Solved Need Help to Clean Malware Disk Usage Shows 100% For 10

Hewlett-packard 2000-210us 15.6" charcoa...
November 15, 2017 at 17:49:30
Specs: Windows 10, 4 G
I had your help to clean malware last year.

In recent days, laptop start up may be slower than normal. Disk Usage showed 100% about 10 minutes then back down to level below 20%

Although currently it did not make my laptop too slow, I doubt my laptop got malware.

I'd appreciate your instructions.
Best Regards,

Truc C. Nguyen


See More: Need Help to Clean Malware Disk Usage Shows 100% For 10

Reply ↓  Report •

✔ Best Answer
November 21, 2017 at 06:54:56
To finish off Truc, I have been using the Wise tools on every comp I fix for many, many years.
CCleaner is now owned by Avast & they are trying to force their stuff unto you.
CCleaner Now Offering Avast Free Antivirus in Typical Adware Push
http://news.softpedia.com/news/ccle...

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...

Extract from your Addition log. Are these deliberately blocked?
FirewallRules: [UDP Query User{9EB56804-0035-475C-897F-0EB9F147F828}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [TCP Query User{BA4B0F25-4752-4028-A919-B9EDE9FC1EED}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe

Extract from the fixlog.
"EmptyTemp: => 49.3 GB temporary data Removed"
That is huge, these settings together with using the Wise tools once a month, will keep it in shape.
Here are temp file settings for a normal user, adjust to suit your requirements.
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Chrome is not so straight forward, as you found out, last time we did them.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

message edited by Johnw



#1
November 15, 2017 at 20:48:03
When this happens go to Task Manager and see which particular item is causing the CPU to go up to 100%.

No harm running these three old standards in the order given:

AdwCleaner:
https://www.malwarebytes.com/adwcle...
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.com/junkwa...
The download is just below the Forums blue button (where it says "Click here"). Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

If any of them find something please copy/paste the associated logs on here.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#2
November 16, 2017 at 01:54:23
Could be a steam update.
Allocating diskspace uses 100% for me if steam is updating a game.

i5-6600K@4.7GHz/4.5GHz cache@1.355v | 2x4GB Crucial-DDR4-2133@ 14-14-14-29 1T 2800MHz@1.345v | ASUS Z170-K | Samsung 250GB SSD 850 EVO | MSI Radeon RX 570 ARMOR 4GB@1330cc&1895mem | Corsair CX450 450W


Reply ↓  Report •

#3
November 16, 2017 at 14:12:29
erm... for the benefit of those of us here who have managed to move into petrol, diesel, and finally nuclear and solar ages - what is this reference to steam all about?

I know we used to have steam radio... (at least in the UK) but steam computers?


Reply ↓  Report •

Related Solutions

#4
November 16, 2017 at 14:37:13

Reply ↓  Report •

#5
November 16, 2017 at 15:45:12
oh dear.... wot 'appened to all those nice reliable olde windup toys and manual games...

Reply ↓  Report •

#6
November 16, 2017 at 18:00:30
Derek,

Below are results of AdwCleaner
When I download JRT.exe Window 10 showed the line at bottom
"This type of file can harm your computer. Do you want to keep JST.exe anyway? Keep Discard
I discarded it to wait for your confirm. Thanks

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 17 01:34:20 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d386fcgv8lq3dy.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1eyd0ubk0bkpv.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d386fcgv8lq3dy.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\searchenginejournal.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.searchenginejournal.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1eyd0ubk0bkpv.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d386fcgv8lq3dy.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\searchenginejournal.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.searchenginejournal.com


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [9318 B] - [2016/9/30 20:54:56]
C:/AdwCleaner/AdwCleaner[S0].txt - [8771 B] - [2016/9/30 20:53:1]
C:/AdwCleaner/AdwCleaner[S1].txt - [5647 B] - [2017/11/17 1:26:19]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Truc C. Nguyen


Reply ↓  Report •

#7
November 16, 2017 at 18:15:03
There are some answers about steam. I have no idea about Steam!

Truc C. Nguyen


Reply ↓  Report •

#8
November 16, 2017 at 18:19:45
JST.exe is not a Windows file so let it remove it (which I think is what you've done).

