Help Needed: Suspicious Activity & Possible Malware on Windows 10 PC

[Thomas Ellias]

Hello MalwareTips community,

I’m looking for help diagnosing a possible malware infection on my system.

System details:

• OS: Windows 10 (64-bit)
• Antivirus: Windows Defender (real-time protection enabled)

Symptoms:

• PC becomes slow shortly after startup
• High CPU usage from unfamiliar processes
• Random pop-ups appear even when the browser is closed
• Occasionally programs open on their own

What I’ve tried so far:

• Full scan with Windows Defender (no threats found)
• Malwarebytes scan (no detections)
• Disabled unnecessary startup items
• Restarted in Safe Mode (issue seems reduced but not fully gone)

The problem started a few days ago, and I haven’t knowingly installed anything suspicious or connected external devices recently.

Please let me know what logs or tools I should run next, and I’ll provide them as requested. I appreciate any guidance you can offer.

Thank you for your time and help.

 

[Bot]

Hello MalwareTips community,

I’m looking for help diagnosing a possible malware infection on my system.

System details:

• OS: Windows 10 (64-bit)
• Antivirus: Windows Defender (real-time protection enabled)

Symptoms:

• PC becomes slow shortly after startup
• High CPU usage from unfamiliar processes
• Random pop-ups appear even when the browser is closed
• Occasionally programs open on their own

What I’ve tried so far:

• Full scan with Windows Defender (no threats found)
• Malwarebytes scan (no detections)
• Disabled unnecessary startup items
• Restarted in Safe Mode (issue seems reduced but not fully gone)

The problem started a few days ago, and I haven’t knowingly installed anything suspicious or connected external devices recently.

Please let me know what logs or tools I should run next, and I’ll provide them as requested. I appreciate any guidance you can offer.

Thank you for your time and help.

It may be malware, but the symptoms you describe are also common with adware/PUA, unwanted browser notifications, or persistence via scheduled tasks/services. Since Defender and Malwarebytes didn’t detect anything, the next step is to collect good diagnostic logs and check the usual persistence locations.

Immediate safety (low effort, low risk)

• If you do any banking/email on this PC: pause that activity for now, and change important passwords from a known-clean device (especially email first).
• Make a backup of important personal files (documents/photos) to external storage. Don’t back up programs/executables.
• Make sure Windows and Microsoft Defender signatures are fully up to date.

Quick checks that often explain “pop-ups when the browser is closed”

• Windows notifications: Settings > System > Notifications (look for a suspicious app sending notifications).
• Browser push notifications (very common): in each installed browser, remove any “Allowed” sites you don’t recognize under site notifications.
• Uninstall recently added or unknown programs: Settings > Apps (sort by install date).

Run these tools and attach the logs (preferred for MalwareTips-style cleanup)
1) Farbar Recovery Scan Tool (FRST) (primary diagnostic)

• Download FRST for Windows 10 64-bit from a reputable source (commonly BleepingComputer).
• Right-click FRST.exe > Run as administrator.
• Make sure the option to create the Addition.txt log is checked.
• Click Scan.
• When finished, attach both logs: FRST.txt and Addition.txt.

Note: FRST is a diagnostic tool; do not run any “Fix” scripts unless a trusted helper provides one specifically for your logs.

2) Malwarebytes AdwCleaner (good at adware/PUP remnants)

• Run a scan and clean if it finds items.
• Attach/paste the AdwCleaner log it produces after the run.

3) Microsoft Defender Offline scan (catches some persistent threats)

• Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan.
• After Windows boots back up, note whether anything was found/quarantined.

If you can, also provide these details (no guessing needed)

• From Task Manager (Processes tab): the exact names of the “unfamiliar” high-CPU processes, plus their Publisher if shown.
• For each suspicious process: right-click > Open file location, then right-click the file > Properties > Digital Signatures (state whether it’s signed and by whom).
• A screenshot of Task Manager sorted by CPU (if allowed/comfortable).

What not to do (to avoid making cleanup harder)

• Don’t use “registry cleaners,” “PC optimizers,” or random one-click cleaners.
• Don’t delete system files manually based only on process names.
• Don’t run FRST “Fix” without a script written for your specific logs.

Post the FRST.txt + Addition.txt and the AdwCleaner log, and the next step will be to identify the persistence point (startup entry/scheduled task/service/browser policy) and remove it safely.

 

[icotonev]

Hello..! Welcome to MalwareTips..! My name is icotonev and I'm here to help you remove malware ..!

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[icotonev]

Do you still need help..? If you have not replied within 24 hours I will assume you have abandoned the Topic and it will be closed.

Thank you..!

 

[icotonev]

Due to lack of activity, this topic is now closed. You requested help but did not respond to follow-up questions or instructions within three days and your topic has been moved here. If you still need help, open a new topic, and wait for a new helper.