Solved 100% CPU usage with IDM.

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Fixlog
Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by Shahil (01-10-2023 12:48:03) Run:2
Running from C:\Users\Shahil\Desktop
Loaded Profiles: Shahil
Boot Mode: Normal
==============================================

fixlist content:
*****************
start::
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
C:\Users\Shahil\AppData\Roaming\Amazon
DeleteKey: HKCU\SOFTWARE\Amazon
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\Amazon 
DeleteKey: HKCU\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKCU\SOFTWARE\nwjs
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\nwjs
DeleteKey: HKCU\SOFTWARE\T0
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\T0
C:\Users\Shahil\AppData\Local\Adaware
C:\Users\Shahil\AppData\Local\Amazon
C:\Users\Shahil\AppData\Local\nwjs
C:\Users\Shahil\AppData\LocalLow\T0
File: C:\Program Files (x86)\64BitMailAgent.exe
File: C:\Program Files (x86)\SendCrashReport.exe
File: C:\Program Files (x86)\TrackReview.exe
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::
*****************

Restore point was successfully created.
Processes closed successfully.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software" folder move:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software => moved successfully

"C:\Users\Shahil\AppData\Roaming\Amazon" folder move:

C:\Users\Shahil\AppData\Roaming\Amazon => moved successfully
HKCU\SOFTWARE\Amazon => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\Amazon => not found
HKCU\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db => not found
HKCU\SOFTWARE\nwjs => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\nwjs => not found
HKCU\SOFTWARE\T0 => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\T0 => not found

"C:\Users\Shahil\AppData\Local\Adaware" folder move:

C:\Users\Shahil\AppData\Local\Adaware => moved successfully

"C:\Users\Shahil\AppData\Local\Amazon" folder move:

C:\Users\Shahil\AppData\Local\Amazon => moved successfully

"C:\Users\Shahil\AppData\Local\nwjs" folder move:

C:\Users\Shahil\AppData\Local\nwjs => moved successfully

"C:\Users\Shahil\AppData\LocalLow\T0" folder move:

C:\Users\Shahil\AppData\LocalLow\T0 => moved successfully

========================= File: C:\Program Files (x86)\64BitMailAgent.exe ========================

C:\Program Files (x86)\64BitMailAgent.exe
File is digitally signed
MD5: FA53099C5BE9982A58B41B888C2B35B6
Creation and modification date: 2021-05-06 11:07 - 2021-03-18 20:43
Size: 000497216
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. -> Foxit Software Inc.
Internal Name: Courier.exe
Original Name: Courier.exe
Product:
Description: 64Bit MAPI Mail Agent
File Version: 1.0.8.1228
Product Version: 1.0.8.1228
Copyright: Copyright © 2014-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: https://www.virustotal.com/gui/file/760f75ffc1e44aad7216569f236af04673348eb990a0f5a28e91dc748c71e9e3/detection/f-760f75ffc1e44aad7216569f236af04673348eb990a0f5a28e91dc748c71e9e3-1667455670

====== End of File: ======


========================= File: C:\Program Files (x86)\SendCrashReport.exe ========================

C:\Program Files (x86)\SendCrashReport.exe
File is digitally signed
MD5: 0D83B827BE2277A438DF1074A7385738
Creation and modification date: 2021-05-06 11:07 - 2021-04-12 02:01
Size: 003095616
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. -> Foxit Corporation
Internal Name: SendCrashReport
Original Name: SendCrashReport.exe
Product: SendCrashReport
Description: SendCrashReport
File Version: 10.1.0.924
Product Version: 10.1.0.924
Copyright: Copyright © 2013-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: https://www.virustotal.com/gui/file/b5d5572956f108bada12c83376b62fd60ccbfb7bc7e5e04303f0017b8166b584/detection/f-b5d5572956f108bada12c83376b62fd60ccbfb7bc7e5e04303f0017b8166b584-1665105270

====== End of File: ======


========================= File: C:\Program Files (x86)\TrackReview.exe ========================

C:\Program Files (x86)\TrackReview.exe
File is digitally signed
MD5: CD7CF4BCC61AE27A64B5EC1B2AEAD939
Creation and modification date: 2021-05-06 11:07 - 2021-04-12 02:02
Size: 003220032
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. -> Foxit Software Inc.
Internal Name: TrackReview.exe
Original Name: Foxit Track Review
Product: Foxit Track Review
Description: Track Review
File Version: 10.1.4.37623
Product Version: 10.1.4.37623
Copyright: Copyright © 2014-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: https://www.virustotal.com/gui/file/e3a2f89b2f0c1bf054e527caf022f44dd903dc005119340f4bdf567485319028/detection/f-e3a2f89b2f0c1bf054e527caf022f44dd903dc005119340f4bdf567485319028-1682468224

====== End of File: ======


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1730.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1735.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1757.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-0310.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1043.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1046.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1046a.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1048.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1225.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1235.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1240.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== "C:\WINDOWS\system32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp" ========


=========== "C:\WINDOWS\syswow64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\syswow64\*.tmp" ========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13897223 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 81492760 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 1143487641 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Shahil => 1949632 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:48:51 ====
 
Hi, I have to go out rn for some work, will scan with rogue killer and antilogger after I return.
 