I don't really think what ADWCleaner removed would have caused the reported problem but let us know how you get on now.

Did MalwareBytes find anything?

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#9
November 16, 2017 at 18:48:59
Out of curiosity, what, exactly, is using your disk during those 10 minutes?

How To Ask Questions The Smart Way


Reply ↓  Report •

#10
November 16, 2017 at 19:44:24
"I discarded it to wait for your confirm'

Junkware Removal Tool to be discontinued
https://www.malwarebytes.com/junkwa...
Malwarebytes has chosen to discontinue Junkware Removal Tool (JRT) by announcing the end of maintenance as of October 26, 2017.
https://i.imgur.com/0IM0M5X.gif


Reply ↓  Report •

#11
November 17, 2017 at 06:04:37
Johnw

JRT seem to contradict themselves. On the link I gave they say "Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018". I assumed we could still use it until then and had modified my link accordingly("Click here" under the blue Forums button).

Do you think it best if we stop using it immediately and have they incorporated it in ADWCleaner?

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#12
November 17, 2017 at 06:44:45
They do seem to contradict themselves Derek, I no longer use it, as ADWCleaner has it covered.
"If you are using JRT, we recommend switching to Malwarebytes AdwCleaner version 7 or higher. It’s free and incorporates all major JRT functionalities."

Reply ↓  Report •

#13
November 17, 2017 at 07:36:12
@ Derek/Johnw - ewes-full diskusion re' JRT etc... Tak to both of yews for the info...

trvlr


Reply ↓  Report •

#14
November 17, 2017 at 08:10:48
John

I do like the idea of having a choice about what to remove which ADW gives and was never the case with JRT. I'll ditch JRT too - thx.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#15
November 17, 2017 at 16:25:30
Sorry for late response because I am being on travel and less access internet

After running AdwCleaner and posting the results on #6, My laptop Window 10 restarted and went through Window update.

Now it looked better when the laptop boots up, Disk goes up 100%, I end process Window installer and Disk back down 10%

What should I do next? Thanks,

Truc C. Nguyen


Reply ↓  Report •

#16
November 17, 2017 at 16:29:00
"What should I do next? Thanks"
Run Malwarebytes as previously requested.

Reply ↓  Report •

#17
November 17, 2017 at 16:39:04
If you still have a problem after running MalwareBytes tell us which item is causing the high CPU usage.
See the first line of my response #1.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#18
November 17, 2017 at 16:48:57
I download MalwareBytes and going to run it now

Truc C. Nguyen


Reply ↓  Report •

#19
November 17, 2017 at 16:56:13
I forgot to ask you if I must turn off Window Defender before installing MalwareBytes

Thank you all

Truc C. Nguyen


Reply ↓  Report •

#20
November 17, 2017 at 17:13:37
Nope, it is quite OK to keep Windows Defender on whilst you run it.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#21
November 17, 2017 at 18:00:45
Derek

Below are results after run MalewaresByte and Quarantine 4 threats and restart my Laptop

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/17/17
Scan Time: 8:19 PM
Log File: 91a601a4-cbfe-11e7-a94f-204747c69673.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3286
License: Trial

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: MRMONEY-MSLUCKY\timot

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446183
Threats Detected: 4
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 34 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0

Truc C. Nguyen


Reply ↓  Report •

#22
November 17, 2017 at 18:06:36
"Threats Detected: 4
Threats Quarantined: 0"
They need to be Quarantined.

Reply ↓  Report •

#23
November 17, 2017 at 18:07:57
EDITED:
Thx John

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#24
November 17, 2017 at 18:19:36
Re-send to you after quarantine

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/17/17
Scan Time: 8:19 PM
Log File: 91a601a4-cbfe-11e7-a94f-204747c69673.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3286
License: Trial

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: MRMONEY-MSLUCKY\timot

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446183
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 34 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.PCBooster, C:\USERS\TIMOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_www.pcbooster.com_0.localstorage, Quarantined, [7825], [257018],1.0.3286
PUP.Optional.PCBooster, C:\USERS\TIMOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_www.pcbooster.com_0.localstorage-journal, Quarantined, [7825], [257018],1.0.3286
PUP.Optional.FullTab, C:\USERS\TIMOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [2093], [443391],1.0.3286
PUP.Optional.FullTab, C:\USERS\TIMOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [2093], [443391],1.0.3286

