Jump to content

Recommended Posts

Hey guys, i think i have some serious problems well i think i made from a small problem a big one because ive try'd to fix it myself without the knowledge just google stuff and that didnt rly work out i think. so first i started to notice fps drops in games etc en not only drops but it was actually degrading over time somthing ive never seen before.also for the last 2years almost i never had problems running the same games spend 2weeks trying to figure out what was wrong. hardware? software? i literally have no idea anymore. but then i came across a post here from someone and you told him to use malwarebytes and then FRST and i always had malwarebytes and i can't find anything with it so i try to use FRST and i got pretty long logs.. so i'm abit worryd and i really need/would like some help if possible (im still not sure if its also hardware related it could be..). greetings stefan.

Link to post
Share on other sites

Hello StefanPennings and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hey i think i have everything here 

ooh right in FRST i just choose every scan option possible so it gave me 3 logs i just send them all 3 (use it or not i dont know haha) just to be sure i put it in.

thanks for helping atleast! really appreciate it i was getting desperate lol

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 21-4-2016
Scantijd: 13:07
Logboekbestand: 
Beheerder: Ja

Versie: 2.2.1.1043
Malware-database: v2016.04.21.02
Rootkit-database: v2016.04.17.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Stfn

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 337635
Verstreken tijd: 9 min, 47 sec

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

Processen: 0
(Geen kwaadaardige items gedetecteerd)

Modules: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutels: 10
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In quarantaine, [7afc5c55d5c460d6e11a52a457ab07f9], 
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In quarantaine, [e98d2e839affe74f05f619ddc04253ad], 
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In quarantaine, [5620822f287126109665e610fa08718f], 
PUP.Optional.YesSearches, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, In quarantaine, [caacb7fa4b4e0a2ce6f2239ec042f808], 
PUP.Optional.YesSearches, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, In quarantaine, [84f28b26237658de8157d3ee41c1b44c], 
PUP.Optional.SearchManager.ChrPRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, In quarantaine, [4333921f2376af87b37ed4d46a9a8c74], 
PUP.Optional.SearchManager.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, In quarantaine, [9dd94d642673a29400315a4e49bb4cb4], 
PUP.Optional.InstallCore, HKU\S-1-5-21-1349301497-2293964778-256975539-1000\SOFTWARE\ICSW1.19, In quarantaine, [4f27288965344cea888e90a2aa5a4cb4], 
PUP.Optional.DriverRestore, HKU\S-1-5-21-1349301497-2293964778-256975539-1000\SOFTWARE\DRIVERRESTORE, In quarantaine, [91e5cae73d5c2214a483feaadd27827e], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-1349301497-2293964778-256975539-1000\SOFTWARE\PRODUCTSETUP, In quarantaine, [caacfab76a2f9b9bf0855ee3aa5a1ee2], 

Registerwaarden: 2
PUP.Optional.DriverRestore, HKU\S-1-5-21-1349301497-2293964778-256975539-1000\SOFTWARE\DRIVERRESTORE|FirstScanDateTime, 2016-04-10T07:49:53.8349431+02:00, In quarantaine, [91e5cae73d5c2214a483feaadd27827e]
PUP.Optional.ProductSetup, HKU\S-1-5-21-1349301497-2293964778-256975539-1000\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, In quarantaine, [caacfab76a2f9b9bf0855ee3aa5a1ee2]

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Mappen: 0
(Geen kwaadaardige items gedetecteerd)

Bestanden: 0
(Geen kwaadaardige items gedetecteerd)

Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)


(end)

