Jump to content

Recommended Posts

Hello,

I recently got a new laptop for work. It worked fine for a few days. But after using it for a while the Disk Usage has gone to 100% without anything going on in the background. It's a new laptop so I haven't installed a lot of softwares on it. Mostly it's all that came by default. 

I ran a MalwareBytes Scan and did not get any detections at all. But even the MalwareBytes scan took 100% disk usage to run. (Screenshot attached)

Not only that, even my CPU and memory are going somewhat over the normal percentages as far as I know.

Can someone help me with this issue?

Thanks a lot.

 

I have attached the FRST scans as well.

100.png

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @Tahir5253

It looks like you may have some Registry issues.

Please run the requested scans in your other topic I replied to

 

ERRORS In the Event Logs

 

 

System errors:
=============
Error: (11/17/2021 12:11:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10).

Error: (11/14/2021 11:52:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10).

Error: (11/14/2021 11:52:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.353.969.0).

Error: (11/14/2021 01:22:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

Error: (11/14/2021 01:22:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

Error: (11/14/2021 01:22:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

Error: (11/14/2021 01:22:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

Error: (11/14/2021 01:22:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

 

 

Link to post
Share on other sites

Hello again.

Just to confirm then, by scans u mean the MSERT scan only right?

Because the other scans mentioned in my previous topic, I have already run them on this laptop. Didn't give me any detections at all.

 

So, I'll start the MSERT scan for now. And let you know the progress once it's completed.

Link to post
Share on other sites

Hello again. I have run the MSERT scan as instructed and attached the scan log below.

Please have a look. 

The situation hasn't improved much. The disk usage % has come down a bit when the laptop is idle. But it spikes back up to 100% as soon as I open any app or some process starts in the background.

P.S. - I currently have two different topics opened up on this forum. So, just so we are clear, both topics are for different PCs and therefore different from each other. Hence, the scans and reports are all done separately and are different.

msert.log

Link to post
Share on other sites

  • Root Admin

There was no threat found. The Tamper setting is normal to not be set. Microsoft sees it's not at default and sets it.

Okay, go ahead and run the following for this computer then. @Tahir5253

 

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @Tahir5253

Please note as I mentioned in your other topic, I am off work until Monday but please review the following and post back and I'll try to check back on you tomorrow.

 

 

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

NOTE: This computer is also having trouble updating the Windows Defender antivirus. Please follow the same instructions as from the other computer topic.

 

You may want to also consider doing a factory reset on your router as well as check for any firmware updates.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Thank you

 

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.