Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Crash Analysis and Debugging › Weird background process kills graphics performance in win8
New Posts  All Forums:Forum Nav:

Weird background process kills graphics performance in win8 - Page 3

post #21 of 29
Thread Starter 
gotta get some sleep now. Thx for the help so far, greatly appreciated. I´ll check back in a couple of hours
post #22 of 29
Quote:
Originally Posted by Beatwolf View Post

Yep its a persisent SOB, no idea where I got it from. Ok the three logs. I´ll just attach them instead of copy/pasting them, hope that´s ok. dds.txt 32k .txt file attach.txt 10k .txt file ark.txt 9k .txt file

Awesome thanks for those. Its definitely malicious, and seems to talk to a malicious server over HTTP. Some more stuff for you:

STAGE 1:

1. Run Hijack This! elevated (run as administrator). NOTE: If the Run as administrator option is not available, hold down shift while right-clicking the icon.
2. Choose Do a system scan only
3. Place a check next to the following entries and click Fix checked:
Code:
O4 - HKLM\..\Run: [Adobe] C:\Users\Malte\AppData\Roaming\Adobe\color.vbe
O4 - Startup: Desktop.scf

=====================================================================

STAGE 2:

Download ComboFix from here to your Desktop.

== Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer ==

  1. Close any open web browsers and applications.
  2. Open Notepad and copy the following text into it:
    Code:
    File::
    C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf
    C:\Users\Malte\AppData\Roaming\Adobe\color.vbe
    
  3. Save the file as CFScript.txt in the same location as ComboFix.exe
  4. Drag the CFScript onto ComboFix.exe (refer to the below image)


  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" file here.


== Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ==
== Note: If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update ==

=====================================================================

STAGE 3:

Step 1

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Enter System Recovery Options. Use whichever method below is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  1. Restart the computer.
  2. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  3. Use the arrow keys to select the Repair your computer menu item.
  4. Select Your Country as the keyboard language settings, and then click Next.
  5. Select the operating system you want to repair, and then click Next.
  6. Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  1. Insert the installation disc.
  2. Restart your computer.
  3. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  4. Click Repair your computer.
  5. Select Your Country as the keyboard language settings, and then click Next.
  6. Select the operating system you want to repair, and then click Next.
  7. Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  1. Select Command Prompt
  2. In the command window type in notepad and press Enter.
  3. The notepad opens. Under File menu select Open.
  4. Select "Computer" and find your flash drive letter and close the notepad.
  5. In the command window type e:\frst64) and press Enter. Note: Replace letter e with the drive letter of your flash drive.
  6. The tool will start to run.
  7. When the tool opens click Yes to disclaimer.
  8. Press Scan button.
  9. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Step 2
  1. Boot to System Recovery Options and run FRST as you did to get the log.
  2. Type the svchost.exe in the edit box after "Search:"
  3. Click Search button and post the log (Search.txt) it makes to your reply.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #23 of 29
open could also try tdss killer and comodo cleaning essentials. tdss killer comes from Kaspersky labs and works really well on rootkits
 
Beautiful HoRyzen
(19 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700x Gigabyte Auros ax370 gaming 5 gigabyte geforce gtx 1080 ti gaming Crucial Ballistix Tactical ddr4-3000 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda 4TB crucial mx300 m2 Asus dvd rw corsair h100i 
CoolingCoolingOSMonitor
corsair af120 corsair af 120 windows 10 pro 64 bit asus vw 246h 
MonitorKeyboardPowerCase
aoc 2236vw corsair k40 corsair rm750x corsair graphite 760t arctic white 
MouseMouse PadAudio
corsair sabre rgb razer vespula altec lansing ocatne 7 
CPUMotherboardGraphicsRAM
Core 2 Duo g72gx-rbbx05 gtx 260m Nanya PC2-6400 
Hard DriveHard DriveOptical DriveOS
G Skill 64 GB SSD Western Digital Scorpio Black HL-DVD-RW Windows 7 Home Premium 
MouseAudio
Razer Lachesis 4000 DPI Onboard Altec Lansing 
  hide details  
Reply
 
Beautiful HoRyzen
(19 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700x Gigabyte Auros ax370 gaming 5 gigabyte geforce gtx 1080 ti gaming Crucial Ballistix Tactical ddr4-3000 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda 4TB crucial mx300 m2 Asus dvd rw corsair h100i 
CoolingCoolingOSMonitor
corsair af120 corsair af 120 windows 10 pro 64 bit asus vw 246h 
MonitorKeyboardPowerCase
aoc 2236vw corsair k40 corsair rm750x corsair graphite 760t arctic white 
MouseMouse PadAudio
corsair sabre rgb razer vespula altec lansing ocatne 7 
CPUMotherboardGraphicsRAM
Core 2 Duo g72gx-rbbx05 gtx 260m Nanya PC2-6400 
Hard DriveHard DriveOptical DriveOS
G Skill 64 GB SSD Western Digital Scorpio Black HL-DVD-RW Windows 7 Home Premium 
MouseAudio
Razer Lachesis 4000 DPI Onboard Altec Lansing 
  hide details  
Reply
post #24 of 29
Quote:
Originally Posted by Dt_Freak1 View Post

open could also try tdss killer and comodo cleaning essentials. tdss killer comes from Kaspersky labs and works really well on rootkits

There's not enough evidence that it is a rootkit from the data so far, so I'm avoiding those for now/
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #25 of 29
Thread Starter 
post #26 of 29
Thread Starter 
Ok I think we got it. Service is not running anymore at least. Here are the logs from the above runs. ComboFix.txt 35k .txt file FRST.txt 53k .txt file Search.txt 2k .txt file
post #27 of 29
Yup, you're clean!
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #28 of 29
Thread Starter 
thx for the help, rep added!
post #29 of 29
Quote:
Originally Posted by Beatwolf View Post

thx for the help, rep added!

Welcome smile.gif
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Crash Analysis and Debugging
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Crash Analysis and Debugging › Weird background process kills graphics performance in win8