Clang Posted July 31, 2023 ID:1580200 Share Posted July 31, 2023 (edited) Computer seems to be fine, but the System data usage worries me. MWB and MS scans didn't find any issues. Attached are the FRST, Additions, and Malwarebytes Threat Scan logs. Thank you. Addition.txt FRST.txt mwbscan7-30-23.txt Edited August 2, 2023 by Clang spelling boo-boos/ms virus update Link to post Share on other sites More sharing options...
Porthos Posted July 31, 2023 ID:1580203 Share Posted July 31, 2023 While you are waiting, Do you have your Nord VPN on all the time? Does NORD show up as a different process in that list? 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580204 Share Posted July 31, 2023 (edited) It's active but not on ... If that makes any sense. We hardly use it. Looks like Nord only used 272mb this month. Edited July 31, 2023 by Clang added more info. Link to post Share on other sites More sharing options...
Porthos Posted July 31, 2023 ID:1580205 Share Posted July 31, 2023 2 minutes ago, Clang said: It's active but not on ... If that makes any sense. We hardly use it. Some VPN's run thru "system" Just trying to rule that out as your data use there. Wait for someone to look at the logs. 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580213 Share Posted July 31, 2023 Will do. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2023 Root Admin ID:1580240 Share Posted July 31, 2023 Unless it was from Steam and Windows Updates I don't see a lot of reason for that much data. Please run the following @Clang Please run the following ESET Online Scanner and perform a Full Scan Click the following link to save the installer for ESET Online Scanner https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get started. When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue When prompted for scan type, Click on the Full Scan button Enable ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click the Start scan button. Have patience. The entire process may take a few hours or more. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log and give it a name and location you remember. If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to turn off the offer for “periodic scanning”. Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Please attach the ESET scan log you saved at the end to your next reply 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580258 Share Posted July 31, 2023 (edited) Thank you , running eset scan now and will post the results later. We have xfinity as our provider and we used 1.2tb total on 7/30/23 which is our monthly cap . we normaly never use that much. Received a warning that we used 75% of the data on 7/20/23 "Unless it was from Steam and Windows Updates I don't see a lot of reason for that much data." There were 3 windows updates this month. It looks like steam updated at least once this month on 7/10/23. Steam Version: 1689034492Steam Client Build Date: Mon, Jul 10 8:02 PM UTC -08:00Steam Web Build Date: Mon, Jul 10 12:48 PM UTC -08:00Steam API Version: SteamClient020 Edited July 31, 2023 by Clang Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580277 Share Posted July 31, 2023 Eset Scan finished . no issues found. esetscan.txt Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580343 Share Posted July 31, 2023 (edited) Looking into the task manager and found uninstalled processes are eating up my data . What in the heck are those? Edited July 31, 2023 by Clang Link to post Share on other sites More sharing options...
Porthos Posted July 31, 2023 ID:1580345 Share Posted July 31, 2023 I would try Firefox for a while. My computer is always on and with several tabs open and streaming Video at least 18 hours a day. total 1 Link to post Share on other sites More sharing options...
Porthos Posted July 31, 2023 ID:1580349 Share Posted July 31, 2023 I have also turned off anything that reports to MS that is offered within wWindows. 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580357 Share Posted July 31, 2023 (edited) I rebooted the computer and reset the data usage numbers and uninstalled processes used about 45mb already ???? Edited July 31, 2023 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580363 Share Posted July 31, 2023 32 minutes ago, Porthos said: I have also turned off anything that reports to MS that is offered within wWindows. Thanks for the tips! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2023 Root Admin ID:1580385 Share Posted July 31, 2023 Maybe try downloading and using Glasswire to keep track of what is doing what on the network https://www.glasswire.com/ 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580390 Share Posted July 31, 2023 35 minutes ago, AdvancedSetup said: Maybe try downloading and using Glasswire to keep track of what is doing what on the network https://www.glasswire.com/ Will do, thank you. Should I be worried about the apps or hosts? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2023 Root Admin ID:1580392 Share Posted July 31, 2023 Here is an entire month for my App history - I don't even have an entry for Uninstalled Processes on my system. Here is a post from 7 years ago and modified 5 years ago, but speaks of exactly what you're seeing. https://superuser.com/questions/1104455/mysterious-uninstalled-processes-using-network-every-time-i-turn-on-my-compute However, I knew there was a way to look at this data but it's been a while since I looked at. Just found the tool that makes it easy to do. I had to use some command line tools before. This makes it very easy. NetworkUsageView v1.30 - Displays network usage information stored in the SRUDB.dat database of Windows 10/8https://www.nirsoft.net/utils/network_usage_view.html 1 Link to post Share on other sites More sharing options...
Clang Posted July 31, 2023 Author ID:1580394 Share Posted July 31, 2023 (edited) This is what Gw Shows so far. I installed NetworkUsageView v1.30 and will keep that running overnight. Looking at that 7 year old post it could be a uninstalled program. Uninstalled processes are programs that are no longer installed on your computer but still appear in the Task Manager or the startup items list. To remove uninstalled processes, you can use one of the following methods Download and run Autoruns from Microsoft Official website and uncheck the uninstalled programs from the Logon tab13. Run procexp.exe and choose Options -> Replace Task Manager and then Options -> Restore Task Manager2. Rebuild the index of your computer by opening the Indexing options in the Control Panel and choosing Rebuild Index4. Uninstall any unwanted programs from the Programs and Features in the Control Panel5. But can we still please continue to be sure there is not a virus on my pc? Thanks for your time on this. Edited August 1, 2023 by Clang Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2023 Root Admin ID:1580417 Share Posted August 1, 2023 Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you 1 Link to post Share on other sites More sharing options...
Clang Posted August 1, 2023 Author ID:1580421 Share Posted August 1, 2023 Thank you! Running scan now. will post results when finished. 1 Link to post Share on other sites More sharing options...
Clang Posted August 1, 2023 Author ID:1580444 Share Posted August 1, 2023 Hi A.S. Below is the scan report ,nothing was found. <Report> <Metadata Version="1" PCID="{8A1461C6-7D17-945B-6718-EF9F97133880}" LastModification="2023.07.31 22:24:36.856" /> <EventBlocks> <Block0 Type="Scan" Processed="615671" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133353254141643225" Object="" Info="Started" /> <Event1 Action="Scan" Time="133353338762471754" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2023 Root Admin ID:1580461 Share Posted August 1, 2023 (edited) Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utilityhttps://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Edited August 1, 2023 by AdvancedSetup Updated information 1 Link to post Share on other sites More sharing options...
Clang Posted August 1, 2023 Author ID:1580512 Share Posted August 1, 2023 Good morning, I Just started the scan. Below are the data used. Uninstalled processes used 102.6mb since yesterday but I'm not finding anything that matches it in the other program. Link to post Share on other sites More sharing options...
Clang Posted August 1, 2023 Author ID:1580521 Share Posted August 1, 2023 (edited) Hi, Attached is the Cure it log. Nothing bad found. cureitlog.txt Edited August 1, 2023 by Clang Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2023 Root Admin ID:1580552 Share Posted August 1, 2023 You can download the following program to also see where data is being stored TreeSize Freehttps://www.jam-software.com/treesize_free There are no real signs the computer is infected. Link to post Share on other sites More sharing options...
Clang Posted August 1, 2023 Author ID:1580559 Share Posted August 1, 2023 (edited) Ok thank you,very much relieved. Will do next step when I get home today. Not to get too far ahead but should I run window file checker... Or whatever it's called? Edited August 1, 2023 by Clang Link to post Share on other sites More sharing options...
Recommended Posts