Physical Sector: 0
(No malicious items detected)


(end)

Truc C. Nguyen


Reply ↓  Report •

#25
November 17, 2017 at 18:25:27
Is PCBooster something you added knowingly?
I'll await the CPU info requested.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#26
November 17, 2017 at 18:42:25
Currently, Disk goes to 100% when start up but goes down afterward. It looks better
CPU is fine It always around 62%

I have 3 browsers: Google Chrome, Microsoft Edge, and Internet Explore. I recognize that each time start Internet Explore it would make Disk goes to 100% when start up and take more CPU than other browsers

Truc C. Nguyen


Reply ↓  Report •

#27
November 17, 2017 at 19:13:41
Thank you Derek Johnw and all

Truc C. Nguyen


Reply ↓  Report •

#28
November 17, 2017 at 19:30:59
More work to be done Truc.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not your Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using this. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#29
November 18, 2017 at 06:49:16
Install CCleaner & use it regularly. The latest "slim" version hasn't been released yet so you have the choice between the standard & portable versions. The standard version has bundled software so be sure to uncheck the boxes. The portable version can be put on a USB jumpdrive or run directly from the PC. It doesn't get installed so after it's downloaded & unzipped, you will have to open the folder & double click on CCleaner.exe or CCleaner64.exe. Check or uncheck the boxes in the left column, then run the cleaner & the registry scanner & remove everything they find. Then click Tools > Startup & review the list of startup apps. Very few are actually needed. If you need a hand sorting them out, click "Save to text file" in the lower right corner, then copy/paste the results in your post. After cleaning & tweaking the startup apps & scheduled tasks, restart the computer.

https://www.piriform.com/ccleaner/b...

"Is PCBooster something you added knowingly?"

PCBooster is one of those snake-oil programs that claims to make your computer perform better. Hopefully it was completely removed.


Reply ↓  Report •

#30
November 18, 2017 at 10:32:42
Johnw

Similiarly, when I download FRST64.exe Window 10 showed the line at bottom
"This type of file can harm your computer. Do you want to keep JST.exe anyway? Keep Discard
I discarded it to wait for your confirm. Thanks

Truc C. Nguyen


Reply ↓  Report •

#31
November 18, 2017 at 13:58:10
"This type of file can harm your computer"
Once again, a false positive Truc.

Reply ↓  Report •

#32
November 19, 2017 at 10:04:32
Johnw,

Below is the link including two files: Addition.txt (37.826 KB) and FRST.txt (50.989 KB)
http://www.fileconvoy.com/dfl.php?i...
Thanks,

Truc C. Nguyen

message edited by Truc Nguyen


Reply ↓  Report •

#33
November 20, 2017 at 16:34:32
If this has been done, thank you all!!

Truc C. Nguyen


Reply ↓  Report •

#34
November 20, 2017 at 16:55:42
Still wondering if you've bothered to check out what's using all of that disk time for those 10 minutes.

How To Ask Questions The Smart Way


Reply ↓  Report •

#35
November 20, 2017 at 16:59:20
Next step Truc.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
GroupPolicyUsers\S-1-5-21-3146283584-3349612830-1043305185-1002\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3146283584-3349612830-1043305185-1001 -> DefaultScope {5F60F5C5-B9CC-48D3-B672-97EF10E543B4} URL =
SearchScopes: HKU\S-1-5-21-3146283584-3349612830-1043305185-1001 -> {5F60F5C5-B9CC-48D3-B672-97EF10E543B4} URL =
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Reply ↓  Report •

#36
November 21, 2017 at 01:05:42
steam <3, i build my pc without a cd-drive

i5-6600K@4.7GHz/4.5GHz cache@1.355v | 2x4GB Crucial-DDR4-2133@ 14-14-14-29 1T 2800MHz@1.345v | ASUS Z170-K | Samsung 250GB SSD 850 EVO | MSI Radeon RX 570 ARMOR 4GB@1330cc&1895mem | Corsair CX450 450W


