Author Topic: [Resolved] Sluggish, unusual performance as of late. Unusual Bandwidth issues.  (Read 3268 times)

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443


Hello again Broly3k8,

Sorry to hear of your bad news but welocme back :w2

We had not got very far last time, so will start again.
Thanks for the additional information too.

Platgypuss

Offline Broly3k8

  • Bronze Member
  • Posts: 68
Since we're starting from the begining again I went ahead and did what you told me to do last time with MWB. The scan is complete and nothing was detected. Ill wait for your determination of the the FRST report and response to this before I do the Notepad thing.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2016
Scan Time: 12:39 PM
Logfile: MWB Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.16.05
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: amanda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424026
Time Elapsed: 23 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
 
Hello Broly3k8,
,
While I am  going through your log could you advise:-
  • That you have just one router for your  home network ?
  • If your network is WiFi ?
  • That you have "reset" your router by unplugging for 15 seconds & reconnecting ?
  • Unplugged /reconnected all relevant cables for correct engagement (If hard wired network) ?
platypuss


Platypuss

Offline Broly3k8

  • Bronze Member
  • Posts: 68
1. Yes, there is only 1 router in the home network.

2. Network is WiFi

3. I reset it when this stuff first started a few days ago, but I can/will do it again in a few moments.

4. N/A


Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Hello,
Thanks for that. Next:-

 Please download Farbar Service Scanner from HERE
Make sure the following options are checked before running it:-
   
 
  • RPCSS
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

    Press "Scan".
    It will create a log (FSS.txt) in the same directory as the tool is run.
    Please copy and paste the log to your reply.
>>>>>>>>>>>>
platypuss


Offline Broly3k8

  • Bronze Member
  • Posts: 68
Sorry for the delay I was at Drill all weekend.

That being said I discovered something quite odd...

I have an external 4tb Hard drive that has been with me a for a few years now, and was used for many things while I was in Afghanistan back in 2012-2013. It's been used quite a bit since. Well, I recently moved my entire Steam Library to it, as well as combined a few of my other, smaller, hard drives with it. Well this weekend before I went to drill I unplugged it and started working on some stuff before I left.. Well low and behold allt he problems I was having before were magically gone.

Please Advise.

Offline Broly3k8

  • Bronze Member
  • Posts: 68
Oh here is the FSS log thing:

Farbar Service Scanner Version: 27-01-2016
Ran by amanda (administrator) on 22-02-2016 at 12:30:19
Running from "C:\Users\amanda\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Hello Broly3k8,
Quote
I have an external 4tb Hard drive that has been with me a for a few years now, and was used for many things while I was in Afghanistan back in 2012-2013. It's been used quite a bit since. Well, I recently moved my entire Steam Library to it, as well as combined a few of my other, smaller, hard drives with it. Well this weekend before I went to drill I unplugged it and started working on some stuff before I left.. Well low and behold allt he problems I was having before were magically gone.

That is good, it would suggest that some malware has been introduced or confliction within the external hard drive exists.

 I suggest that we finish cleaning your computer of malware first & then address the external hard drive when that is done
 (Do not connect the external hard drive again)

First

Please locate the program FRST64 you downloaded earlier.


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
Start:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-152001228-498363203-1698013675-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SearchScopes: HKU\S-1-5-21-152001228-498363203-1698013675-1001 -> URL hxxp://search.conduit.com
/Results.aspx?ctid=CT3321738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP30482155-1739-47BD-9968-D96FFCC25A87&q={searchTerms}&SSPV=
CHR HomePage: Default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6pTQJVjiRUw3c_2qvcwsjS47YWpDL-YDLZ17tpFKFye7hfe7nS6fYBxW1dNkYoybXEmR1adRAfs4iRrHkKS3865NNCwIGKmHt8GU5JeWnJAgVg6fUb1l-LuJuAoOMtM,
ShortcutWithArgument: C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://feed.helperbar.com/?
Toolbar: HKU\S-1-5-21-152001228-498363203-1698013675-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9a677688-6be7-2030-5982-8474eae17519&searchtype=sc&installDate=15/08/2014&barcodeid=131768&um=0
C:\Users\amanda\AppData\Roaming\WB.CFG
Muvic Smartbar (HKLM-x32\...\{AFF1052D-3D75-4A4F-9513-26A65E1F5E6D}) (Version: 11.81.58.18372 - PinWid Ltd.) <==== ATTENTION
EmptyTemp:
Reboot:


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

>>>>>>>>>>>>>>>>>>


Please download AdwCleaner  onto your Desktop.

Take care NOT to click on any ad, such as PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

  • Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
  • Please wait for the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
       
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot

    After restart the AdwCleaner-Notepad log will appear, please copy/paste it in your next reply....
   
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\
Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

>>>>>>>>>>>>>>>>>>>>>>>
I need Fixlog.txt,
AdwareCleaner log
JRT.txt please.

platypuss

Offline Broly3k8

  • Bronze Member
  • Posts: 68
Sorry for the delay but I have some news.

If youll notice my IP is now much different, as I currently living in Germany now, and have sold the PC that we were talking about here.

I had a buddy of mine go over the last computer to ensure everything was deleted from it, so if there was anything wrong with it, it should not have gone to the new owner.

Although this computer I am on now definitely is giving me the tale-tale signs of possibly being used as a zombie computer. Opening tabs on its on, random sounds, extremely sluggish at times. It's almost as bad as the first computer I originally brought to you all. Im probably going to go ahead and open a post for this one.