Jump to content

W10 High CPU Disappears in Task Mgr - Now No App Name


Recommended Posts

I've been experiencing near constant high CPU usage which disappears when I open task manager.  I am concerned I have some sort of miner/mining infection.  I've tried to video the task manager screen when upon opening.  I originally found igFXEMmodule, and followed instructions to correct.  That has not solved the problem.  I now see a process called START, as well as a number of processes which are blank/no name in task manager.  These disappear almost immediately.  I've read other threads here and have attempted fixes; I'm hoping I haven't caused the potential bug to hide.

I would appreciate any help / direction.  Requested log file attached.

Thank you.

Addition.txt FRST.txt Malwarebyteslog011720.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This fix will reset your System Restore and clean empty entries.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button.

Reset the sync.

Restart the computer normally.
<<<>>>

Please post the Fixlog.txt and let me know if the problem is solved.

fixlist.txt

Link to post
Share on other sites

Thank you so much for your help, nasdaq.

I ran FRST64 with the fixlist.  Fixlog attached below.  It appears the high CPU usage still exists, but I no longer see the processes without name entries when opening task manager.  Let me see how the system behaves for a while.  I will post back here later today or tonight.

Do you have any idea how system restore got turned off?

I am not syncing Firefox.

Colesdad2

Fixlog.txt

Link to post
Share on other sites

Hi,

Do you have any idea how system restore got turned off?


Unfortunately no. Not even as to when it happened.

Let check further.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Run Sophos Virus Removal Tool. Do it when you will not need the computer for an hour or 2.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Link to post
Share on other sites

I'm sorry, I don't understand the question.  I have had no files quarantined by McAfee (ever, actually).  I had downloaded and installed RogueKiller *prior* to beginning this topic.  I was following similar threads.  I recognize the importance of following your instructions exactly.  So, I cannot today download and install RogueKiller, and run the install routine as admin, because RogueKiller is already installed on my machine.

Link to post
Share on other sites

nasdaq,

I went ahead with your instructions as best I could.  I already had RogueKiller installed, and had previously ran a scan and delete on January 15th.  I'm attaching to this reply:

  • RogueKiller Scan Report from January 15th
  • RogueKiller Delete Report from January 15th
  • RogueKiller Scan Report from earlier today
  • SophosVirusRemovalTool.log from earlier today.

Note that I'm still seeing high CPU usage and that I now see "Start" as a process name upon opening task manager.

Thank you, Colesdad2ReportRogue011520Scan.txt

ReportRogue011920Scan.txt ReportRogue011520Scan.txt ReportRogue011520Delete.txt SophosVirusRemovalTool.log

Link to post
Share on other sites

Hi,

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

Check the integrity of the operating system files.
Follow all the instructions on this page.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

If all fails see that you can find/do with these recommendations.

High CPU usage. Windows 8 and 10.
http://www.itphobia.com/windows-modules-installer-worker-high-cpu-usage/
<<<>>>

Link to post
Share on other sites

Good morning, nasdaq,

Thanks for your ongoing support.  i didn't see your last post until late last night.  Attached are the results of Rkill and scf.  We aren't finding any problems, yet I still have high CPU usage from StartMenuExperienceHost.exe whenever I close task manager. I've resorted to just keeping task manager running so I can work effectively on the PC.

I do not see Windows Module Installer Worker running.

Colesdad2

sfcdetails.txt Rkill.txt

Link to post
Share on other sites

Hi,

If you have not already see this article please read it.

https://www.howtogeek.com/272930/what-is-windows-shell-experience-host-and-why-is-running-on-my-pc/

Look at what might possibly be the cause in your case.

I suggest you also read this topic where the subject is discussed.

https://forums.malwarebytes.com/topic/252362-cpu-usage-always-at-70-until-task-manager-is-open/?tab=comments#comment-1339132

Stay safe.

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.