Reply ↓  Report •

#37
November 21, 2017 at 05:54:49
Johnw

Below is fixlist.txt. Thank you

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by timot (21-11-2017 08:12:54) Run:2
Running from C:\Users\timot\Desktop
Loaded Profiles: timot (Available Profiles: timot & MsLuc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
GroupPolicyUsers\S-1-5-21-3146283584-3349612830-1043305185-1002\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3146283584-3349612830-1043305185-1001 -> DefaultScope {5F60F5C5-B9CC-48D3-B672-97EF10E543B4} URL =
SearchScopes: HKU\S-1-5-21-3146283584-3349612830-1043305185-1001 -> {5F60F5C5-B9CC-48D3-B672-97EF10E543B4} URL =
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3146283584-3349612830-1043305185-1002\User => moved successfully
HKU\S-1-5-21-3146283584-3349612830-1043305185-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3146283584-3349612830-1043305185-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F60F5C5-B9CC-48D3-B672-97EF10E543B4} => key removed successfully
HKLM\Software\Classes\CLSID\{5F60F5C5-B9CC-48D3-B672-97EF10E543B4} => key not found.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 193617880 B
Java, Flash, Steam htmlcache => 58479 B
Windows/system/drivers => 688861673 B
Edge => 202361016 B
Chrome => 374469363 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1490344 B
timot => 442394459 B
MsLuc => 23611 B

RecycleBin => 51046971376 B
EmptyTemp: => 49.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:25:18 ====

Truc C. Nguyen

message edited by Truc Nguyen


Reply ↓  Report •

#38
November 21, 2017 at 06:54:56
✔ Best Answer
To finish off Truc, I have been using the Wise tools on every comp I fix for many, many years.
CCleaner is now owned by Avast & they are trying to force their stuff unto you.
CCleaner Now Offering Avast Free Antivirus in Typical Adware Push
http://news.softpedia.com/news/ccle...

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...

Extract from your Addition log. Are these deliberately blocked?
FirewallRules: [UDP Query User{9EB56804-0035-475C-897F-0EB9F147F828}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [TCP Query User{BA4B0F25-4752-4028-A919-B9EDE9FC1EED}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe

Extract from the fixlog.
"EmptyTemp: => 49.3 GB temporary data Removed"
That is huge, these settings together with using the Wise tools once a month, will keep it in shape.
Here are temp file settings for a normal user, adjust to suit your requirements.
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Chrome is not so straight forward, as you found out, last time we did them.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

message edited by Johnw


Reply ↓  Report •

#39
November 21, 2017 at 07:18:15
Johnw: "EmptyTemp: => 49.3 GB temporary data Removed"
That is huge

To be fair, 47.5 GB of it was the Recycle Bin, and that's pretty small. Across 5 drives on this box, I've got 251.8 GB in the respective Recycle Bins.

How To Ask Questions The Smart Way


Reply ↓  Report •

#40
November 21, 2017 at 07:22:36
"To be fair, 47.5 GB of it was the Recycle Bin"
I realize Razor2.3, that's why the use of the Wise tools. I like to keep them clean.

Reply ↓  Report •

#41
November 21, 2017 at 08:00:56
I mean, can do you have any reason to believe files sitting in the Recycle Bin cause any harm, slowdown, or anything? As much as people rail against the Recycle Bin / Trash, (and seriously you guys, just disable it if you hate it that much), I have yet to see any demerit against letting it sit. I'm not trying to rag on you, this just keeps coming up and I'm seriously wondering if I'm missing out on something, or if it's the newest, "always defrag your HDDs," craze.

How To Ask Questions The Smart Way

message edited by Razor2.3


Reply ↓  Report •

#42
November 21, 2017 at 16:29:09
Johnw,

I can not figure out how to download Wise Disk Cleaner
when I click on first link then download Wise Disk Cleaner, it route me to IT Help Desk software download

Truc C. Nguyen


Reply ↓  Report •

#43
November 21, 2017 at 16:51:30
Here you are Truc.

https://i.imgur.com/D7tCK46.gif
https://i.imgur.com/4xJv6hV.gif


Reply ↓  Report •

#44
November 21, 2017 at 17:28:43
Johnw,

Do I use 3 tabs Common Cleaner, Advance Cleaner, and Slimming System and each tab do "Scan" the "Clean"> Thanks,

Truc C. Nguyen


Reply ↓  Report •

#45
November 21, 2017 at 17:32:09
You are not following any of my screenshots in the original post.

