Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Potential virus Lenovo laptop

2304 Views 27 Replies 2 Participants Last post by  DR.M
J
ok, so i have a lenovo laptop. it’s around 6 years old, and the past few days it’s been making a whirring noise. wasn’t too often at first, but now it’s all the time. to the point to where when i tried to open a browser on it just now, my cpu usage/memory/disk usage all shot up to like 70% each and the fan was whirring fairly loudly too.

the reason i think it’s a virus is because, just before this started happening, i watched a show on some website and might’ve accidentally clicked something.

i did a malware check on it through windows security, but no viruses came up.

any help is greatly appreciated! ❤
Save
Like
Status
Not open for further replies.
1 - 20 of 28 Posts
DR.M
Ji, JessieLand.

Welcome to TSG Forum.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it's safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
See less See more
Save
Like
  • Like
Reactions: 1
J
Ok, done and done. It's entirely possible it just needs a cleaning and a quick hit from a compressed air can. But i'd rather err on the side of caution

Attachments

Save
Like
DR.M
Hi, JessieLand.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

========================

My first comments/instructions regarding your logs:

1. μTorrent

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2.2 below.

2. Uninstall programs

2.1. McAfee Security Scan Plus

You are using a method to bypass the activation of this program. Using not legally activated programs is the best way to infect your computer with malware, especially if you do this for a security program. Besides, you have Windows Defender to protect you, so no need for anything else.

Use Method 2 here to remove McAfee.

2.2. Adobe Flash Player and Java

Adobe Flash Player is no longer supported and it's a security risk to have it installed.

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version at the end of the cleaning process.

To uninstall these programs:
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Code: 
Adobe Flash Player 32 NPAPI
Adobe Flash Player 32 PPAPI
Java 8 Update 271 (64-bit)
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Download the attached fixlist and save it on your Desktop, next to the FRST tool.
  • Right-click on FRST on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please attach the log in your next reply.

In your next reply please post:
  1. What you decided to do with the Torrent program
  2. If the uninstall procedure ran smoothly
  3. The fixlog.txt

Attachments

See less See more
Save
Like
  • Like
Reactions: 1
J
Ok, so I uninstalled utorrent, mcaffee, and java.

the uninstallation process was good. though, at one point windows defender told me about a "vigua.a" that was tryna run on my laptop. quick google search told me that it was a virus :(

i removed it through the security program, but still really high disk usage on my laptop (90-100%) most of the time, as it was doing before.

Attachments

Save
Like
DR.M
You uninstalled also Flash Player, right?

What do you mean by "high disk usage"?

Moving on. First, make sure that you don't have other disks connected (e.g. external disks, USB drives...)

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
See less See more
Save
Like
J
I did uninstall the flash player. and by high disk usage, i meant when i go to task manager, my disk usage there hovers at close to 100% usually

Attachments

Save
Like
DR.M
Many things were found.

I have a lot of things for you to do here and I hope you are ready! Let's clean! :)

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I removed everything I don't use/need. Your computer, your decision, however.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

3. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

4. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The eset.txt
  4. The fresh FRST logs, Addition and FRST
See less See more
Save
Like
J
Ok, 5 hour scan later and im done lol. and here's the eset text file, which you told me to copy paste here. :)

