Extremely high CPU and Memory usage

Status
Not open for further replies.

nabei

New Member
Thread author
Dec 3, 2019
5
Had a trojan with ransom virus initially, it locked all my files and messed with my CPU and Memory usage so much that both were so high I couldn't open anything without my PC freezing. Reinstalled Windows and it got rid of the virus and the problems. But ever since then, CPU and memory usage have been unusually high even when idle. I need to have task manager always open, if not CPU will go to 100%. I have 8gb ram (Dual Channel/ 2 × 4gb) but only around 3gb available RAM and maximum 4gb RAM when I close all windows and programs running. CPU can also go up to 100% when installing or running certain programs or when scanning PC.

Screenshot (2).png
1st screenshot: Memory when idle.


Screenshot (4).png
2nd screenshot: CPU when task manager is closed for a while and suddenly opened. CPU drops after opened.


Screenshot (7).png
3rd Screenshot: Chrome and other programs use a good amount of memory, I don't know if this is normal or not.
 

Attachments

  • Addition.txt
    36.4 KB · Views: 2
  • FRST.txt
    248.8 KB · Views: 2
  • Like
Reactions: Correlate

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
727
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
Did you reinstall all the Microsoft Windows Updates after the re-intallation of the Operating system?


Check the integrity of the operating system files.
How to run sfc /Scannow

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>
 

Attachments

  • fixlist.txt
    2 KB · Views: 1

nabei

New Member
Thread author
Dec 3, 2019
5
Hi Nasdaq, firstly thanks for the warm welcome and the very prompt reply.

I have ran Fix on FRST with your attached Fixlist.txt. Still the same issues, high CPU when task manager is close and overall high memory
with or without task manager open. I have attached the Fixlog.txt.

Screenshot (15).png



I did reinstall all the windows updates after the re-installation of the OS.

I ran the integrity check of the OS files via cmd prompt: sfc /Scannow and got these results, scan log is also attached.Screenshot (14).png

Problems still persisting.

Thank you.
 

Attachments

  • Fixlog.txt
    5 KB · Views: 1
  • sfcdetails.txt
    53.5 KB · Views: 1
  • Like
Reactions: Correlate

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
727
Hi,

Download Farbar's Service Scanner utility
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller[/*]
  • Quit all programs that you may have started.[/*]
  • Please disconnect any USB or external drives from the computer before you run this scan![/*]
  • For Vista or above, right-click the program file and select "Run as Administrator"[/*]
  • Accept the user agreements.[/*]
  • Execute the scan and wait until it has finished.[/*]
  • If a Windows opens to explain what [PUM's] are, read about it.[/*]
  • Click the RoguKiller icon on your taksbar to return to the report.[/*]
  • Click open the Report[/*]
  • Click Export TXT button[/*]
  • Save the file as ReportRogue.txt[/*]
  • Click the Remove button to delete the items in RED[/*]
  • Click Finish and close the program.[/*]
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.[/*]
=======

Wait for further instructions.
 

nabei

New Member
Thread author
Dec 3, 2019
5
Hi

Here is the FSS.txt:

Farbar Service Scanner Version: 27-01-2016
Ran by PC (administrator) on 05-12-2019 at 15:06:16
Running from "C:\Users\PC\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Attachments

  • FSS.txt
    2.3 KB · Views: 0
  • Like
Reactions: oldschool

nabei

New Member
Thread author
Dec 3, 2019
5
There were no detections after the scan. no red items either to remove either.
Here is the RogueKiller.txt

RogueKiller Anti-Malware V13.5.7.0 (x64) [Nov 20 2019] (Free) by Adlice Software
mail : Contact - Adlice Software
Website : RogueKiller Anti-Malware Free Download: Best Malware Removal
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191203_134524, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/12/05 15:13:53 (Duration : 00:04:00)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤Screenshot (17).png
 

Attachments

  • RogueKiller.txt
    2 KB · Views: 1
  • Like
Reactions: oldschool

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
727
Hi,

Check your Virtual Memory settings.
If possibly Increasing Virtual Memory in Windows 10 as suggested in this article.

---

Make sure you have all the latest drivers.

Any change?
 
  • Like
Reactions: oldschool

nabei

New Member
Thread author
Dec 3, 2019
5
Hi,

I have done both things.

i didn't have to change anything about the virtual memory cause my current setting was the recommended setting.

All my driver are up to date.

Sadly, still no change.
 
  • Like
Reactions: oldschool

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
727
Hi,

There are errors on your addition.txt log on the Realtek audio driver.
Update using this link.

If the problem persists Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program[/*]
  • Execute the instructions on Step 1 Important[/*]
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.[/*]
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next[/*]
  • Click Repairs - Open Repairs in the bottom right corner[/*]
  • Uncheck the All repair button then select just the item(s) listed below[/*]

  • Code:
    01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
    [/*]
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)[/*]
  • Please copy and paste the Contents of this file on your next reply.[/*]
===

Restart the computer normally.

How is the computer running now?
 
  • Like
Reactions: oldschool
Status
Not open for further replies.