Rkill.txt

Addition.txt

FRST.txt

Shortcut.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites

Hey i did the fix already it said it was succesfull (il post logs tomorrow when i wakeup) because i will let this ESET scan run when i go to sleep so i just wanted to update for now, so im just experiencing that everything is slower my hard drive seems to be busy all the time i even hear a really high tone out of my pc somethimes. and still when i play a game it just laggs and spikes when it never did this before on exactly the same games/settings etc so after 10minutes my fps suddenly starts degrading even from 250 to 200 to 150 etc etc til i have like 50 left and still spikes to 10/20 wich makes everything unplayable after like 30minutes. everywhere on the internet where i look it indicates to overheating but everything for me is nice around 30/40 degrees celsius always.. only my gpu is max 50 when i run a game + after 30min i also get a fuzzy screen kinda really blurry somthimes waves from half my screen to the bottom its just not right and i dont know if its software or hardware related i wouldt like to know either and what i should replace ''if'' somthing is broken or what ever. also my harddrive in task manager the sourcechecker thing..seems to be always busy with all kinds of stuff specially audiolog.exe and other applications they dont seem like such big files but i dont know they feel big like they really slow things down somehow. for the rest i honestly dont know where to look ive also checked everything in gpu-z and precision X occasionaly the only thing i can tell is that my voltage keeps changing and im not so sure if thats ok for the rest i dont really know that well where to look whats good and whats not same goes for gpu-z and specially HWinfo.. it looks like there is alot usefull and interesting information but i just don't know what like ''the original voltages should be'' and stuff like that so i could never check if things are Ok.. and ye i just wanna figure out if its hardware related what part and why not that i buy a new harddrive and my gpu is broken or vice versa haha. i hope i didnt forget anything so i will send the 2 logs tomorrow morning the ESET can run overnight. greetings stfn

Link to post
Share on other sites

ah and also i have been in contact with the costumer support of the game i play the most and they pretty much say that they dont even see a problem my fps seems normal and on their end its nothing that could cause it we did troubleshooting and stuff so assume its all fine, when the fps spikes/degrade waves and blurry screen + slower reaction of everything somthimes like everything is really in slowmotion are really obvious and i just never had this before im 100% sure i never had a problem.

Link to post
Share on other sites

ESET log results are not showing any bad malware or infection. Your choice to keep or delete the two flagged entries....

What is the current status of your operating system, are there any remaining issues or concerns... I know you mention mouse issue, can you check to see if driver update is required..

Link to post
Share on other sites

maybe there is something wrong with my harddrive or somthing when i check it for errors it shows up also nothing so im clueless but i have this delay and lag everywhere the pc just generally reacts pretty slow for the setup i have and in games i just can't do anything cuz it degrades after 20/30min and my screen gets blurry my fps drops and spikes but nothing is overheating when i check it :S

Link to post
Share on other sites

Please download VEW by Vino Rosso from here: http://images.malwareremoval.com/vino/VEW.exe and save it to your Desktop.
 

  • Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.



Please post the Output log in your next reply.
Link to post
Share on other sites

Click on Start > All Programs > Accessories:

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:
 
  • Press the Windows Key + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Logboeknaam:   Application
Bron:          Microsoft-Windows-Wininit
Datum:         23-4-2016 7:32:41
Gebeurtenis-id:1001
Taakcategorie: Geen
Niveau:        Informatie
Trefwoorden:   Klassiek
Gebruiker:     n.v.t.
Computer:      Stfn-PC
Beschrijving:


Het bestandssysteem op C: wordt gecontroleerd...
Het type bestandssysteem is NTFS.

Er is in een eerder stadium een schijfcontrole gepland.
Windows zal de schijf nu controleren.                            

Bestanden controleren (stap 1 van 5)...
Instantielabels voor het bestand 0x19ef8 verwijderen.
  257536 bestandsrecords verwerkt.                                      
De bestandscontrole is voltooid.
  476 records met grote bestanden verwerkt.                          
  0 records met beschadigde bestanden verwerkt.                    
  0 EA-records verwerkt.                                            
  63 reparserecords verwerkt.                                        
Indices controleren (stap 2 van 5)...
  352310 indexvermeldingen verwerkt.                                    
De indexcontrole voltooid.
  0 niet-geïndexeerde bestanden gecontroleerd.                      
  0 niet-geïndexeerde bestanden hersteld.                          
CHKDSK controleert de security descriptors (stap 3 van 5)...
  257536 bestands-SD's/-SID's verwerkt.                                  
988 ongebruikte indexingangen in de index $SII
van het bestand 0x9 verwijderen.
988 ongebruikte indexingangen in de index $SDH
van het bestand 0x9 verwijderen.
988 ongebruikte security descriptors verwijderen.
De controle van security descriptors is voltooid.
  47388 gegevensbestanden verwerkt.                                    
Het USN-logboek controleren...
  36410224 USN-bytes verwerkt.                                            
Controle van USN-logboek is voltooid.
CHKDSK controleert de bestandsgegevens (stap 4 van 5)...
  257520 bestanden verwerkt.                                            
De controle van bestandsgegevens is voltooid.
Vrije ruimte controleren (stap 5 van 5)...
  474689079 vrije clusters verwerkt.                                        
De controle op vrije schijfruimte is voltooid.
Het bestandssysteem is hersteld.

