Task manager spike, loud fan and high memory usage on idle. Virus?

[savagerusssian21]

Its basically in the title. Whenever I open Task Manager, it shows a very high percentage of CPU usage-around 70, which usually drops down to about 4 or 5. Sometimes, I get lot's of lag while the CPU usage is very low, although this has not happened in a while. It starts with a high amount  when nothing but Task Manager is on as well. I also get high memory usage with nothing on, although it doesn't bother me whenever I run a game or render something in 3d, and doesn't even increase drastically. I also believe that my PC is way louder than it used to be, although it could totally be paranoia. MalawareBytes free and Windows Defender didn't find anything after quite a few scans. I do have FRST logs(with all additions checked), but they are confusing to me. Any help is appreciated, and thank you so much in advance (:

The logs are attached for your forum processing AI or whatever

 

 

Addition.txt FRST.txt Shortcut.txt

[savagerusssian21]

Oh and as a side, I have tried running some other "fixlists" from people with the same problem, although it changed nothing. I did not use anything other than FRST, Malawarebytes, and Windows Defender to attempt and fix this problem. I also have reason to believe that the virus was started through a piece of software I downloaded off of Sourceforge, as it prompted a Defender alert, however after I removed and redownloaded the software, it ran without any problem. 

[AdvancedSetup]

Hello @savagerusssian21

I wouldn't say the computer is necessarily infected but it is having issues if you simply look at your Event Log entries you'll see that there are multiple unexpected issues and/or crashing applications/services.

Quote

Application errors:
==================
Error: (01/06/2020 07:46:06 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 23824 and the required size was 33960.

Error: (01/06/2020 08:42:59 AM) (Source: Wlclntfy) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (01/06/2020 08:42:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TermService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc000000d
Fault offset: 0x000000000010f220
Faulting process id: 0x16e4
Faulting application start time: 0x01d5c4af18f2901c
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1796f3b5-d2b5-4547-bfed-10b936f26bd5
Faulting package full name:
Faulting package-relative application ID:

Error: (01/06/2020 08:31:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TermService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000005
Fault offset: 0x00000000000a2ff0
Faulting process id: 0xc8c
Faulting application start time: 0x01d5c4aed0c152f1
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 925f6397-aae1-4a56-a71e-714419d14066
Faulting package full name:
Faulting package-relative application ID:

Error: (01/06/2020 08:31:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TermService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000005
Fault offset: 0x00000000000a2ff0
Faulting process id: 0x1d50
Faulting application start time: 0x01d5c4aed019bfed
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d17ddfcf-8eac-439c-a794-f5914ce3071d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/06/2020 08:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TermService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000005
Fault offset: 0x00000000000a2ff0
Faulting process id: 0x5b0
Faulting application start time: 0x01d5c4aecf35915c
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5c4d3e09-9781-4e64-b20a-7f0274f40562
Faulting package full name:
Faulting package-relative application ID:

Error: (01/06/2020 08:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TermService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000005
Fault offset: 0x00000000000a2ff0
Faulting process id: 0x30d4
Faulting application start time: 0x01d5c4aecefa6c3f
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5b837b52-76fd-4ed8-8f9c-ecc6076be280
Faulting package full name:
Faulting package-relative application ID:

Error: (01/06/2020 08:31:12 AM) (Source: MsiInstaller) (EventID: 11721) (User: ATLAS)
Description: Product: RDP Wrapper Library -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: InstallAction, location: C:\ProgramData\Package Cache\{37ea5771-3352-4a52-9fac-9297331daebd}\RDPWInst.exe, command: -i -o

System errors:
=============
Error: (01/06/2020 05:40:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:33:26 PM on ‎1/‎6/‎2020 was unexpected.

Error: (01/06/2020 10:13:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:10:10 AM on ‎1/‎6/‎2020 was unexpected.

Error: (01/06/2020 08:42:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Desktop Services service terminated unexpectedly.  It has done this 12 time(s).

Error: (01/06/2020 08:33:59 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F9A874B6-F8A8-4D73-B5A8-AB610816828B} did not register with DCOM within the required timeout.

Error: (01/06/2020 08:31:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Desktop Services service terminated unexpectedly.  It has done this 11 time(s).

Error: (01/06/2020 08:31:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Desktop Services service terminated unexpectedly.  It has done this 10 time(s).

Error: (01/06/2020 08:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Desktop Services service terminated unexpectedly.  It has done this 9 time(s).

Error: (01/06/2020 08:31:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Remote Desktop Services service terminated unexpectedly.  It has done this 8 time(s).

Windows Defender:
===================================
Date: 2020-01-06 19:03:47.040
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A359C9FD-BC38-4FC4-96D9-742BCA057519}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-05 15:06:19.588
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9CB9D837-B4CD-4C4D-8915-3BDADA5D4139}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-02 12:09:11.226
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {75BBFB8D-9A9B-4ED6-A8FF-886DC12EFDDA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-24 21:40:19.814
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\rogra\Desktop\Projects\GottaHackEmAll\LANC_Remastered\LANC_Remastered.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.307.1086.0, AS: 1.307.1086.0, NIS: 1.307.1086.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-24 14:33:29.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0FDDF53D-DD78-46D1-8EDC-1F6E8B37C134}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-29 12:24:19.056
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1308.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-23 11:29:11.448
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.972.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-20 10:33:12.606
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.772.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-14 12:54:50.734
Description:
Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\rogra\Downloads\51a78ea4-6574-43aa-882b-92b3b7f6bb53.tmp
Sha256: 643024d112aa5a5e558b7ae24ccd03a9c0ffd58a7abf523546e5d5e4613181e1
Current security intelligence Version: AV: 1.307.465.0, AS: 1.307.465.0
Current Engine Version: 1.1.16

 

Let me have you run the following though and we'll see what we can do about fixing up the computer some.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes installed yet please download it from here and install it.
• Once installed then open Malwarebytes and select Scan and let it run.
• Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan Now.
• When finished, please click Clean & Repair.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

 

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks