|
Post by rikneugene on Oct 20, 2014 23:16:53 GMT -8
just an added note, I see two Norton icons running down below. had cleared binary yesterday and rebuilt and looked to be fixed, guess not
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 20, 2014 23:20:30 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by rikneugene on Oct 20, 2014 23:25:13 GMT -8
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014 Ran by WYZE at 2014-10-21 00:22:21 Run:1 Running from C:\Users\WYZE\Desktop Loaded Profile: WYZE (Available profiles: WYZE) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start HKLM\...\Run: [] => [X] HKU\S-1-5-21-1031909746-1648691222-1932549598-1001\...\MountPoints2: {2e572626-34f4-11e2-8662-806e6f6e6963} - E:\autorun.exe HKU\S-1-5-21-1031909746-1648691222-1932549598-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X] C:\Users\WYZE\AppData\Local\Temp\drm_dyndata_7380015.dll C:\Users\WYZE\AppData\Local\Temp\ose00000.exe CustomCLSID: HKU\S-1-5-21-1031909746-1648691222-1932549598-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? end *****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKU\S-1-5-21-1031909746-1648691222-1932549598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e572626-34f4-11e2-8662-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{2e572626-34f4-11e2-8662-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-1031909746-1648691222-1932549598-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-1031909746-1648691222-1932549598-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. NvStUSB => Service deleted successfully. C:\Users\WYZE\AppData\Local\Temp\drm_dyndata_7380015.dll => Moved successfully. C:\Users\WYZE\AppData\Local\Temp\ose00000.exe => Moved successfully. "HKU\S-1-5-21-1031909746-1648691222-1932549598-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
==== End of Fixlog ====
|
|
|
Post by rikneugene on Oct 20, 2014 23:26:18 GMT -8
Do not see all the dllhost.exe running in processes ...
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 20, 2014 23:35:11 GMT -8
The last step was to just take items and break malware apart, some go into quarantine
Now though in Normal Mode the system should be running a lot better
Quads
|
|
|
Post by rikneugene on Oct 20, 2014 23:36:21 GMT -8
HD status light not solid and fans aren't kicking on all the time.. something is better
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 20, 2014 23:41:06 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by rikneugene on Oct 20, 2014 23:49:12 GMT -8
Looks like its just sitting there... message above status bar says "Pending. Please uncheck elements you don't want to remove" Nothing in the "results" list below...Scan button is greyed out There is a "report" button that is active though.. whats my next step here?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 20, 2014 23:50:37 GMT -8
Nothing under any of the Tabs??
Quads
|
|
|
Post by rikneugene on Oct 20, 2014 23:51:16 GMT -8
folders: has 1 item
|
|