Thejoindemand Posted April 28, 2017 ID:1120652 Share Posted April 28, 2017 hello there, my name is alex (Thejoindemand) and i got a big issue, first of all i would like to excuse myself if my english isnt correct. this is because i am not a native english speaker so please bear with it. as for a few days back (6) i noticed in taskmanager that there where 2-5 programs appearing and after 1 second dissapearing, in wich i find very strange because it is not known for my computer to do so. i started to look up and down and i noticed ''Windows Command Processor'' in what i wasmt familiar with. after seeing the process it just keeps showing now. if i keep looking it has a single process, but at some points it come's double, or even triple times above eachother and than 1 or 2 dissapear, and only 1 is showing. shutting 1 of those down only makes them go away for 1-5 seconds before showing up agian. at the same time in the Windows proccesses i got 1 Console window host opened even if i have nothing opened and just started my computer, and i noticed that when ''Windows Command processor" got 1 or 2 extra processes as i said above here, it also doubles the Console window host and after a while they also dissapear, and only showing 1. i tried to right click on the process "Windows Command Processor'' and the location is very strange: this pc/Local Disc(C:)/Windows/sysWOW64. i know a bit of computers and i know this isnt right for a program like that to be there, so i searched it up online and in that location it is mostly a trojan with mean purposes. now i know what to do so i first of all scanned my computer (full system scan) with Bitdefender 2017 (main antivirus) and updated it, but it says it cant find annything. still not trusting it i scanned with Malwarebytes and it showed some tracking cookies. still not satisfied i scanned with Hitman Pro, and it gave something, in wich i will include in the attachment. the first Suspicious file:C:\Users\Alex\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys if i remember correctly, this is the AntiCheat program of Battlefield 4, that i have so that didnt alarm anny bells for me. The second Suspicious file however did made some bells rinkle: C:\Windows\System32\drivers\TrueSight.sys this file is completely unknown of me and also i cant link it to something. because i dont want to harm my system i just clicked X of hitman pro and stopped there so i wont harm my system. I did Another virus scan with RKill and it stated no harmfull files or processes, but did gave me 2 notices: * Checking for processes to terminate: C:\Windows\SysWOW64\ASGT.exe (PID: 1472) [WD-HEUR] 1 proccess terminated! Performing miscellaneous checks: *Windows Defender Disabled! [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 I dont know if this is caused by something or is normal because i got a antivirus but still i find it odd. Furtheremore i did a rootkitscan with NPE (Norton Power Eraser) and it showed nothing when done. still not satisfied. last but not least, i did a windows normal system scan and Safe mode With internet connection With rogue, in what showed something, but not really relatable to the possible trojan/virus i suspecting have. this scan will also be in the Attachment. and since i done those scans, i noticed that whenever i am on google chrome (i got 2 widescreen gaming computer screens) and i am on the left screen and on the right screen i had taskmanager/nothing opened and what would happen is that on the left screen, google chrome would act like i was doing something on the right screen, and it would go to the right screen to do something else, like google chrome is inactive, and i had to click on it agian to use/continue to what i was doing (like scrolling typing etc) in what i could find very frustrating/wierd and i think it has to do something with something that doesnt belong on my computer. something that started occuring on 27 march 2017 after i turned my computer on after the night is that whenever i would create a folder/textdocument on my desktop it would take ages to even load the right mouse click index screen, and sometimes it just wont give my the option to create something and just gets stuck with the round loading thing of windows 8.1 and i couldnt even open a progam from my desktop. the strange thing is it could be related to a full/hard working ssd, but when i try it it just peaks to 32% Ssd usage and than drops to 18%. so that cant be it so i also relate this to something that isnt welcome on my computer. today (28 march 2017) i noticed when i was checking taskmanager agian i saw 2 NET COMMAND progams in task manager, and without even time to right click on them they dissapear. i could wait on them or