[SOLVED] High level of data usage in uninstalled processes on PC

NewbieBluey

NewbieBluey

Active member
Joined
Sep 30, 2021
Posts
27
Uninstalled processes used 500gb last month and I don't know why.
Capture3.PNG
I have been looking at this :
Mysterious "uninstalled processes" using network every time I turn on my computer

Uninstalled processes are programs that are no longer installed on your computer but still appear in the Task Manager or the startup items list.

The Folks at Malwarebytes have been helping me and it doesn't look like its a virus.

Anyway to track down what is causing the data usage?
 
In task manager, right click on one of the headers like CPU Time, you'll see a list of options, choose PID. Note the PID of the Uninstalled Processes.

Open an elevated command prompt. Click Start, type cmd, then CTRL+SHIFT+ENTER
An elevated command prompt should open. In this prompt, copy and paste the following and hit enter.

echo > 0 & systeminfo >> 0 & WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:list >> 0 & wmic PATH Win32_VideoController GET Description,PNPDeviceID /format:list >> 0 & wmic logicaldisk where drivetype=3 get Name, Compressed, Description, FreeSpace /format:list >> 0 & tasklist /v >> 0 & net start >> 0 & echo >> 0 & notepad 0

Notepad will open. Upload the txt file or copy and paste into your next post. Hopefully, this will shed some light on what it is.

NewbieBluey said:
I have been looking at this :
Mysterious "uninstalled processes" using network every time I turn on my computer
Click to expand...


Have you followed any of the advice here? If so what?
 
In task manager, right click on one of the headers like CPU Time, you'll see a list of options, choose PID. Note the PID of the Uninstalled Processes.

I looked but could not find it.
Screenshot 2023-08-03 071654.png

Attached is the log

Thank you for looking into this
 

Attachments

xrobwx71 said:
Have you followed any of the advice here? If so what?
Click to expand...
Have you following any of the advice which you referred to? My advice would have been similar, run TCPView and check which processes are connecting via TCP/UDP, your network activity is most likely over that. Have you checked with Autoruns to which services/processes are set to run at boot/system start up?
 
x BlueRobot said:
Have you following any of the advice which you referred to?
Click to expand...
Honestly not too much . I made a post earlier this week on the Malwarebytes forum and they suggested Glasswire, NetworkUsageView v1.30 and Treesize free to see were that data is going to. I can't really tell were it is all going in those programs.

I disabled some auto runs already but that didn't help.
 
Last edited:
Could you please export your Autoruns as .ARN file? It should available under the File > Export menu option from what I remember. You'll likely have to place it in .zip and then attach it your next post as I don't think the editor supports directly uploading .arn file formats.

Honestly, your best option is probably to use something like TCPView and then see which processes are receiving and sending large amounts of data. You can always export it as a .csv file too. The option is available under File > Save.
 
x BlueRobot said:
Could you please export your Autoruns as .ARN file? It should available under the File > Export menu option from what I remember. You'll likely have to place it in .zip and then attach it your next post as I don't think the editor supports directly uploading .arn file formats.

Honestly, your best option is probably to use something like TCPView and then see which processes are receiving and sending large amounts of data. You can always export it as a .csv file too. The option is available under File > Save.
Click to expand...
Thanks!
Here is the File form tcpview.
I dont know how to save a autoruns file but I saved a screen shot.
Screenshot 2023-08-03 184232.png
 

Attachments

x BlueRobot said:
Could you please export your Autoruns as .ARN file? It should available under the File > Export menu option from what I remember. You'll likely have to place it in .zip and then attach it your next post as I don't think the editor supports directly uploading .arn file formats.
Click to expand...
I just figured it out.
 

Attachments

Reading through the link you provided I'm leaning toward it's exactly what it says. Since it is in the App History tab. It's a past uninstalled process and the communication is part of Microsoft's telemetry.
If you are concerned it might be malware, let one of our Malware experts have a look here.

Malware Removal Posting Instructions
 
xrobwx71 said:
Reading through the link you provided I'm leaning toward it's exactly what it says. Since it is in the App History tab. It's a past uninstalled process and the communication is part of Microsoft's telemetry.
If you are concerned it might be malware, let one of our Malware experts have a look here.

Malware Removal Posting Instructions
Click to expand...
Thanks, I had Malwarebytes forum look at this earlier this week.
High level of data usage in uninstalled processes on PC (1tb)
But it doesn't hurt to have another set of eyes on this.
 
Hi,

I have just take a look at the log files you've posted on the MBAM forum, the following RunOnce entry (SYSTEM) might need some more research on it?
Rich (BB code): 
HKU\S-1-5-18\...\RunOnce: [InstallBootstrap] => "C:\ProgramData\NordUpdater\updates\q10rhsc1.exe" (No File)
I would suggest to follow @xrobwx71 instructions to check the current FRST files again...
 
Last edited by a moderator:
You may want to disable Microsoft Edge from loading at startup along with the OneSyncSvc (Sync Host) service which seems to be a synchronisation service with the mail and contact UWP apps?

This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality will not work properly when this service is not running.
Click to expand...
Source: Security guidelines for system services in Windows Server 2016

I would suggest removing or disabling NordVPN to reduce any likelihood that it is contributing to your network usage. Otherwise, I can't immediately see what would be causing such high network usage under that "Uninstalled Processes" entry. What have you installed on this machine in the past?
 
I can't image either of those would have high network activity, I suspect that having Edge load at start may be a contributory factor.
 
It's not a malware relate issue, so I prefer to reply here instead in the Security Arrena, especially since there are already several replies here.

It seems that you had GOG Galaxy installed. Now, it's not shown in the Installed Programs list, however there are a lot of remnants. Please confirm that GOG is not installed now.

Errors are also shown regarding Nord VPN. I suggest to uninstall it now. In case you need it, you can install it later again.

I will be waiting for your reply regarding GOG and Nord, before I give you a fix to try.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top