Log
Scan Log
Version of detection engine: 24477 (20211218)
Date: 12/18/2021 Time: 2:41:14 PM
Scanned disks, folders and files: C:\;WMI database;System registry
C:\DumpStack.log.tmp - unable to open [4]
C:\FRST\Quarantine\C\Users\Jessica\Downloads\Fire Emblem (U) [!]_2523393450.exe.xBAD - Win32/InstallCore.Gen.B potentially unwanted application - action selection postponed until scan completion
C:\ProgramData\Microsoft\Network\Downloader\edb.log - unable to open [4]
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db - unable to open [4]
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4]
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat - unable to open [4]
C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\Cache\903456cdfd7678a3_COM15.dat - unable to open [4]
C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\Cache\903456cdfd7678a3_COM15.dat.LOG1 - unable to open [4]
C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\Cache\903456cdfd7678a3_COM15.dat.LOG2 - unable to open [4]
C:\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-3060644131-313098636-946249231-1001\SystemAppData\Helium\Cache\93ed971c35ae33a8_COM15.dat - unable to open [4]
C:\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-3060644131-313098636-946249231-1001\SystemAppData\Helium\Cache\93ed971c35ae33a8_COM15.dat.LOG1 - unable to open [4]
C:\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-3060644131-313098636-946249231-1001\SystemAppData\Helium\Cache\93ed971c35ae33a8_COM15.dat.LOG2 - unable to open [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{434658f9-5dc4-11ec-9d51-4c3488f00e41}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{5515ff45-5f6f-11ec-9d53-4c3488f00e41}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{75987707-5f7c-11ec-9d55-4c3488f00e41}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{efdda50e-5f09-11ec-9d52-4c3488f00e41}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{efdda75b-5f09-11ec-9d52-4c3488f00e41}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\Users\Jessica\AppData\Local\Comms\UnistoreDB\USS.jtx - unable to open [4]
C:\Users\Jessica\AppData\Local\Comms\UnistoreDB\store.jfm - unable to open [4]
C:\Users\Jessica\AppData\Local\Comms\UnistoreDB\store.vol - unable to open [4]
C:\Users\Jessica\AppData\Local\Comms\UnistoreDB\tmp.edb - unable to open [4]
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13284339063209226 - unable to open [4]
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13284332428797286 - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]
C:\Users\Jessica\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\2655e7384c1dbaf85b5eac2c8127c42a_fce8395f8fd8a9b7_c232ed39b8117ed9_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\2655e7384c1dbaf85b5eac2c8127c42a_fce8395f8fd8a9b7_c232ed39b8117ed9_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_ee48b965fb597a48_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_ee48b965fb597a48_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_7022198784b2fe69_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_7022198784b2fe69_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_7022198784b2fe69_1_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_7022198784b2fe69_1_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_68740e2963065a0d_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_68740e2963065a0d_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_eeda6bc6971ef91d_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_eeda6bc6971ef91d_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\2655e7384c1dbaf85b5eac2c8127c42a_fce8395f8fd8a9b7_377f220ab15a6e55_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\NVIDIA Corporation\NV_Cache\2655e7384c1dbaf85b5eac2c8127c42a_fce8395f8fd8a9b7_377f220ab15a6e55_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\6f037500da48a127\EntClientDb.edb - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\6f037500da48a127\EntClientDb.jfm - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\6f037500da48a127\edb.log - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\6f037500da48a127\tmp.edb - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_196b83a47ca4dea7_0_0.bin - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\NVIDIA Corporation\NV_Cache\d57c60d46defbf8f5001f1153ef0fa4b_fce8395f8fd8a9b7_196b83a47ca4dea7_0_0.toc - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\Jessica\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\Jessica\Downloads\Detection.exe - a variant of Win64/SystemRequirementsLab.A potentially unwanted application - action selection postponed until scan completion
C:\Users\Jessica\Downloads\dosketope\Apps\uTorrent.exe - a variant of Win32/uTorrent.C potentially unwanted application - action selection postponed until scan completion
C:\Users\Jessica\NTUSER.DAT - unable to open [4]
C:\Users\Jessica\ntuser.dat.LOG1 - unable to open [4]
C:\Users\Jessica\ntuser.dat.LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - unable to open [4]
C:\Windows\System32\catroot2\edb.log - unable to open [4]
C:\Windows\System32\catroot2\edbtmp.log - unable to open [4]
C:\Windows\System32\catroot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\config\BBI - unable to open [4]
C:\Windows\System32\config\BBI.LOG1 - unable to open [4]
C:\Windows\System32\config\BBI.LOG2 - unable to open [4]
C:\Windows\System32\config\DEFAULT - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG1 - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG2 - unable to open [4]
C:\Windows\System32\config\SAM - unable to open [4]
C:\Windows\System32\config\SAM.LOG1 - unable to open [4]
C:\Windows\System32\config\SAM.LOG2 - unable to open [4]
C:\Windows\System32\config\SECURITY - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG1 - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG2 - unable to open [4]
C:\Windows\System32\config\SOFTWARE - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - unable to open [4]
C:\Windows\System32\config\SYSTEM - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG1 - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG2 - unable to open [4]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG1 - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG2 - unable to open [4]
C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\swapfile.sys - unable to open [4]
C:\FRST\Quarantine\C\Users\Jessica\Downloads\Fire Emblem (U) [!]_2523393450.exe.xBAD - Win32/InstallCore.Gen.B potentially unwanted application - deleted
C:\Users\Jessica\Downloads\Detection.exe - a variant of Win64/SystemRequirementsLab.A potentially unwanted application - deleted
C:\Users\Jessica\Downloads\dosketope\Apps\uTorrent.exe - a variant of Win32/uTorrent.C potentially unwanted application - deleted
Number of scanned objects: 603348
Number of detections: 3
Number of cleaned objects: 3
Time of completion: 8:15:28 PM Total scanning time: 20054 sec (05:34:14)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