what not and they wouldnt come back. i closed task manager agian, opended it and scrolled very fast down to see those 2 for half a second before dissapearing. i trust almost nothing on my computer accept i can relate to something or that i manually downloaded so i opened source control to check the services running in the background/some that are hidden. i cant find NET COMMAND everywhere but i stumbeled on Smss.exe that was completely hidden and kept switching up and down if i would scroll down and up. Smss.exe has NO information where it comes from, the creator, or what else normally is there. completely nothing! so that is also something i wont trust for sure. in taskmanager ''starting up'' where i shut down progams i dont want to directly run when starting (to keep booting/starting up fast) i also have 3 Program that are completely blank, i can only shut them down(appears to be) and nothing else i only can choose search online and that it. i noticed these since i found out about the ''Windows Command Processor'' virus. i dont know it it can be related to some of these things i have, but i also hope those can be helped to know from what they are and what they do. i also noticed i have an unusial amount of Servicehost:local service and Servicehost:remote procedure call opened. if needed, i also got a MP4 file of the multible ''Windows Command Processor'' doing it multiplie thing if that is needed it is possible to explain it more if it is not clear enough. i hope this helped alot to help me to if possible please help me with this problem, i can do alot myself, but if it come's to this i rather have help that knows what they do so i wont permantly damage my system making it unusable. i also want to try what is possible before i have to go to the last resort (complete clean install of windows+SSD whipe). NOTICE! I had to translate FRST.TXT, Addition.txt, HITMANPRO.log, Rkill.txt and Rogue.txt because some parts where my native language (dutch). i translated them with google translate BUT notice some can be WRONG TRANSLATED. thanks already and i will keep an direct eye on this thread! alexander ~Thejoindemand. FRST.txt Addition.txt HitmanPro_20170427_2007.log Rkill.txt Rogue.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 1, 2017 Root Admin ID:1121322 Share Posted May 1, 2017 The computer does not appear to be infected. It is having a lot of issues, crashes of the video card drivers and application. We'll go ahead and scan the system for any potential malware but this looks to probably be a video card driver issue based on the Event Log entries. Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Thejoindemand Posted May 1, 2017 Author ID:1121390 Share Posted May 1, 2017 (edited) here i AdvancedSetup. i need to say sorry for this late reply at my topic, this is because i just came home and the Sophos virus removal tool took longer than expected, but so, here are the logs Notice!: on April 29 when i was watching youtube Bitdefender Blocked 2 things that came up completely blank. the only thing bitdefenders says is: Module: Data Protection: Traffic type: that is the only thing it shows so thats a bit wierd for me. next thing is that the upperlisted thing that if i do something onl the left screen and than the right screen it seems like i click on the right screen so google chrome on the left acts like i started doing something on the rightscreen but i dont. this has worsened. it does it alot more and for longer now. Sophos virus removal tool came out clean! if i do not respond within 1 hour and 30 minutes, i will be sleeping sadly and will respond tomorrow thanks already for the help! Alexander ~Thejoindemand JRT.txt AdwCleaner[S0].txt AdwCleaner[C0].txt FRST.txt Addition.txt Edited May 1, 2017 by Thejoindemand mistyped some words Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 2, 2017 Root Admin ID:1121436 Share Posted May 2, 2017 The logs do not indicate the computer is infected. It would "seem" that the issue is probably due to old or corrupted Nvidia drivers. Please read the following, and other pages there and see if either this helps or a similar page. Please note that I have not tried this tool or drivers myself and I only found it by searching Google for help with removing and reinstalling Nvidia drivers. https://forums.geforce.com/default/topic/878345/geforce-experience/-nvidia-driver-and-geforce-experience-errors-try-this-first-ddu-device-driver-uninstaller-03-19-2017/ https://devtalk.nvidia.com/default/topic/1004577/installer-failed-cuda-8-on-win-10-k3100m/?offset=3 Make sure you create a new System Restore Point though before making any changes. Let me know how it goes. Thanks Ron Link to post Share on other sites More sharing options...