1952949247 kB totale schijfruimte.
  53697396 kB in 115331 bestanden.
     75392 kB in 47389 indexen.
         0 kB in beschadigde sectoren.
    420139 kB in gebruik door het systeem.
Het logboekbestand neemt      65536 kB in beslag.
1898756320 kB beschikbaar op schijf.

      4096 bytes per cluster
 488237311 clusters in totaal op schijf
 474689080 clusters beschikbaar op schijf

Interne info:
00 ee 03 00 ac 7b 02 00 b0 7e 04 00 00 00 00 00  .....{...~......
9f 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00  ....?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

De schijfcontrole is voltooid.
Een ogenblik geduld. De computer wordt opnieuw opgestart.

Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-04-23T05:32:41.000000000Z" />
    <EventRecordID>14037</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Stfn-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Het bestandssysteem op C: wordt gecontroleerd...
Het type bestandssysteem is NTFS.

Er is in een eerder stadium een schijfcontrole gepland.
Windows zal de schijf nu controleren.                            

Bestanden controleren (stap 1 van 5)...
Instantielabels voor het bestand 0x19ef8 verwijderen.
  257536 bestandsrecords verwerkt.                                      
De bestandscontrole is voltooid.
  476 records met grote bestanden verwerkt.                          
  0 records met beschadigde bestanden verwerkt.                    
  0 EA-records verwerkt.                                            
  63 reparserecords verwerkt.                                        
Indices controleren (stap 2 van 5)...
  352310 indexvermeldingen verwerkt.                                    
De indexcontrole voltooid.
  0 niet-geïndexeerde bestanden gecontroleerd.                      
  0 niet-geïndexeerde bestanden hersteld.                          
CHKDSK controleert de security descriptors (stap 3 van 5)...
  257536 bestands-SD's/-SID's verwerkt.                                  
988 ongebruikte indexingangen in de index $SII
van het bestand 0x9 verwijderen.
988 ongebruikte indexingangen in de index $SDH
van het bestand 0x9 verwijderen.
988 ongebruikte security descriptors verwijderen.
De controle van security descriptors is voltooid.
  47388 gegevensbestanden verwerkt.                                    
Het USN-logboek controleren...
  36410224 USN-bytes verwerkt.                                            
Controle van USN-logboek is voltooid.
CHKDSK controleert de bestandsgegevens (stap 4 van 5)...
  257520 bestanden verwerkt.                                            
De controle van bestandsgegevens is voltooid.
Vrije ruimte controleren (stap 5 van 5)...
  474689079 vrije clusters verwerkt.                                        
De controle op vrije schijfruimte is voltooid.
Het bestandssysteem is hersteld.

1952949247 kB totale schijfruimte.
  53697396 kB in 115331 bestanden.
     75392 kB in 47389 indexen.
         0 kB in beschadigde sectoren.
    420139 kB in gebruik door het systeem.
Het logboekbestand neemt      65536 kB in beslag.
1898756320 kB beschikbaar op schijf.

      4096 bytes per cluster
 488237311 clusters in totaal op schijf
 474689080 clusters beschikbaar op schijf

Interne info:
00 ee 03 00 ac 7b 02 00 b0 7e 04 00 00 00 00 00  .....{...~......
9f 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00  ....?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

De schijfcontrole is voltooid.
Een ogenblik geduld. De computer wordt opnieuw opgestart.
</Data>
  </EventData>
</Event>

 

hey here it is so what i also found when i open the evenvwr on the mainpage it found like over 12.000 errors :P is assume thats not so good? even 1 critical error with kernel-power

Edited by StefanPennings
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.