Attachments

See less See more
Save
Like
DR.M
Hi, Jessica.

You did a good job! (y)

It seems that you didn't deleted the items detected by Malwarebytes:

Threats Detected: 30
Threats Quarantined: 0

You will have to do the scan once more and delete everything. The instructions here (step 2).

Then, after the cleaning, I will need fresh FRST logs.
Save
Like
J
Oopsie! lol

Attachments

Save
Like
DR.M
Can I see the Malwarebytes report after the cleaning, please? I want to confirm that everything is deleted.
Save
Like
J
oh, yeah. gotcha

Attachments

Save
Like
DR.M
Thank you.

Give me a couple of hours to review your new logs.
Save
Like
J
no worries! thank you for all this amazing help! dont have any money atm, as im between jobs, and you and this forum are life savers! <3
Save
Like
  • Like
Reactions: 1
DR.M
Jessica,

It seems that for some reason you installed and ran the Eset Security trial version instead of the online scanner I asked you.

What does this mean?
  • You have installed a trial version of Eset Security. When the days of trial are over, the program will not protect you.
  • Windows Defender, the Windows 10 built-in antivirus you had as your security solution, automatically disabled itself, to let Eset take action.

What you can do:
  • Uninstalled Eset Security and let Windows Defender take action again.
  • Buy Eset Security (the license is for a year) and keep it as your security solution.

From what you already told me, I assume that you would like to uninstall Eset. In this case, please follow the steps here to completely uninstall Eset Security: [KB2289] Manually uninstall your ESET product using the ESET uninstaller tool

Let me know if you decided to keep or uninstall Eset. If you decided to uninstall it, please let me know if the uninstall procedure went fine.
See less See more
Save
Like
J
I uninstalled it. $50 is definitely outta budget for me atm. uninstalled just fine as well. no issues at all
Save
Like
DR.M
Good. Besides, Windows Defender along with Malwarebytes can keep you safe.

Can I see fresh FRST logs now please?

Also please tell me if there are any remaining issues regarding the computer.
Save
Like
J
Here ya go.

when i launch games on it, the laptop does get a bit hot. i dont know if i should expect that, and my pc will be fine. or if there's something special i gotta do to protect it.

Attachments

Save
Like
DR.M
Games usually use a lot of resources, and I can't say that your computer is a computer for gaming. Consider that RAM is only 8GB. Personally, I find this "difficulty" to run when playing games completely normal. But, if you would like to ask specifically about that, you can do it at the Games section of the Forum, as soon as we finish from here.

Let's finish it. :)

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
Shortcut: C:\Users\Jessica\Documents\Games, bruh\НастройкиFallout 4.lnk -> C:\Program Files (x86)\Fallout 4\Fallout4Launcher.exe (No File) <==== Cyrillic
Task: {73341987-2653-4286-BF91-DC14C000AAAC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [X]
S2 FastbootService; "C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe" [X]
S2 LenovoPortalService; "C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe" [X]
2021-12-19 06:00 - 2021-12-19 06:00 - 001053600 _____ (ESET) C:\Users\Jessica\Downloads\esetuninstaller.exe
2021-12-19 05:57 - 2021-12-19 05:59 - 000000000 ____D C:\Users\Jessica\Desktop\eset export
2021-12-18 20:22 - 2021-12-18 20:22 - 000015432 _____ C:\Users\Jessica\Desktop\eset.txt
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
See less See more
Save
Like
1 - 20 of 28 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top