Unknown startup software slowing down PC

mohtaj

Member
Hello everyone

There are two unknown background processes that slow down my computer very badly when it starts. I just have to do the "End Task" on them which then the speed gets back to normal immediately.

I was wondering to know if anybody knows what kind of a process they are or is there a way that I can get rid of them without having to reinstall windows?

D7dkk7K.png

vY4MExl.png


Thank you so much!;)
 

johnb35

Administrator
Staff member
Lets make sure you aren't infected with anything. Run the following programs and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 

mohtaj

Member
1. Adwcleaner
Code:
# AdwCleaner v6.047 - Logfile created 21/06/2017 at 23:49:14
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-21.3 [Server]
# Operating System : Windows 10 Enterprise  (X64)
# Username : Mohammad - MOHAMMAD
# Running from : C:\Users\Mohammad\Downloads\Programs\Johnb35\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
File Found:  C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\ieaerxka.default\searchplugins\yahoo-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\Baiduyunguanjia
Key Found:  HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Baiduyunguanjia
Key Found:  [x64] HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKU\S-1-5-21-3628723206-853118687-2265178163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\ieaerxka.default\prefs.js] - "browser.newtab.url" -  "hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1205_160510__y
Firefox pref Found:  [C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\ieaerxka.default\prefs.js] - "browser.newtabpage.url" -  "hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1205_16051
Chrome pref Found:  [C:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]


*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [6610 Bytes] - [21/06/2017 23:49:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6683 Bytes] ##########
2. Junkware removal tool
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Enterprise x64
Ran by Mohammad (Administrator) on Thu 06/22/2017 at  0:07:36.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/22/2017 at  0:14:09.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. Malwarebytes

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/22/2017
Scan Time: 12:24 AM
Logfile: MalwareBytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Mohammad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 441170
Time Elapsed: 59 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
RiskWare.BitCoinMiner, C:\Users\Mohammad\AppData\Roaming\Sys_Processes\CSRSS\CSRSS00101.exe, 5152, Delete-on-Reboot, [ef77f170168323131ab23bf92dd48d73]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OneDrive Standalone Update Task v2, Quarantined, [6ef8ca97b8e140f68842361c1ee6fd03],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
RiskWare.BitCoinMiner, C:\Users\Mohammad\AppData\Roaming\Sys_Processes\CSRSS\CSRSS00101.exe, Delete-on-Reboot, [ef77f170168323131ab23bf92dd48d73],
PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2, Quarantined, [fa6c78e94b4edc5adcecc48e1fe5ba46],

Physical Sectors: 0
(No malicious items detected)


(end)
 

mohtaj

Member
Now my problem is with the MalwareBytes software. It slows down my computer at the startup. Should I remove it by uninstalling?
 

johnb35

Administrator
Staff member
Did you press the clean button after the running the adwcleaner program? The log you posted just shows that it found issue and that nothing was removed. If what the OTL log is correct then you only have 2gb of system memory and that is why your computer is so slow. Install total of 8 gb of ram and you'll see a vast improvement. And it looks like you didn't press the clean button as the OTL log still shows an item that Adwcleaner should have removed. I'll go through the OTL log in more depth after I wake up some more and post some more fixes.
 

mohtaj

Member
Did you press the clean button after the running the adwcleaner program? The log you posted just shows that it found issue and that nothing was removed. If what the OTL log is correct then you only have 2gb of system memory and that is why your computer is so slow. Install total of 8 gb of ram and you'll see a vast improvement. And it looks like you didn't press the clean button as the OTL log still shows an item that Adwcleaner should have removed. I'll go through the OTL log in more depth after I wake up some more and post some more fixes.
I did. I actually clicked on remove button at the end.
Yes my RAM is 2 Gb I would love to install RAM but since my computer is very old (like I bought it exactly 10 years ago) and it has DDR2 RAM so I've heard that it's not like I can go buy any DDR2 ram that I want and mount it on the RAM slot and it'll work fine for me.
I would love to get help on that part too. Is it possible if you could help me find the right RAM?
 

johnb35

Administrator
Staff member
What system do you have? Are you running windows 8? What operating system originally came on the system?
 

mohtaj

Member
Well it's a desktop PC. And when I first bought it as new back in 10 years ago there was Windows XP installed on it.
Now I have windows 10 installed. I upgraded the graphic cards at some point since it was a bit slow in playing FullHD videos.
I can send you photos of the mother board and anything else that can help you judge what kind of DDR2 RAM would be sufficient.
 

mohtaj

Member
Ever since I installed those malware software the function to use the Start menu has stopped working. No matter how many times I restart my PC by the way.

Here is all the info from DXDIAG in a text file:
Download
 

johnb35

Administrator
Staff member
The fastest ram it takes is ddr2 533mhz. I know you aren't from the USA so I won't even post links as to where get some from. But I would look for either 2 x 2gb kit or 2x4gb kits and replace existing ram. But to be honest, you should start looking for a new system with updated specs. You can uninstall malwarebytes as it starts automatically at bootup and really shouldn't.
 

mohtaj

Member
The fastest ram it takes is ddr2 533mhz. I know you aren't from the USA so I won't even post links as to where get some from. But I would look for either 2 x 2gb kit or 2x4gb kits and replace existing ram. But to be honest, you should start looking for a new system with updated specs. You can uninstall malwarebytes as it starts automatically at bootup and really shouldn't.
I'm not from the USA but I can purchase from Amazon.com so if the RAM you suggest me to buy is actually available on Amazon.com I can order it. Thank you
 

mohtaj

Member
It's a pack of two. So I'll need to order 2x ? Right? Are you totally sure it'll work? I'm asking cause once I buy them and my friend receives and brings them to me I can't return them.
 

johnb35

Administrator
Staff member
1 kit will be 4gb or 2 kits will be 8gb. But yes, they will work. But getting faulty ram is possible.
 

mohtaj

Member
1 kit will be 4gb or 2 kits will be 8gb. But yes, they will work. But getting faulty ram is possible.
Thanks. Do you suggest me buying it from Amazon or trying to find it in my own country (Since you say getting faulty RAM is also possible)?
 
Top