Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

CPU or DISK usage at 100%

Solved 
2K views 21 replies 3 participants last post by  dontbehat1n 
#1 ·
I don't have the specifics of the laptop, as it seems to be hit or miss if it works for a bit before slowing down to a crawl or just does it almost right after startup. Its an ASUS gaming computer ive had for about 3 years now.
Running windows 10, and starting yesterday it has begun to basically freeze and nothing will load unless you wait about 5 minutes per click.
I was able to wait and open the task manager to see the CPU usage at 100%, but had none of the processes above .1% which means it did not add up. At that time, disk was down at nothing. At one point it had flipped completely to be disk at 100% and CPU at next to nothing.
I tried a few things like turning off windows search and disabling a bunch off startup but its a slow process with how its working right now. I did manage to run Hardware Sentinel and check the drive itself as that came up on one suggestion, and to my suprise that had it at 98% health which does not suggest a bad drive to me.
My antivirus picked up something last night and removed it, i don't remember downloading anything to cause this but i figured getting rid of it might of solved the problem but to no avail.

If anyone has an idea, im open to try anything at this point.

Thanks
 
See less See more
#2 ·
Please follow the steps below to help troubleshoot your system. Let me know if you have any questions.

Step 1:
Download Speccy to your desktop

1. File > Publish Snapshot. This saves your snapshot to their servers
2. Copy and Paste the link to your next Reply

Step 2:
1. Click on Start menu
2. Type command to start searching
3. Right click on command prompt in list and select Run as Administrator
4. Copy and Paste each the commands after the numbers below into the command prompt and press Enter key

1. sfc /scannow (best to run 2-3 times, rebooting after each time)

2. (Windows 8 or higher)
dism /online /cleanup-image /restorehealth

If any Errors are found with sfc /scannow then:
Copy and Paste the following command, and press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
This will copy sfcdetails.txt to your desktop
Upload sfcdetails.txt file

3. MD "%userprofile%\desktop\SystemDiag"&systeminfo > "%USERPROFILE%\Desktop\SystemDiag\systeminfo.txt"&msinfo32 /nfo "%USERPROFILE%\Desktop\SystemDiag\msinfo32.nfo"&wevtutil qe System /c:20 /f:text > "%USERPROFILE%\Desktop\SystemDiag\SystemLog.txt"&wevtutil qe Application /c:20 /f:text > "%USERPROFILE%\Desktop\SystemDiag\AppLog.txt"
  1. This command will create a new folder on your Desktop called SystemDiag
  2. Compress files into a .zip file Systemdiag.zip
  3. Upload the Systemdiag.zip file from your desktop to your reply

Step 3:
Download Process Explorer to your desktop
  1. Right Click on the procexp64.exe or procexp.exe and Select Run As Administrator
  2. In the View menu click on Select Columns
  3. Check Verified Signer, Virus Total on Process Image Tab
  4. Select the Process I/O tab and check Reads, Rights and click OK
  5. Select Options Menu and Check Verify ImageSignatures, VirusTotal.com > Check Virustotal.com
  6. Double Click on the CPU Column to sort by highest CPU usage.
  7. (Highest CPU Processes should be at the top once sorted properly)
  8. Wait approximately a minute
  9. Select Save or Save As from the File menu
  10. Save SystemIdleProcess.txt to Desktop
  11. Upload file to your reply
Step 4:
How to perform a clean boot in Windows

http://support.microsoft.com/kb/929135

Let us know if it works much better in this mode?
 
#4 ·
Best to just reply once they are all complete. Thank you
 
#5 · (Edited)
Hi, the latest KB4343909 cumulative update is in a staging condition, it say's not installed. Now this is more then likely caused by WEB root. In your current position you can not uninstall the KB from within windows, it can only be done from the RE (recovery environment) If you made a recovery dvd or usb then , we may have use for them.

In a staging condition a lot of files are written to the component store and this puts windows file integrity on alert.

Web root see's this as corruption, because it is poorly coded it keeps tying to do something about it. The issues combine and your computer grinds to a halt.

Quite frankly I am sick of telling people that you should only use Windows defender, it offers superior protection and integrates into the OS, so problems like this do not occur. You would do well to totally remove Web root from your computer, (you will need to google for their uninstall util to do this properly)you likely will have to disable it, to be able to at least get the KB reinstalled properly.

First thing to try is a windows clean use the advanced clean option to include windows update. press the win + r keys together, in the run box type:- cmd, next press the ctrl+shift+enter keys together, an elevated cmd prompt will open, copy this cmd, then paste it, into the cmd prompt, press enter:-

%SystemRoot%\System32\Cmd.exe /c Cleanmgr /sageset:65535 & Cleanmgr /sagerun:65535

(Note:- this cmd was deprecated after Vista, however it still works, and seems to do a better job then cleanmgr tuneup, EDIT appears MS have worked this, and the best cmd now is to simply type:- cleanmgr (press enter), same results as the above, however integrates better with the GUI and is easier to follow progress, so use this))

You will see a window with cleanup options select boxes according to what you want (leave the ESD alone).
You get a description regarding what each one does (this is a windows util) make sure clean up windows update is selected. Let it run, can take quite awhile, so be patient after it finishes close cmd prompt.

Now go here and download the KB4343909 as a stand alone install. Just put it into the search box:-

https://www.catalog.update.microsoft.com/Home.aspx

Make sure web root is gone (or at least disabled) before doing this, also right click on the completed download and select properties, check the "Unblock" box.

See how you go, if not there is a more difficult path you have to follow, (it does work) there is no other way to resolve this short of a clean fresh install, so be prepared.
 
