I may have gotten some crappy malware on my PC.

Idrk bleep about malware, but when lots of CMDs can open absolutely randomly at any given time, and when my hard drive space shrinks almost immediately after I delete things or even make a factory reset, it seems like I do actually have something like that. My cooler makes a bleep mix of chopper and chainsaw sounds, as loud as a Falcon Heavy failing to take off the ground to any significant altitude as they usually do, like most of the time my PC is on.
Both AVG's and Malwarebytes' free no subscription versions can't find bleep.
Yes, I've even done factory resets. Doesn't really help.
I just want somebody to guide me through the woods of FRST, since I don't really want to make an effort to figure it out on myself.

Hi CaptainBlud,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

• Back up any important data, as a precaution before starting this process.
• If you are unsure about anything then please ask. This makes the task much easier in the long run.
• Do not run any other tools or make changes to your system during the removal process.
• Please do not start a new topic and keep all replies in this thread.
• Follow the instructions in the sequence advised.
• Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
• Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
• Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
• Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.Firstly I'd like you to follow the steps outlined here: Preparation Guide

Section 6 covers how to download and run the Farbar Recovery Scan Tool (FRST).
Note: If you receive a warning about the download, it is a false positive and you can safely ignore it.
Please copy and paste both FRST logs into your reply. If you get an error message advising that the content is too long, you should post 2 separate replies.

Dennis

Edited by CaptainBlud, 08 April 2024 - 10:02 PM.

I am pleased to advise that there are no obvious signs of malware present, although there are 2 folders I'd like to check.
Let's do some cleanup and maintenance next, by running the following FRST script.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Folder: C:\ProgramData\Piriform
Folder: C:\ProgramData\Norton
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1346671777-2945835254-3822528861-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{461DD8CC-C32E-4712-B984-F09264F3FF11}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19D4D2A2-D824-4429-8064-D5CFDE85374E}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E163F5E2-B4A0-4B0B-A21B-57216ABCA55F}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
cmd: chkdsk
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
-----------------------------------------------------------------------
Then please do this.
Crystal Disk Info

• Download Crystal Disk Info and save it to your Desktop.
• Right click on the icon and select Run as administrator.
• Accept the agreement and click Next four times.
• Click Install.
• Click Finish to launch the program.
• On the CrystalDiskInfo screen click File, then Save (text)
• Save the file onto your Desktop using the default file name.
• Copy and paste the information into your next reply.

Also advise how your computer is running now.

Additionally to the info you asked me to provide, I think I should inform you on this too. Upon launching CrystalDiskInfo, I discovered that the total amount of SSD (actually I just discovered that I have an SSD and not an HDD, funnily enough) space it shows is actually very different from what file explorer and the system settings do. File explorer and the settings show that Local Disk C (the only one) has 56.9 GB of total storage space, while CrystalDiskInfo shows 120 GB. I am ashamed to confess, but I don't know bleep about how storage space is partitioned in Windows (10). Ashamed because it surely does indicate an absolute lack of knowledge about how the device I use for the most part of my daily routine works, and that's just bad consumer behavior, though kind of normalized in modern consumer culture for some reason. I'm a little bit concerned about this, but honestly clueless what it can possibly indicate. As I said, bad consumer behavior.

But back to the main thing. Here's what you asked for:
 

Please post the contents of the Fixlog.txt that was created after you ran the fix.
Regarding the drive space query, right-click This PC on your Desktop and then click Manage.
In the Computer Management window, click Disk Management.
A list of available drives and partitions will be shown.
Please advise the results.

Here.

Unfortunately the System File Checker did not run.
Let's try again as follows.

• Click on the Start button.
• In the search box at the bottom, type cmd.
• Command Prompt should appear at the top of the menu.
• Right-click on this and select Run As Administrator.
• Type sfc /scannow. (Make sure there is a space between sfc and /scannow)
• The scan will start. The time taken varies so please be patient and wait until completed.
• Please report the results from the SFC scan in your next post.

-------------------------------------------------------------------------------------
Then please run a full scan with ESET Online Scanner, as an extra check.

• Download ESET Online Scanner from here and save it to your Desktop.
• Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
• Select your desired language from the drop-down menu and click Get started.
• Click Yes if a User Account window appears.
• In the Terms of use screen, click Accept if you agree to the Terms of use.
• Click Get started in the welcome screen.
• Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
• Click Computer scan, in the Welcome back screen.
• Choose Full scan on the next screen.
• Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
• Please note that this process can take several hours to complete.
• At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
• On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
• ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
• You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
• On the next screen, you can leave feedback about the program if you wish.
• There is an option to delete the application's data on closing, but we can but we can do this later.
• If you left feedback, click Submit and Close. If not, click Close.
• Copy and paste the contents of the ESETScan.txt file in your next reply.

 

Please advise if you still need help?
It has been 3 days since my last post.
If you have not replied within the next 48 hours, I will assume that you no longer need help and this topic will be closed.

Alright, soooo...
ESET does this and then crashes.

Edited by CaptainBlud, 17 April 2024 - 02:46 AM.

This happens sometimes with ESET. Removing the tool and starting again has worked in the past, but let's try an alternative scanner instead.
Emsisoft Emergency Kit.

• Download and save the installation file from here:
• Emsisoft
• Double-click on the Emsisoft Emergency Kit setup file to start the installation process and then click on the Install button.
• You may be presented with a User Account Control warning, asking you if you want to run this file. Click Yes to continue.
• The downloaded package unpacks to “C:\EEK” by default and this folder now opens on your screen.
• To start Emsisoft, double-click on the Start Emergency Kit Scanner icon in this folder.
• You may get another User Account Control warning. Click Yes to continue.
• Accept the Licence Agreement.
• When you launch the program for the first time, Emsisoft Emergency Kit will automatically download updates. The Scan tab changes from orange to green when the update process is completed.
• Leave the settings unchanged, which include detection of Potentially Unwanted Programs.
• Now click on Malware Scan in the Scan button.
• When the Emsisoft scan has finished, you will see a screen reporting details of any malicious files found on your computer.(Close the pop up inviting installation of Emsisoft protection)
• Click Quarantine selected objects. (Note, this option is only shown if malicious objects were detected during the scan)
• You may be asked to restart your computer.
• When the threats have been quarantined, click the View Report button in the lower-right corner and the scan log will open in Notepad. The logs can also be accessed in the left hand menu bar.
• Please save this log on your desktop and post the contents into your next reply.
• When you close Emsisoft Emergency Kit it asks if you wish to sign up for a newsletter. This is optional, and does not affect the malware removal process.

 

Did you manage to run a scan with Emsisoft?

The Emisoft download link you put there doesn't work. I waited for a few days thinking it'll get fixed, but apparently it hasn't gotten yet. Clicking "click here" doesn't help. Though, I found a solution. Copying the address of "click here" and then pasting it into a new tab's URL search bar helps. Now lemme do the scan rq.

Edited by CaptainBlud, 22 April 2024 - 02:05 PM.

Here ya go.
Emsisoft Emergency Kit 2024.4.0.12347 stable [en-us]