Rogue killer log

Code: 
Program            : RogueKiller Anti-Malware
Version            : 15.12.1.0
x64                : Yes
Program Date       : Sep 18 2023
Location           : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19045) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User               : Shahil
User is Admin      : Yes
Date               : 2023/10/01 10:05:46
Type               : Scan
Aborted            : No
Scan Mode          : Standard
Duration           : 613
Found items        : 1
Total scanned      : 113265
Signatures Version : 20230928_070539
Truesight Driver   : Yes
Updates Count      : 9
Arguments          : -minimize

************************* Warnings *************************

************************* Updates *************************
7-Zip 22.01 (x64) (64-bit), version 22.01
  [+] Available Version        : 23.01
  [+] Size                     : 5.46 MB
  [+] Wow6432                  : No
  [+] Portable                 : No
  [+] update_location          : C:\Program Files\7-Zip\

AutoHotkey 1.1.33.10 (64-bit), version 1.1.33.10
  [+] Available Version        : 2.0.10
  [+] Wow6432                  : No
  [+] Portable                 : No

Subtitle Edit 3.6.0 (64-bit), version 3.6.0.0
  [+] Available Version        : 4.0.1.0
  [+] Size                     : 27.2 MB
  [+] Wow6432                  : No
  [+] Portable                 : No
  [+] update_location          : d:\Program Files\Subtitle Edit\

Malwarebytes version 4.5.21.231 (64-bit), version 4.5.21.231
  [+] Available Version        : 4.6.3
  [+] Wow6432                  : No
  [+] Portable                 : No
  [+] update_location          : C:\Program Files\Malwarebytes\Anti-Malware

calibre 64bit (64-bit), version 5.20.0
  [+] Available Version        : 6.27.0
  [+] Size                     : 355 MB
  [+] Wow6432                  : No
  [+] Portable                 : No
  [+] update_location          : C:\Program Files\Calibre2\

FormatFactory 4.3.0.0 (32-bit), version 4.3.0.0
  [+] Available Version        : 5.15.0.0
  [+] Wow6432                  : Yes
  [+] Portable                 : No

OBS Studio (32-bit), version 28.0.3
  [+] Available Version        : 29.1.3
  [+] Wow6432                  : Yes
  [+] Portable                 : No

qBittorrent 4.4.0 (32-bit), version 4.4.0
  [+] Available Version        : 4.5.5
  [+] Size                     : 163 MB
  [+] Wow6432                  : Yes
  [+] Portable                 : No

VLC media player (32-bit), version 2.2.0
  [+] Available Version        : 3.0.18
  [+] Wow6432                  : Yes
  [+] Portable                 : No
  [+] update_location          : C:\Program Files (x86)\VideoLAN\VLC


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big      : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************
[Cloud.Generic (Malicious)] (file) msimg32.dll -- C:\Users\Shahil\AppData\Roaming\MetaQuotes\Terminal\2191F4A3D14D7B4B1EBB84F924777883\MQL4\Indicators\msimg32.dll -> Found

************************* Web Browsers *************************

************************* Antirootkit *************************
 
Run HijackThis! as admin! (located in the folder ...Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.



Code: 
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MEGA (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O23 - Driver R: (no name) - C:\WINDOWS\System32\drivers\dump_iaStorAVC.sys (file missing)


Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.

AutoLogger\CheckBrowserLnk
Click to expand...
Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
move.gif
 
  • Like
Reactions: maxim123
Malnutrition said:
Look in the Autologger folder and drag out the CheckBrowsersLNK file.
Click to expand...
Hi,
1696309842906.png

there is no CheckBrowsersLNK text file.
I moved the debug to Clear LNK and it says no shortcuts here or files don't exist message. and then it gives error saying
1696309953996.png
 
I have uploaded the text file for you.
Here, drag and drop this text file onto.
the ClearLNK utility .
After saving ClearLNK to desktop.
move.gif

So the machine is running well and no more issues. I'll mark as solved.

We will clean all the tools we used...

Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster
 

Attachments

  • Like
Reactions: maxim123
Status
Not open for further replies.
Top Bottom