#7 · (Edited)
So if i understand correctly, the latest update that tried to go through for windows got stopped or halted by WebRoot? The windows defender is currently off because that was one of the options on one of the other forum posts I had been attempting to follow before resorting to posting myself.

So WebRoot could be causing the problem entirely and not allowing this update to download. Came with the computer when purchased, but you recommend going to just WindowsDefender and getting rid of WebRoot entirely?

EDIT:
Got through all your steps. WebRoot is uninstalled, WindowsDefender has been restarted and I was able to download the update off the site. Is there anyway to clarify this has solved the problem other than keep using it and see if it happens again?

Thank you so much for the help!
 
#9 ·
Well i did manage to see where that update had failed, and after running through jenae's steps i was able to download that. It seems to be "better" but i have had to restart once since finishing those steps when it topped out the disk at 100%. Im trying to open task manager as soon as i start the laptop to try and keep an eye on it. Currently running a full scan through WindowsDefender and see if that turns up anything Webroot may have missed.
Thanks again for all the help. Guess we will see after the scan if anything comes up that may be causing it yet.
 
#10 ·
#11 ·
Just did the clean boot, sorry must of got distracted with the other reply before fully finishing. Startup was still slowed compared to normal, and it did the normal of pinning to 100% for a minute or 2 on startup then dropped. Never got through the full scan as halfway through it decided to jump to 100% and freeze the scan entirely.
 
#12 ·
Please try running the scan in Safe mode and see if it completes.
 
#14 ·
If it completed then no need to run in Safe mode.

Please run the following to check for malware.

Download MiniToolBox by Farbar and save it to your desktop.
Run as Administrator to start the tool
  1. Select to Run All options
  2. Click Go and wait patiently
  3. Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.
  4. Upload or Paste the Results.txt to your next reply
Rkill
  1. Download Rkill from the below link.
    https://www.bleepingcomputer.com/download/rkill/I
  2. Double click on Rkill program to stop the malicious programs from running
  3. RKill will now start working in the background, please be patient while it looks for malicious process and tries to end them
  4. When the Rkill tool has completed its task, it will generate a log
  5. Do Not Reboot your computer or the malware programs will start again
  6. Upload or Paste your Log file to next reply
Adware Cleaner
Download Adware Cleaner to your desktop.
Important! close all open programs and internet browsers
  1. Double click on AdwCleaner.exe to run the tool
  2. Right-click on program and select Run As Administrator.
  3. Click on the scan button
  4. When the scan is ready click on the Clean button
  5. Upload or Paste the log in your next reply.
Please download Malwarebytes Anti-Malware to your desktop.
https://www.malwarebytes.com/mwb-download/
  • Launch Malwarebytes Anti-Malware Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has Started
  • Click on the Settings button
  • Click on Protection tab
  • Enable the Scan for rootkits
  • select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
  • After the restart, Open Malwarebytes
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)
 
#15 ·
Hi, I would not bother downloading Malwarebytes, windows defender uses a more sophisticated version of the same protection regime as Malwarebytes, and does a better job. You get the premium version of Malwarebytes as a trial, until it reverts to the free version , this is seriously bad code and should not be inflicted upon your machine. Use SuperAntiSpyware (SAS) instead, this complements Windows Defender and will keep you safer.
 
#16 · (Edited)
All 3 results are uploaded, saw a few things pop up. Final restart after the MalwareBytes scan still seemed a bit hesistant, but when it was fixing the problems the disk usage seemed to drop off drastically. Few things popped up on both.

and the Step 2 download was an invalid link, said the page did not exist.

EDIT: Still ending up jumping to 100% disk usage and freezing up after all that. Im noticing more that it does it right after login, when my home screen pops up. Goes down, and shoots back up every now and then only to drop again. Maybe 10-15 minutes before it jumps to 100 and stays there which makes me have to restart the laptop if that makes any difference.
 

Attachments

#17 ·
Hi, well if you continue to make the same mistakes I repeat:-

Hi, I would not bother downloading Malwarebytes, windows defender uses a more sophisticated version of the same protection regime as Malwarebytes, and does a better job. You get the premium version of Malwarebytes as a trial, until it reverts to the free version , this is seriously bad code and should not be inflicted upon your machine. Use SuperAntiSpyware (SAS) instead, this complements Windows Defender and will keep you safer.
 
#18 ·
Just doing whatever I can to try and figure out this mess. Did it for the initial scan, not currently still on the computer.
I have tried a full scan with WindowsDefender 3 times now, always halting at about half way/400,000 files until the disk usage gets to 100% and won't let me fully finish a scan. The quick scan finds nothing, which is like 1/20th of the files as far as I can tell.
 
#19 ·
Hi, when you notice disk usage growing press the win + x keys together, select Powershell (admin) from the options.

copy the below cmd and right click anywhere in the powershell window, the cmd will append to the prompt, press enter

Get-Process | Sort CPU -descending | Select -first 8 -Property ID,ProcessName,CPU | format-table |out-file $home\cpu.txt
notepad $home\cpu.txt

Notepad will open, this tells us the 8 top processes. Post the notepad output here.
 
#21 ·
was not around too much yesterday to put a load on the laptop, but i let it run because previously it seemed to be doing it whether I was on it or not. Did not spike at all, will keep an eye on it today.

It looks like you have some malware that needs to be cleaned off your machine. The malware team will have to take over to complete the cleanup process.

Rootkit.HelpDetectWz.PUA
Trojan.Agent
Were these not removed in the quarantine process of those 2 programs?
 
#20 ·
It looks like you have some malware that needs to be cleaned off your machine. The malware team will have to take over to complete the cleanup process.

Rootkit.HelpDetectWz.PUA
Trojan.Agent
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top