Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

General Overall Sluggishness


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jaden85000

Jaden85000

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 26 July 2016 - 07:53 PM

I haven't any other way to put it, This PC has effectively halved its performance.
ADW cleaner had been run and reboot had been back to normal, Lag returned after second reboot.

Scanned with Malware-bytes and came up blank as well.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 27 July 2016 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3266083179-3991737194-2799083451-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: No Name -> {53C5D63A-7016-3FBA-FF7B-39669E031F2D} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Homepage: hxxps://classic.startpage.com/eng/?&hmb=1
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3266083179-3991737194-2799083451-1003: @my.com/Games -> C:\Users\Jaden85000\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF Plugin HKU\S-1-5-21-3266083179-3991737194-2799083451-1003: @nsroblox.roblox.com/launcher -> C:\Users\Jaden85000\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-3266083179-3991737194-2799083451-1003: @nsroblox.roblox.com/launcher64 -> C:\Users\Jaden85000\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy64.dll [No File]
FF SearchPlugin: C:\Users\Jaden85000\AppData\Roaming\Mozilla\Firefox\Profiles\kfpxcf9q.default-1439421211987\searchplugins\startpage-ssl.xml [2015-09-07]
S2 GlassWire; "C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" [X]
S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM" [X]
S4 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
C:\Users\Jaden85000\AppData\Roaming\Mozilla\Firefox\Profiles\kfpxcf9q.default-1439421211987\searchplugins\startpage-ssl.xml
C:\ProgramData\makulitsidwe
CustomCLSID: HKU\S-1-5-21-3266083179-3991737194-2799083451-1003_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3266083179-3991737194-2799083451-1003_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3266083179-3991737194-2799083451-1003_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
Task: {0D434D78-8D07-4901-B683-27F1AB10E8CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {375FF5A3-B37A-476C-9092-466038739628} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3FC7D1CC-A28C-4230-9A26-F6F5110E7D90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {46E94C82-51CE-4A97-9996-C3EFD609E4B5} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {65BE542C-6B33-431C-8BB5-C3E017624B31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6E162830-EF3E-4CBC-B57A-479C95F6F0EE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {77C467CC-BE42-47DF-808C-C63B05F01ED7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8F26BBB4-F741-43B1-AD61-B792795356C0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A497AAF6-1CCA-4D45-8ACA-6748332697CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BADAF505-F035-4B15-997B-933FF64CED64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C6F740E1-47D9-4599-A5B0-59E2A0193695} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CF3CD688-398B-48A2-9F21-DC1C50831085} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
FirewallRules: [{E93736BF-5846-41EF-9224-2FE857717448}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{B97AA323-BADC-4CB2-ADE2-691D251A12B7}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{8824DB1E-C087-4D0B-96B3-19FCF249805A}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{3F16D2F9-3A49-4372-941F-0A234D896A8F}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{F0DC9BA6-C36E-4EAF-A549-BB75B58A3265}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{992E3C6A-1174-4FD7-ABEB-F6247A5800DB}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{01FE7ECB-6045-4D03-8ECC-E97BCFEE5584}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Please post the log and let me know what problem persists.

#3 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 27 July 2016 - 03:04 PM

Time is short at the moment so ill make it quick, Fixlog.txt as requested, Java updating and uninstalling as i write this. Tested to show no change as of yet.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 28 July 2016 - 07:30 AM



Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#5 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 28 July 2016 - 03:45 PM

Rouge report as requested, one false positive for a .DLL on an old game which was removed as it was an orphaned.
As for "sfc /SCANNOW" i uploaded CBS.log ,default log file name/type,  as it came across ownership issues.
*edit* typos

Attached Files


Edited by Jaden85000, 28 July 2016 - 03:46 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 29 July 2016 - 07:31 AM

All the files are good.

Lets check your drivers for 3rd party software.
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Is the problem persisting?

#7 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 29 July 2016 - 02:40 PM

Six items out of date, four of which were promptly uninstalled. Two others were Z-Zip and VLC
Problem still persists.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 30 July 2016 - 07:02 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#9 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 30 July 2016 - 07:01 PM

zoek-results.txt as requested. Problem seems to be gone as of now, only persists within almost every one of my CPU intensive games now.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 31 July 2016 - 08:39 AM

Try this.

Your version of Shockwave is out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the current version if present.
Adobe Shockwave Player 12.1

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Any change?

#11 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 31 July 2016 - 12:28 PM

No change.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 31 July 2016 - 01:43 PM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 06 August 2016 - 07:26 AM

Are you still with me?

#14 Jaden85000

Jaden85000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 06 August 2016 - 09:36 AM

Yes i am, did not recieve a notification untill your last message. Currently i am on mobile so ill get back to you when i have done what is described above.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 06 August 2016 - 01:36 PM

Waiting...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users