Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 20, 2014 15:44:42 GMT -8
Uninstall
Max Spyware Detector
IObit Malware Fighter
Quads
|
|
|
Post by dochemi on Oct 21, 2014 2:23:12 GMT -8
they are uninstalled now
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 21, 2014 10:15:00 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by dochemi on Oct 21, 2014 11:16:37 GMT -8
I ran the FIX.....system seems lots better, but is still a bit slow and "Jerky"......It was way faster last month before the issues started. Below is the FIXLog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014 Ran by 12312013 at 2014-10-21 15:15:30 Run:1 Running from C:\Users\12312013\Desktop Loaded Profile: 12312013 (Available profiles: 12312013) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start HKLM\...\Run: [SDAutoScan] => [X] HKLM-x32\...\Run: [Launch PC Probe II] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2863658269-2987070383-426860632-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! S2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-10-18] (Enigma Software Group USA, LLC.) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] 2014-10-19 11:47 - 2014-10-19 11:47 - 00000000 ____D () C:\Qoobox 2014-10-19 11:44 - 2014-10-19 11:46 - 05583559 _____ (Swearware) C:\Users\12312013\Downloads\ComboFix.exe 2014-10-19 10:07 - 2014-10-19 11:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-10-19 10:06 - 2014-10-19 11:15 - 00000000 ____D () C:\Users\12312013\Desktop\mbar CustomCLSID: HKU\S-1-5-21-2863658269-2987070383-426860632-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" end *****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SDAutoScan => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Launch PC Probe II => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKU\S-1-5-21-2863658269-2987070383-426860632-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-2863658269-2987070383-426860632-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. SpyHunter 4 Service => Service stopped successfully. SpyHunter 4 Service => Service deleted successfully. AntiLog32 => Service deleted successfully. C:\Qoobox => Moved successfully. "C:\Users\12312013\Downloads\ComboFix.exe" => File/Directory not found. C:\ProgramData\Malwarebytes' Anti-Malware (portable) => Moved successfully. C:\Users\12312013\Desktop\mbar => Moved successfully. "HKU\S-1-5-21-2863658269-2987070383-426860632-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 21, 2014 18:17:25 GMT -8
The last step was to just take items and break malware apart, some go into quarantine
Now though in Normal Mode the system should be running a lot better and dllhost.exe should quieten down.
Quads
|
|
|
Post by dochemi on Oct 26, 2014 7:03:26 GMT -8
Still having problems here....
dllhost issues seem to be cleared but there is still something slowing system down, and most times can not get back in after computer goes to screen saver, try to "wake" it up, and nothing have to reboot
|
|
|
Post by dochemi on Oct 26, 2014 9:38:41 GMT -8
Any thoughts or ideas here Quads???
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 10:27:27 GMT -8
Turn off the screensaver and power options.
Then again you did run Combofix which has big warning from even the creators
Quads
|
|
|
Post by dochemi on Oct 27, 2014 3:40:58 GMT -8
yes i did, but this problem does not seem to be related to that, as it was happening same time as the other problem
I know how to turn off the screen saver, but how do i turn off the power settings?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 16:21:43 GMT -8
Some things that can cause the problem
A Broken program that runs on startup or on resumption and on the resumption the driver or file won't load.
A Problem between the Video Drivers and the dx software
Combofix has damaged something or reset some settings
The Power Options have the settings now slightly wrong, like having "Allow Hybrid Sleep" turned on
Quads
|
|