Reply ↓  Report •

#46
November 21, 2017 at 17:52:16
You are right!

However, with Wise Disk Cleaner 9, step 1 "Click & Run" , I click on "Common Cleaner" tab, but I have only option to click "Scan" green button to run. Is that correct?

Truc C. Nguyen


Reply ↓  Report •

#47
November 21, 2017 at 18:15:49
""Scan" green button to run. Is that correct?"
Yes.

Reply ↓  Report •

#48
November 21, 2017 at 18:39:59
After scan, it has "Clean" green button. Do I clean after scan that same with "Run" in your instruction?
In step 3 slimming system, new version has "Remove" option, not Run as instruction.

Truc C. Nguyen


Reply ↓  Report •

#49
November 21, 2017 at 19:22:21
"Run" means Start or do, I am spoon feeding you, most posts just say use this program & you have to work it out for yourself.
Authors of software are changing their layouts all the time.

https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/2teVsjI.gif
https://i.imgur.com/ad7SEKM.gif


Reply ↓  Report •

#50
November 22, 2017 at 11:29:59
Thank you

This is the reason I must ask you for sure. I am going to do Run Wise Disk Cleaner

Truc C. Nguyen


Reply ↓  Report •

#51
November 22, 2017 at 11:56:03
Johnw,

I continue to run Run Wise Registry Cleaner . I would scare to touch the registry.

I installed the program and run it. The pop up window asked me to back up the registry because I am first time run Yes or No

I should say YES but just ask you for sure :)

Truc C. Nguyen


Reply ↓  Report •

#52
November 22, 2017 at 13:59:19
"The pop up window asked me to back up the registry because I am first time run Yes or No"
Yes Truc.

Reply ↓  Report •

#53
November 22, 2017 at 14:01:02
Pending Johnw coming later... - the answer is YES.

Whenever there is an option to backup the registry - go for it. All decent software, utilities etc., which scan and/or fix will offer to backup the registry before doing anything else.


Reply ↓  Report •

#54
November 22, 2017 at 14:01:42
Guess Johnw and I just crossed in time...

Reply ↓  Report •

#55
November 22, 2017 at 14:20:48
"Whenever there is an option to backup the registry - go for it"
Thanks trvlr.

Reply ↓  Report •

#56
November 22, 2017 at 17:03:58
Johnw,

I am doing Run Wise Registry Cleaner. I have done Fast Scan and Clean the problems.
Then as your last image, I have done Deep Scan. I saw 299 problems. Do I clean them as well? Thanks,

Truc C. Nguyen


Reply ↓  Report •

#57
November 22, 2017 at 17:07:01
"Do I clean them as well?"
Yes Truc.

message edited by Johnw


Reply ↓  Report •

#58
November 22, 2017 at 17:18:21
Johnw

After Deep Scan and Clean
299 problems found and 261 problems solved
26 problems were found on Software path and 2 problems were found in Uninstaller

I set up all as you instructed. Laptop looks like a car tuned up

Truc C. Nguyen


Reply ↓  Report •

#59
November 22, 2017 at 17:37:31
Johnw,

For over one year, I wonder what made my laptop slower and Disk cling to 100% for a moment after start up while I would not access the strange website and not installed software or application on Web

Thanks,

Truc C. Nguyen


Reply ↓  Report •

#60
November 22, 2017 at 17:45:41
"Laptop looks like a car tuned up"
Yep, that's what I expected Truc, very zippy.

Reply ↓  Report •

#61
November 25, 2017 at 05:40:55
After this cleaning up, the laptop had 2 times updates
The second update was long and took several auto restarts

Thank you all

Truc C. Nguyen


Reply ↓  Report •

#62
November 29, 2017 at 18:23:09
Thank you all especially Derek and Johnw
My laptop was "tuned up":)

Truc C. Nguyen


Reply ↓  Report •

#63
November 29, 2017 at 18:43:46
Thanks for the feedback, Truc.

Reply ↓  Report •

Ask Question