Thejoindemand Posted May 2, 2017 Author ID:1121507 Share Posted May 2, 2017 Hello Ron. I read the forums and done the following: Manually make system restore points, removed all nvidia drivers using DDU, installed microsoft visual studio(for Cuda Toolkit), installed Cuda Toolkit, installed Nvidia NSight HUD Launcer(detects errors and crashed within ndivia drivers). What it did: solved sluggish creating folders on the desktop(right click for interface took long, is fixed). No more when doing something on the left screen that it would seem that i started doing something on right screen. Better response from desktop/applications. Faster reboot time when needing to reboot after update(took 2-3mins, thought it was normal). These things where solved but i still have a issue regarding that isnt solved: Windows Command Processor still there and uses more CPU power(location: Local Disc (C:)/Windows/sysWOW64) Process analys shows it it waiting on a other process (bdwtxcr.exe) (PID: 2284) thread: - file is completely unknown. I also uncluded the Farbar recovery scan tool logs. Thanks already! Alexander ~Thejoindemand FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Thejoindemand Posted May 2, 2017 Author ID:1121509 Share Posted May 2, 2017 20 minutes ago, Thejoindemand said: Hello Ron. I read the forums and done the following: Manually make system restore points, removed all nvidia drivers using DDU, installed microsoft visual studio(for Cuda Toolkit), installed Cuda Toolkit, installed Nvidia NSight HUD Launcer(detects errors and crashed within ndivia drivers). What it did: solved sluggish creating folders on the desktop(right click for interface took long, is fixed). No more when doing something on the left screen that it would seem that i started doing something on right screen. Better response from desktop/applications. Faster reboot time when needing to reboot after update(took 2-3mins, thought it was normal). These things where solved but i still have a issue regarding that isnt solved: Windows Command Processor still there and uses more CPU power(location: Local Disc (C:)/Windows/sysWOW64) Process analys shows it it waiting on a other process (bdwtxcr.exe) (PID: 2284) thread: - file is completely unknown. I also uncluded the Farbar recovery scan tool logs. Edit: Java(TM) Platform SE binary has stopped working. this is the new problem that occured after trying out all my games! Thanks already! Alexander ~Thejoindemand FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 3, 2017 Root Admin ID:1121781 Share Posted May 3, 2017 C:\Windows\SysWOW64\ASGT.exe Is a valid program and allows you to monitor and optimize the settings for your ASUS graphics from ASUS I've included a script that will stop it from loading for you. Please read the following article concerning the use of MSCONFIGMsconfig Is Not A Startup Manager Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Thejoindemand Posted May 3, 2017 Author ID:1121852 Share Posted May 3, 2017 Hello Ron. i completed the Fixlist item with Farbar Revovery Scan Tool and it completed, so i also got the Fixlog done. 1 notice when i clicked Fix from FRST it just asked restart computer, so i did and upon rebooting it said Scanning And Repairing Drive (C:). dont know if this is part of the Fixlist i needed to do or something else so i thought i will say it just in case. about the article of Msconfig is not a startup manager, i will look into it deeper and will do something of what is listed there, what is that if i do msconfig and i go to section startup, it says open taskmanager for management of startup items. however i will do something that is listed in the article u mentioned. about the Platform SE binary has stopped working problem when i started some games, it is fixed after the fixlog i needed to do! so thanks for that. thanks already for this huge help! Alexander ~Thejoindemand Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 4, 2017 Root Admin ID:1122126 Share Posted May 4, 2017 Hi Alexander - not much to do with MSCONFIG. That article just discusses it. All you need to do is run MSCONFIG.EXE and click on the Normal and reboot. Yes, I instructed the computer to run the disk check to make sure any disk errors were fixed and not causing an issue. Link to post Share on other sites More sharing options...
Thejoindemand Posted May 4, 2017 Author ID:1122164 Share Posted May 4, 2017 Hello Ron. Ive did what you instructed me to do and my computer asked me to reboot and i did. It now stands on normal boot. And okay for the disk will not worry about it annymore. Thanks ron for this amazing help already, u helped me out alot! Thanks for the help! Alexander ~Thejoindemand Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 5, 2017 Root Admin ID:1122338 Share Posted May 5, 2017 Great, glad we were able to get Windows back up and running @Thejoindemand . If there is nothing else I'll go ahead then and close your topic. Let me know Thanks Ron Link to post Share on other sites More sharing options...
Thejoindemand Posted May 5, 2017 Author ID:1122458 Share Posted May 5, 2017 hello ron. i am very happy that everything works smooth now. i am gratefull for this, so thanks for the help! thanks for everything! i have no further questions/problems, so closing this topic is fine with me. again thanks for the help Ron! Alexander ~Thejoindemand Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 6, 2017 Root Admin ID:1122563 Share Posted May 6, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts