Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Disk Usage


  • Please log in to reply
8 replies to this topic

#1 sdutcher

sdutcher

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 18 November 2017 - 12:27 PM

High Disk Usage with very little open. It also takes a long time for everything to load before the Laptop is even usable.

 

The user had clicked on a fake Symantec Cleaner with a number they had called (to their credit they didn't enter her credit card and shutdown the Laptop). I ran Malwarebytes and Antivirus scans, but didn't find much. Microsoft Office was corrupted and WiFi stopped working. I was able to repair Office and WiFi is working but the icon in the sys tray shows a red x.

 

User has the following McAfee Anti-Theft, McAfee Central McAfee LiveSafe and McAfee WebAdvisor currently running, but I believe they are all expired. Running Malwarebytes free.

 

Any advice would be helpful. Please let me know if there are any scans or logs that are needed.



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:27 AM

Posted 19 November 2017 - 11:01 AM

I'm guessing you are repairing this computer for someone else?

 

Do you know if the online "tech" loaded anything on this computer?

 

What scans did you run and what was found?  If you logs for any of these scans please post these in this topic.

 

Have you tried to do a System Restore?  This would be the first thing I'd try in a situation like this.

 

Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

ZQk62WV.png

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 sdutcher

sdutcher
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 19 November 2017 - 01:28 PM

Yes I am working on this Laptop for someone else. I did do a system Restore first then ran the adw. Here is the log file from the first time after after the restorel

 

# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 11 03:29:43 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d23716qn9q7omq.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3324 B] - [2017/11/11 3:28:38]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
This is the second time that I ran later:
 
# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 11 03:28:38 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-10-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d23716qn9q7omq.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

I just re-ran it today with the following

 

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 19 18:01:40 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-17-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3305 B] - [2017/11/11 3:29:43]
C:/AdwCleaner/AdwCleaner[C1].txt - [1664 B] - [2017/11/12 22:23:50]
C:/AdwCleaner/AdwCleaner[S0].txt - [3324 B] - [2017/11/11 3:28:38]
C:/AdwCleaner/AdwCleaner[S1].txt - [1526 B] - [2017/11/12 22:22:13]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
BTW: I was able to fix the issue with the WiFi, it no longer has the red x (went to support.dell.com, found and ran the latest drivers) 


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:27 AM

Posted 19 November 2017 - 01:44 PM

So the problem is resolved?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 sdutcher

sdutcher
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 19 November 2017 - 02:39 PM

it is still running at a high disk usage from time to time with very little running. 



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:27 AM

Posted 19 November 2017 - 02:44 PM

Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download.

When Speccy opens you will see a screen similar to the one below.

 speccy-v131.png

Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.

 speccy2.png

The following screen will appear, click on Yes.

 speccy3.png

The following screen will appear, click on Copy to Clipboard.

In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 sdutcher

sdutcher
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 19 November 2017 - 03:05 PM

http://speccy.piriform.com/results/CXMx1TeLrO6NMKP0YpQdt5U



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:27 AM

Posted 20 November 2017 - 11:21 AM

The Speccy doesn't show anything I would be concerned about.

 

What do you consider high usage for the Disk?

 

Please open the Task Manger and select the Processes tab.  Use the Snipping Tool to create a image of this and post it in this topic.

 

You can post the screenshot in your next post as an attachment.

Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options.

posting-options1.png

When you click on More Relpy Options you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you want to post, then click on Attach This File, then Add Reply.

posting-options2.png


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 jenae

jenae

  • Members
  • 624 posts
  • ONLINE
  •  
  • Local time:06:27 PM

Posted 20 November 2017 - 05:48 PM

Hi, well when I run through speecy, I see McAfee active and windows defender. You also have McAfee firewall active as well as windows firewall. McAfee is supposed to disable defender when it is installed. Two firewalls and two AV's will cause the problems you report.

 

McAfee is probably the worst AV for home use, you would be better served by completely removing it, defender offers just as good if not superior protection, and importantly integrates very well into windows. Using windows firewall is more then sufficient as well.

 

Google for McAfee's uninstall util it is essential that you use this to be rid of it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users