|
Post by maldemarstor on Mar 30, 2014 14:07:47 GMT -8
So, can I send them to you in a private message?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 30, 2014 15:11:17 GMT -8
You and Abush have similar errors in the Windows log, does the system also play audio in the background if you have the speakers turned on (some users have the audio settings turned off as a user choice).
Quads
|
|
|
Post by maldemarstor on Mar 30, 2014 15:17:29 GMT -8
No audio in the background, even with all settings up to max.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 30, 2014 15:33:05 GMT -8
Could be a hard slog if something newish, so that tools are not updated for it and the change means that any file involved has also changed. Please download Rkill to your Desktop. rKill.exe: www.bleepingcomputer.com/download/rkill/dl/10/Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7 right-click on it and choose Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. Do not reboot until instructed at any stage. If the tool does not run let me know. When the scan is done Notepad will open with rKill log. Post it in your next reply. Quads
|
|
|
Post by maldemarstor on Mar 30, 2014 19:47:50 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 30, 2014 19:58:07 GMT -8
I terms of Malware itself does not appear to be anything major, maybe just the odd PUP entry, the problem that the system does have is with the WMI, for instance and there is more than one entry and right up to when the FRST log was created.
The Event Logs show the following error or similar error on your computer from WMI (Windows Management Instrumentation) that control data management on the system.
(Source: WinMgmt) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
WMI problems can cause a slow PC (Windows), while it is running, during startup and shutdown, freezing and even a BSOD as Windows uses the WMI for lots of thongs, from updates to System Restore, to seeing the AV etc.
I am thinking on whether to make sure any PUP entries are gone first or to tackle the WMI.
Quads
|
|
|
Post by maldemarstor on Mar 31, 2014 8:21:00 GMT -8
I backed up my data before coming here and my computer has started operating more reliably -- though it's still more sluggish than normal -- so I can be patient.
In any case, I won't be opening any more junk mails so I can forward them to antiphishing departments!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 31, 2014 10:01:19 GMT -8
The Phishing email has appeared for MR's from the last 5 days, and nothing appears to be in the 3 different emails that infects a system, but the emails instead to try to have users open a page (attached or by link) to try and get the user fill out personal details they can use.
I have noticed this was run
27-03-2014 15:29:11 Removed DAoC Portal
27-03-2014 17:18:41 Norton 360 Registry Clean <==========
Maybe Norton also did something in the registry with item(s) it shouldn't have, It does happen from time to time even by the best registry cleaners.
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by maldemarstor on Mar 31, 2014 18:14:53 GMT -8
Maybe relevant, maybe not, but I noticed my computer slowed WAY down again when I checked my email. I also noticed there was some spam from myself in my junkmail folder, which is usually a great sign that you've picked up something dirty.
|
|
|
Post by maldemarstor on Mar 31, 2014 18:21:14 GMT -8
Out of curiosity, would you be interested in my security logs from Norton 360? I've noticed that the bad slow downs seem to coincide with lots of activities being blocked. That was one of the factors that caused me to come here, actually.
|
|