KoalaSatan Posted January 5, 2018 ID:1196791 Share Posted January 5, 2018 (edited) Hello, recently my computer has been using 100% ram and disk and making everything painstakingly slow. I opened up task manager and 20+ "svchost.exe"s were running. I've tried rkill, malwarebytes, zemana, etc. Still no luck. Im running windows 10 64x, with 20gb of ram, and 3Tb of space. Please help in any way you can. I don't want to wipe my hard dive. Edited January 5, 2018 by KoalaSatan Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1196876 Share Posted January 5, 2018 Hello KoalaSatan and welcome to Malwarebytes, Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you, Kevin Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1196951 Share Posted January 5, 2018 Thank you in advance for your help. Even if there is nothing to be done about it, I appreciate your assistance. Here are the requested files - Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197023 Share Posted January 5, 2018 Hello KoalaSatan, There is no obvious malware or infection showing in those logs, run the following: Download RogueKiller and save it on your desktop, ensure to download correct version..RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the Remove Selected option until i`ve had a look at the log.. Thank you, Kevin.... Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197036 Share Posted January 5, 2018 RogueKiller V12.11.31.0 (x64) [Jan 2 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : Ethan [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 01/05/2018 14:24:31 (Duration : 00:24:40) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA DT01ACA300 +++++ --- User --- [MBR] a84dd93b5b19931ceaddbccc47850486 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB 2 - Basic data partition | Offset (sectors): 468992 | Size: 2860881 MB 3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 5859555328 | Size: 477 MB User = LL1 ... OK User = LL2 ... OK Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197044 Share Posted January 5, 2018 Another clean log... Set your system up to run in Clean Boot mode, see how it responds... https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197051 Share Posted January 5, 2018 The amount of "svchost.exe" processes have slightly decreased, but there are still ~15 "svchost.exe"s running. Trying to end the process just shuts my computer down. Thank you for your help thus far. I appreciate it Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197059 Share Posted January 5, 2018 I`ve got 80 Windows Services running on my Windows 10 Pro system, 64 are "Service Host" otherwise known as svchost.exe, if you try to close out such entries you can end up with a hard shutdown of your system that may eventually cause damage to your hard drive. Having many Service Host entries is not necessarily a sign that something is wrong... Have a read at this link: https://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/ Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197066 Share Posted January 5, 2018 I see, thank you for that link and explanation. But, one issue remains unsolved. I've noticed when I try to load basic websites on my web browser, it beings up the "We can't connect to the server" page. My ethernet cable is plugged in properly and works fine on other desktops. Do any viruses you know of cause this? Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197070 Share Posted January 5, 2018 I would not expect that to be the work of malware or a virus, it could simply be the server you are trying to connect to is busy, overloaded or not working. Which browser do you refer to, also which websites, can you post URL`s Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197073 Share Posted January 5, 2018 I tend to favor firefox. And since the time I posted, network on my computer seems to have disappeared. In the network status settings, there is no indication I am plugged in, or any indication for anything. I tried to troubleshoot but it said a program was blocking troubleshooter from working. I'm currently using my laptop to respond. Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197076 Share Posted January 5, 2018 Can you run the following on the PC with the issue and post the produced log: Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197085 Share Posted January 5, 2018 FSS.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197091 Share Posted January 5, 2018 These two services are disabled DHCP and Network Store Interface Service Select the windows key and R key together, In the run box type or copy/paste services.msc then hit enter key. The services window will open. Scroll to each of the services quoted above, right click on each in turn and select "Properties" in the new window change "Startup type" to "Automatic", click apply then ok, do that for both.. Reboot when complete, is connection restored...? Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197097 Share Posted January 5, 2018 The network works and I'm able to get onto youtube and google. Yet, the network icon on the bottom right of my screen is absent, and when in network and internet settings, the network status appears to be a single line with dots in the center. No indication that the network works at all. Trying to troubleshoot yields no results. Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197105 Share Posted January 5, 2018 Right clcik on the Taskbar at the bottom of the Desktop, select "Taskbar Settings" from the list. In the new window scroll to "Notification Area" underneath that are two options: "Select which icons appear on the Taskbar" and "Turn system icons on or off" Select each in turn and ensure both are turned on for "Network"... Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197110 Share Posted January 5, 2018 All settings were already turned on. The problem still remains. Do you think I should just wipe my PC and reinstall windows? I think that'll be the quickest way to permanently solve all the issues. Do you personally think I should start over from scratch, or continue with trying to fix my current system? Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197117 Share Posted January 5, 2018 I do not believe you have any Malware or Infection on your system, a reset seems harsh to me... You could just go for a system Refresh, that is windows is reinstalled but all your data, files, pictures videos etc are retained. Any software you installed yourself is lost.... Refresh W10 - https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html Reset W10 - https://www.tenforums.com/tutorials/4130-reset-windows-10-a.html Your choice... Link to post Share on other sites More sharing options...
KoalaSatan Posted January 5, 2018 Author ID:1197124 Share Posted January 5, 2018 I don't have any valuable files that I can't re-download, so I think I'll wipe the hard drive and reinstall everything. It's a bit overkill, but I'm a bit worn out and just want a functioning computer. Thank you for all your help and assistance. I really appreciate the time and effort. Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2018 ID:1197126 Share Posted January 5, 2018 Thanks for the update, yes I guess sometimes a fresh install is the quickest way back.... Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted January 15, 2018 ID:1200247 Share Posted January 15, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts