PC Slowdown/Weird outgoing internet traffic?

[midnitevulture]

Preemptive thanks for the help,
I've recently noticed a slowdown in Windows 8 - programs and the OS itself. I also noticed in PeerBlock strange outgoing traffic to bizarre locations not just through port 80, but TCP too. I don't know how to track down the source if it's using a standard windows process. Possibilities of malware/rootkits/PuP exhausted as included in logs below.
--------------------------------------------------------------------------------------
# AdwCleaner v5.028 - Logfile created 08/01/2016 at 15:21:42
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 8  (x64)
# Username : Reid - ROBOT
# Running from : C:\Users\Reid\Downloads\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\eSupport.com
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Reid\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Reid\AppData\Local\SecTaskMan
[-] Folder Deleted : C:\Users\Reid\AppData\Local\Hola

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Reid\Desktop\Find Drivers with DriverAgent.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent_is1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2445 bytes] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: Fri 1/8/16
Scan Time: 3:27 PM
Logfile: mwbscan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.08.06
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Reid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372080
Time Elapsed: 20 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Security Check
 Results of screen317's Security Check version 1.009 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 Duplicate Cleaner Free 3.2.6 
 Java 8 Update 65 
 Java version 32-bit out of Date!
  Adobe Flash Player    16.0.0.305 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (42.0)
 Google Chrome (47.0.2526.106)
 Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Panda Security Panda Cloud Antivirus PSANHost.exe 
 Panda Security Panda Cloud Antivirus PSUAService.exe 
 Panda Security Panda Cloud Antivirus PSUAMain.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

Any response would be greatly appreciated BROs!

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Windows 8 comes with its own AV called Windows Defender. If you wish to use another AV you should disable WD.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

[midnitevulture]

Thanks, Dave
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8 x64
Ran by Reid (Administrator) on Sat 01/09/16 at  3:08:19.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Users\Reid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WSXCSJC (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7M3MGZDO (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E04LDOOE (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB0WUBYI (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCX6LUDN (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V49VSFTT (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH4357LI (Folder)
Successfully deleted: C:\Users\Reid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQFWC0D4 (Folder)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_0864453D69B67976965ED44F19F82C5A (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E774AA81-E703-4439-B61D-8CA035621232} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/09/16 at  3:10:46.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[midnitevulture]

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c343041b86f67942914dfed4805e06e9
# end=init
# utc_time=2016-01-10 04:57:34
# local_time=2016-01-10 10:57:34 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27575
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c343041b86f67942914dfed4805e06e9
# end=updated
# utc_time=2016-01-10 05:01:44
# local_time=2016-01-10 11:01:44 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c343041b86f67942914dfed4805e06e9
# engine=27575
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-10 06:48:46
# local_time=2016-01-10 12:48:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 6208530 237726100 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12770239 25209992 0 0
# scanned=342800
# found=5
# cleaned=5
# scan_time=6422

sh=41AD4B4F935C54B284F8B993EFA9F5E81A887006 ft=1 fh=1008507243e9cf81 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\LostandFound\Ableton LivePatch [io].exe"
sh=EBC8B4A7AF9E31A07BEB38C3F845C14A355D7C13 ft=1 fh=d178eb280a848a6b vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Reid\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe"
sh=E7F6578F45FC7E00C962AD3F37F016F12DCD5F75 ft=1 fh=5135d5609c2efd53 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Reid\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe"
sh=012428EBFCFC3379028851DD80E38781B5A1192C ft=1 fh=43bf8528b5e5d571 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\Reid\Downloads\spsetup129.exe"
sh=EBC8B4A7AF9E31A07BEB38C3F845C14A355D7C13 ft=1 fh=d178eb280a848a6b vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Reid\Downloads\uTorrent(1).exe"

[SuperDave]

How's your computer working now?

[midnitevulture]

It's definitely better, Dave. I'm not sure that Panda Cloud AV was actually problematic, since even having those "infected components removed" it still runs fine. I'm thinking this outbound traffic whose source I can't determine is my main problem now, but I know that's not your department. Thank you so much for your help! If you want me to send you flowers or an old n64 goldeneye cartridge, I will.

[SuperDave]

If you want me to send you flowers or an old n64 goldeneye cartridge, I will.

That's not necessary.

I'm not sure that Panda Cloud AV was actually problematic, since even having those "infected components removed" it still runs fine

You would be better off with Windows Defender.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
********************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!