Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Crash Analysis and Debugging › Weird background process kills graphics performance in win8
New Posts  All Forums:Forum Nav:

Weird background process kills graphics performance in win8 - Page 3

post #21 of 29
Thread Starter 
gotta get some sleep now. Thx for the help so far, greatly appreciated. I´ll check back in a couple of hours
post #22 of 29
Quote:
Originally Posted by Beatwolf View Post

Yep its a persisent SOB, no idea where I got it from. Ok the three logs. I´ll just attach them instead of copy/pasting them, hope that´s ok. dds.txt 32k .txt file attach.txt 10k .txt file ark.txt 9k .txt file

Awesome thanks for those. Its definitely malicious, and seems to talk to a malicious server over HTTP. Some more stuff for you:

STAGE 1:

1. Run Hijack This! elevated (run as administrator). NOTE: If the Run as administrator option is not available, hold down shift while right-clicking the icon.
2. Choose Do a system scan only
3. Place a check next to the following entries and click Fix checked:
Code:
O4 - HKLM\..\Run: [Adobe] C:\Users\Malte\AppData\Roaming\Adobe\color.vbe
O4 - Startup: Desktop.scf

=====================================================================

STAGE 2:

Download ComboFix from here to your Desktop.

== Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer ==

  1. Close any open web browsers and applications.
  2. Open Notepad and copy the following text into it:
    Code:
    File::
    C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf
    C:\Users\Malte\AppData\Roaming\Adobe\color.vbe
    
  3. Save the file as CFScript.txt in the same location as ComboFix.exe
  4. Drag the CFScript onto ComboFix.exe (refer to the below image)


  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" file here.


== Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ==
== Note: If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update ==

=====================================================================

STAGE 3:

Step 1

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Enter System Recovery Options. Use whichever method below is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  1. Restart the computer.
  2. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  3. Use the arrow keys to select the Repair your computer menu item.
  4. Select Your Country as the keyboard language settings, and then click Next.
  5. Select the operating system you want to repair, and then click Next.
  6. Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  1. Insert the installation disc.
  2. Restart your computer.
  3. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  4. Click Repair your computer.
  5. Select Your Country as the keyboard language settings, and then click Next.
  6. Select the operating system you want to repair, and then click Next.
  7. Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  1. Select Command Prompt
  2. In the command window type in notepad and press Enter.
  3. The notepad opens. Under File menu select Open.
  4. Select "Computer" and find your flash drive letter and close the notepad.
  5. In the command window type e:\frst64) and press Enter. Note: Replace letter e with the drive letter of your flash drive.
  6. The tool will start to run.
  7. When the tool opens click Yes to disclaimer.
  8. Press Scan button.
  9. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Step 2
  1. Boot to System Recovery Options and run FRST as you did to get the log.
  2. Type the svchost.exe in the edit box after "Search:"
  3. Click Search button and post the log (Search.txt) it makes to your reply.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #23 of 29
open could also try tdss killer and comodo cleaning essentials. tdss killer comes from Kaspersky labs and works really well on rootkits
     
