100% CPU

Bramp

Bramp

Member
Hello. Let me start by saying I installed additional ram on a laptop. It was a 8gb version and I put an additional 4gb giving me 12. At first computer ran great but now over time it is getting progressively slower and slower. CPU always 100% or close to it. All task manager programs seem normal. Computer is laggy and very slow.

I ran
1. AdwCleaner
2. Junkware Removal tool
3. Malwarebytes

and

1. TDSSkiller
2. ASWmbr

Here are the scans below.
 
Bramp

Bramp

Member
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-10-2022
# Duration: 00:00:12
# OS: Windows 11 (Build 22621.819)
# Cleaned: 42
# Awaiting reboot:4
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\bramp\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\bramp\AppData\Roaming\Lavasoft\Web Companion
Needs Reboot C:\Program Files (x86)\Lavasoft\Web Companion
Needs Reboot C:\ProgramData\Application Data\Lavasoft\Web Companion
Needs Reboot C:\ProgramData\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f50de59f-0f57-42c1-9e2d-80ebb22d4c94}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f50de59f-0f57-42c1-9e2d-80ebb22d4c94}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f50de59f-0f57-42c1-9e2d-80ebb22d4c94}|UninstallString
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1107A85-AA7D-46FE-9B59-93AA7B1EEE13}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\bramp\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Needs Reboot Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\Lavasoft\Web Companion
Cleaning failed C:\ProgramData\Application Data\Lavasoft\Web Companion
Cleaning failed C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Cleaning failed C:\ProgramData\Lavasoft\Web Companion

*************************

AdwCleaner[S00].txt - [5958 octets] - [10/12/2022 16:55:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
Bramp

Bramp

Member
Malwarebytes

www.malwarebytes.com



-Log Details-

Scan Date: 10/12/2022

Scan Time: 16:25

Log File: 599d616e-78ea-11ed-9120-842afd5dd91a.json



-Software Information-

Version: 4.5.18.226

Components Version: 1.0.1838

Update Package Version: 1.0.63280

Licence: Trial



-System Information-

OS: Windows 11 (Build 22621.819)

CPU: x64

File System: NTFS

User: LAPTOP-OJ4IHOO0\bramp



-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 311389

Threats Detected: 7

Threats Quarantined: 7

Time Elapsed: 9 min, 48 sec



-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect



-Scan Details-

Process: 0

(No malicious items detected)



Module: 0

(No malicious items detected)



Registry Key: 0

(No malicious items detected)



Registry Value: 0

(No malicious items detected)



Registry Data: 0

(No malicious items detected)



Data Stream: 0

(No malicious items detected)



Folder: 1

HackTool.AutoKMS, C:\WINDOWS\AUTOKMS, Quarantined, 3477, 1013725, 1.0.63280, , ame, , ,



File: 6

HackTool.AutoKMS, C:\Windows\AutoKMS\AutoKMS.ini, Quarantined, 3477, 1013725, , , , , A602D7E8CAE948C55F5773D8BE095257, B19BFFAC5264C5286F4F6573137B5F1E8F4AA88B38CFCB7BF0536CBAE40B2FC0

HackTool.AutoKMS, C:\Windows\AutoKMS\AutoKMS.log, Quarantined, 3477, 1013725, , , , , D11AC474BBA0C804EF5053E19A9E7D86, 435EB34674BF7415DBC6BABF167C0B035DEA434449FAE0D11C36F81CD14EA4AD

Generic.Trojan.Malicious.DDS, C:\PROGRAMDATA\KMSAUTO\KMSAUTO NET.EXE, Quarantined, 1000002, 0, 1.0.63280, CD48BF7AF4DC72CB3A0A4517, dds, 02073566, 6EE7F3ECD5111CD5306792FD3141515D, 69A8AE6352CFFD366409DF8E566E84315B4BFFCF5865A4B8079C446123BA1D26

Generic.Trojan.Downloader.DDS, C:\PROGRAMDATA\KMSAUTO\BIN\TUNMIRROR.EXE, Quarantined, 1000002, 0, 1.0.63280, AAE1EC95F26EA8FA1B62885E, dds, 02073566, 362498C3E71EEAA066A67E4A3F981D1C, D87E8D9D43758CE67A8052CB2334B99CC24F9B0437EE44815F360BE0B22D835A

Generic.Crypt.Trojan.Malicious.DDS, C:\USERS\BRAMP\DOWNLOADS\UTORRENT.EXE, Quarantined, 1000002, 0, 1.0.63280, C023FEDDEA4EDF23B88FEFD6, dds, 02073566, 225315A030E5495740099BBA53F4B4DA, F9339A7E884192DDDB45E88D06B2628513F61D94FD217098BD4CBD724D9842C2

PUP.Optional.BundleInstaller, C:\USERS\BRAMP\DESKTOP\DTLITEINSTALLER(1).EXE, Quarantined, 495, 1078096, 1.0.63280, , ame, , 40AF8BED09BFF955BA625B60A7065528, AD8D1D25FBB5A3F2E531CB30BA543756FC09D70978D48C728A866FAD4A27E007



Physical Sector: 0

(No malicious items detected)



WMI: 0

(No malicious items detected)





(end)
 
Bramp

Bramp

Member
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by bramp (Administrator) on Sat 12/10/2022 at 17:03:14.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ADD7EEE-FF73-48DE-BCCF-3B25BC800666} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0ADD7EEE-FF73-48DE-BCCF-3B25BC800666} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/10/2022 at 17:06:19.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
johnb35

johnb35

Administrator
Staff member
It would be great if you would list what exact processor you have and what process is using all the cpu in task manager. You may have a low end processor.
 
Bramp

Bramp

Member
johnb35 said:
It would be great if you would list what exact processor you have and what process is using all the cpu in task manager. You may have a low end processor.
Click to expand...
Well, I didn't have this problem before.
It's a Ryzen 5 3500U and Radeon Vega Graphics.
 
johnb35

johnb35

Administrator
Staff member
And what about what process is using the cpu? Open task manger, click on the cpu column and it will sort by highest usage first. You can also take a screenshot of it and post it.
 
Bramp

Bramp

Member
johnb35 said:
And what about what process is using the cpu? Open task manger, click on the cpu column and it will sort by highest usage first. You can also take a screenshot of it and post it.
Click to expand...
Actually, the scans may have just fixed everything I rebooted again, and I also changed in MSconfig the processors from 1 to 4 (it goes up to 8) now fan vrooming has slown down and I am no longer at 100CPU.. Lets see how this runs for awhile.
 
beers

beers

Moderator
Staff member
Bramp said:
Actually, the scans may have just fixed everything
Click to expand...
Looks like there's some crypto related malware in what was discovered. Double check that your personal data hasn't been corrupted/modified, the 100% CPU process was likely an encryption process.
 
You must log in or register to reply here.
Top