 - CHLOE
# Running from : C:\Users\chloe\Downloads\adwcleaner_5.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Hola
[-] Folder Deleted : C:\Program Files\Hola
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\chloe\AppData\Local\Hola
[#] Folder Deleted : C:\Users\chloe\AppData\Local\Hola
[-] Folder Deleted : C:\Users\chloe\AppData\Roaming\Hola
[#] Folder Deleted : C:\Users\chloe\AppData\Roaming\Hola
[-] Folder Deleted : C:\Users\chloe\Desktop\S5
[#] Folder Deleted : C:\Users\chloe\Desktop\S5
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Hola
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2583 bytes] - [04/04/2016 14:13:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [7755 bytes] - [27/01/2016 12:09:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2729 bytes] ##########
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by silvercharm99 (Administrator) on 04/04/2016 at 14:19:22.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/04/2016 at 14:22:18.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by silvercharm99 (2016-04-04 14:05:55) Run:1
Running from C:\Users\chloe\Desktop
Loaded Profiles: silvercharm99 (Available Profiles: silvercharm99 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-3989097712-1605438262-2017125512-1001 -> DefaultScope {1C35C1FF-8640-496F-871E-467E14BD45BB} URL =
SearchScopes: HKU\S-1-5-21-3989097712-1605438262-2017125512-1001 -> {1C35C1FF-8640-496F-871E-467E14BD45BB} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
2016-04-03 11:25 - 2016-04-03 11:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-04-03 11:25 - 2016-04-03 11:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
Task: {297AE8E4-7150-4A85-9776-434F1E5FD0F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3DE6CBBD-DCDB-4E55-99F1-9E889CD3BA33} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {535FBA6B-2DE9-4F59-A277-3F558BDE6E28} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {70955B8E-3B23-4F2B-BA24-B7C4BE8F17BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {751EF91A-8EE9-4E39-AE4D-3B49C4D3916C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {82AA7544-0461-48D2-B603-C5444DE6172B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9185A5E1-10D6-4B2A-BD8E-AC612E278A02} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B6A7D6D0-1965-4D53-B8C9-652EDBA0223E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C734CBA3-9B84-4967-87C3-CA4A1A07F1A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E18826E6-CE1C-4B98-8E08-396D1467FDCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5EA760E-A9A2-4B74-9C92-7F91838C297E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED3F9116-E45F-4729-9B30-F8A5D86CD2D3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF993630-0BD5-4AB1-AD6F-ACFA1C2CC497} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\Public\ASR.dat
EmptyTemp:
*****************
 
HKU\S-1-5-21-3989097712-1605438262-2017125512-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3989097712-1605438262-2017125512-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C35C1FF-8640-496F-871E-467E14BD45BB}" => key removed successfully
HKCR\CLSID\{1C35C1FF-8640-496F-871E-467E14BD45BB} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
C:\Users\Default\AppData\Roaming\TuneUp Software => moved successfully
"C:\Users\Default User\AppData\Roaming\TuneUp Software" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297AE8E4-7150-4A85-9776-434F1E5FD0F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297AE8E4-7150-4A85-9776-434F1E5FD0F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE6CBBD-DCDB-4E55-99F1-9E889CD3BA33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE6CBBD-DCDB-4E55-99F1-9E889CD3BA33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{535FBA6B-2DE9-4F59-A277-3F558BDE6E28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{535FBA6B-2DE9-4F59-A277-3F558BDE6E28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70955B8E-3B23-4F2B-BA24-B7C4BE8F17BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70955B8E-3B23-4F2B-BA24-B7C4BE8F17BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{751EF91A-8EE9-4E39-AE4D-3B49C4D3916C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751EF91A-8EE9-4E39-AE4D-3B49C4D3916C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82AA7544-0461-48D2-B603-C5444DE6172B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AA7544-0461-48D2-B603-C5444DE6172B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9185A5E1-10D6-4B2A-BD8E-AC612E278A02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9185A5E1-10D6-4B2A-BD8E-AC612E278A02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6A7D6D0-1965-4D53-B8C9-652EDBA0223E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6A7D6D0-1965-4D53-B8C9-652EDBA0223E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C734CBA3-9B84-4967-87C3-CA4A1A07F1A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C734CBA3-9B84-4967-87C3-CA4A1A07F1A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E18826E6-CE1C-4B98-8E08-396D1467FDCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E18826E6-CE1C-4B98-8E08-396D1467FDCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5EA760E-A9A2-4B74-9C92-7F91838C297E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5EA760E-A9A2-4B74-9C92-7F91838C297E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED3F9116-E45F-4729-9B30-F8A5D86CD2D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED3F9116-E45F-4729-9B30-F8A5D86CD2D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF993630-0BD5-4AB1-AD6F-ACFA1C2CC497}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF993630-0BD5-4AB1-AD6F-ACFA1C2CC497}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"C:\Users\Public\ASR.dat" => not found.
EmptyTemp: => 4.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:06:07 ====
 
 
 
 
Thank you for your help!


#4 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:43 AM

Posted 04 April 2016 - 11:08 AM

I had also removed AVG as I knew that sometimes that can use massive disk usage. To clarify, nothing is appearing to be using the disk usage in task manager, and I would have imagined that would have appeared anyway.

I hope you have enabled Windows Defender: that's the only one you'll need as it's an excellent antivirus, (AV). In reply to Task Manager, not everything shows up there, (especially malware).

The first scan cleaned a fair bit and restored nearly 5 GB of space, (that's 1 GB more than I had on my first PC :crazy: ).

Normally I'd get you to run Malwarebytes, (MBAM), and an Eset scan to be sure but as you say that you've run Mbam and it found nothing, added to the fact that Eset is already on your computer I'm assuming that also found nothing.

My Windows 10 often shows high usage but I've been a bit lazy about looking into which services are required and which aren't so I'm still using my Windows 7 for a lot of what I do.

Is the situation the same? If it is, I think your best move would be to ask for some expert advice in either our Windows 10 forum and see if they can shed any light on what's using it as I'm confident that there is no malware.

Let me know what you decide.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 fragonborn93

fragonborn93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 04 April 2016 - 12:24 PM

Currently the disk usage is a lot lower, however sometimes it was dropping to about 10% for half an hour before going back up! I will wait a few hours and hopefully the issue has resolved but if it starts showing high usage again I will take your advice and pop over to the windows 10 forums and see what they say! Thanks again for your help!



#6 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:43 AM

Posted 04 April 2016 - 04:56 PM

Thanks again for your help!

 

You're welcome.

I'll leave this open for 24 hours in case there is anything else.

Take care

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:43 AM

Posted 06 April 2016 - 01:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users