CPUMotherboardGraphicsRAM
FX 8350 Gigabyte 990-FXA-UD3 Gigabyte Radeon R9 290x G Skill Sniper DDR3-1866 
Hard DriveHard DriveHard DriveOptical Drive
samsung 850 evo  seagate barracuda 2 terabyte seagate barracuda  Asus DVD-RW 
Optical DriveCoolingCoolingCooling
LG GGC-H20L Coolermaster 120mm corsair h100i Coolermaster 200mm 
CoolingOSMonitorMonitor
aerocool f6xt Win 7 Pro 64 bit asus vw246h aoc 2236vw 
KeyboardPowerCaseMouse
Microsoft Reclusa Cooler Master Silent Pro M850 HAF 922 corsair vengeance m65 
Mouse PadAudioAudio
razer vespula Altec Lansing Octane 7 creative recon fatal1ty professional 
CPUMotherboardRAMHard Drive
core 2 quad q6600 asus p5g41t-m lx plus patriot viper samsung 500gb sata 3.0gbps 
Hard DriveHard DriveOptical DriveOptical Drive
western digital caviar blue 500gb sata 3.0gbps crucial m4 hp dvd-rw ide lite-on dvd-rw 
CoolingCoolingCoolingOS
coolermaster hyper-n520 coolermaster 200mm fan bitfenix spectre 200mm windows 7 home premium 64bit 
MonitorKeyboardPowerCase
my sony bravia 40" 1080p tv inland coolermaster extreme power plus 700 watt HAF 912 
MouseAudio
inland realtek onboard 
CPUMotherboardGraphicsRAM
Core 2 Duo g72gx-rbbx05 gtx 260m Nanya PC2-6400 
Hard DriveHard DriveOptical DriveOS
G Skill 64 GB SSD Western Digital Scorpio Black HL-DVD-RW Windows 7 Home Premium 
MouseAudio
Razer Lachesis 4000 DPI Onboard Altec Lansing 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
FX 8350 Gigabyte 990-FXA-UD3 Gigabyte Radeon R9 290x G Skill Sniper DDR3-1866 
Hard DriveHard DriveHard DriveOptical Drive
samsung 850 evo  seagate barracuda 2 terabyte seagate barracuda  Asus DVD-RW 
Optical DriveCoolingCoolingCooling
LG GGC-H20L Coolermaster 120mm corsair h100i Coolermaster 200mm 
CoolingOSMonitorMonitor
aerocool f6xt Win 7 Pro 64 bit asus vw246h aoc 2236vw 
KeyboardPowerCaseMouse
Microsoft Reclusa Cooler Master Silent Pro M850 HAF 922 corsair vengeance m65 
Mouse PadAudioAudio
razer vespula Altec Lansing Octane 7 creative recon fatal1ty professional 
CPUMotherboardRAMHard Drive
core 2 quad q6600 asus p5g41t-m lx plus patriot viper samsung 500gb sata 3.0gbps 
Hard DriveHard DriveOptical DriveOptical Drive
western digital caviar blue 500gb sata 3.0gbps crucial m4 hp dvd-rw ide lite-on dvd-rw 
CoolingCoolingCoolingOS
coolermaster hyper-n520 coolermaster 200mm fan bitfenix spectre 200mm windows 7 home premium 64bit 
MonitorKeyboardPowerCase
my sony bravia 40" 1080p tv inland coolermaster extreme power plus 700 watt HAF 912 
MouseAudio
inland realtek onboard 
CPUMotherboardGraphicsRAM
Core 2 Duo g72gx-rbbx05 gtx 260m Nanya PC2-6400 
Hard DriveHard DriveOptical DriveOS
G Skill 64 GB SSD Western Digital Scorpio Black HL-DVD-RW Windows 7 Home Premium 
MouseAudio
Razer Lachesis 4000 DPI Onboard Altec Lansing 
  hide details  
Reply
post #24 of 29
Quote:
Originally Posted by Dt_Freak1 View Post

open could also try tdss killer and comodo cleaning essentials. tdss killer comes from Kaspersky labs and works really well on rootkits

There's not enough evidence that it is a rootkit from the data so far, so I'm avoiding those for now/
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #25 of 29
Thread Starter 
post #26 of 29
Thread Starter 
Ok I think we got it. Service is not running anymore at least. Here are the logs from the above runs. ComboFix.txt 35k .txt file FRST.txt 53k .txt file Search.txt 2k .txt file
post #27 of 29
Yup, you're clean!
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #28 of 29
Thread Starter 
thx for the help, rep added!
post #29 of 29
Quote:
Originally Posted by Beatwolf View Post

thx for the help, rep added!

Welcome smile.gif
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Crash Analysis and Debugging
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Crash Analysis and Debugging › Weird background process kills graphics performance in win8