shah

CLOSED Long Time to Boot & Can't Standby

Recommended Posts

For the past couple of months I have started seeing issues and they are getting worse and more and more annoying. Following are currently the biggest issues I am facing:

1. I am unable to go standby or hibernate. The computer does not respond. I have to always shut down. Obviously powering up from after a total shut down takes much longer. Before it used to take about 5 to 10 sec after powering up to get the computer to where it was when I put it on standby. I remember clearly this started happening right after when I installed Comcast softwares on my computer. Since then I have already removed the Comcast softwares, but this issue still remains.

2. After bootup and running startup programs, I hear a lots of drive activity and the task manager shows the memory gradually being used up starting from about 600 MB to all the way up to about 2.5 GB (virtual memory - my physical memory is 2 GB). It would stay there for about 3 to 4 minutes during which time the computer becomes very slow and unresponsive. After that it would drop down to 1.5 GB and then eventually drop down to about 500-600 MB or so, after which the computer would start responding fine and the drive activity goes down too.

3. Now lately I am having another issue. This involves A-squared as well. I usually run Chrome browser and it usually has hotmail from the previous session already loaded. So after bootup when I start Chrome, it loads up different tabs that were open last time when I closed it, it would hang. And I would see A-squared as one of the applications running in the Applications bar at the bottom, along with Chrome, but I won't see any corresponding A-squared window on the screen. The Chrome hangs. A-squared also hangs but looks like it hangs before it draws the window on the screen. I have to close a-squared by right clicking on the little icon on the right hand side of the task bar and choosing Exit Background Guard, kill Chrome and then run Chrome again. Now Chrome would run fine, but if I click on something that would try to open up a pop up or something, it would hang again. If I leave Chrome in that state for about 5 min or so, it would come back to life.

I am attaching my logs. I did find some high risk items in the scan but haven't quarantined or anything as per instructions in the sticky. Any help will be appreciated.

Thanks.

Share this post


Link to post
Share on other sites

Hi shah, welcome to the forum

1st, the malware fighter will review the log files attached

Few notes though:

1) \Zards software\Startup Defender\Startup Defender.exe

Have you got is from Givaway? All Software downloaded from there is clean

Have you submitted the file to EMSI developers? If not – please do that irrespectively

Unless that is "a cracked" full version - that could be False Positive

2) as for the entries like

C:\Qoobox\Quarantine\
... killbox.... etc.

Have you ran ComboFix and other utilities by your own?

If so, do not do that anymore(!) sine those Utilities especially ComboFix must not be run without the supervision by the malware fighter expert! You can damage your system beyond repair way before getting any help and assistance

3) regarding “\System Volume Information\_restore”

the detections in the System Restore point are inactive and can be used only by the System Restore feature. Antiviruses cannot manipulate with data in that protected area. The only way to clean Sys Restore is to turn it Off ; Reboot and switch it back On.

But currently do not do anything until the reply from the malware fighter, just submit the file(s) in question to EMSI

My regards

Share this post


Link to post
Share on other sites

Download OTC to your desktop and run it

  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

-----------------------------------------------------------

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free/Anti-Malware
  • ISeeYouXP
  • HiJackFree

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thank you for the response. I have followed the instructions and ran the OTC and ComboFix. So far all of my 3 problems mentioned in the first post still exist. I even rebooted after running each of the OTC and ComboFix softwares.

I am in the process of running A-squared again and collect the requested logs (takes many hours for the full scan). I will post them as soon as they are available.

Thanks for your help.

@Lynx: You are right STartup Defender was downloaded from Giveawayoftheday.com. As for the Killbox entries, this is not the first time I am seeking help. I did have problems long time back (over a year ago), and I seeked help on this forum. For some reason I could not get the old username and password, so I registered again. The forum seems to be different from before as well so probably my account was lost during transition or something.

Share this post


Link to post
Share on other sites
Thank you for the response....

@Lynx: You are right STartup Defender was downloaded from Giveawayoftheday.com. As for the Killbox entries, this is not the first time I am seeking help. I did have problems long time back (over a year ago), and I seeked help on this forum. For some reason I could not get the old username and password, so I registered again. The forum seems to be different from before as well so probably my account was lost during transition or something.

Hi,shah

Thanks for reply and confirming downloading from the "Giveawayoftheday"

So that's most likely should be an FP

I am replying since the message is for "@Lynx" :)

Unfortunately I will not be a part of this community anymore longer

(see http://support.emsisoft.com/topic/1505-so-long/)

I know you from the old forum

We all had to register here again. The current registration has nothing to do with the old one and it is not bound to the Software registration as it was before... now those are separate things

I'm sure the issue will be fixed and you will get the best professional assistance possible from ShadowPuterDude

Cheers!

Share this post


Link to post
Share on other sites

I just ran the a-squared Full Scan. Unfortunately I minimized the window after it finished the scan and the window vanished from the task bar, and now if I open up the SEcurity Center again, the only option I see is to start the scan again. I don't remmeber if I had to explicitly save the logs or it just saves them somewhere by default. Please let me know. Do I need to run the scan again? It takes very long time to run the scan. Please let me know if the logs are automatically saved at some location.

Thanks.

Share this post


Link to post
Share on other sites
... I don't remmeber if I had to explicitly save the logs or it just saves them somewhere by default.

...

Please let me know if the logs are automatically saved at some location.

Yes you have to use <<Save Report>> button

You will be presented with the standard dialogue where the default location and the name "offered". You can use that or change the name and/or location... just make a note if you do the latter

Do I need to run the scan again? It takes very long time to run the scan.

You have to run and present Deep Scan report

(do not forget to update a-squared prior to running the scan)

Temporarily disable real-time resident of your Antivirus. Tha will decrease the time of scanning ~2.5-3 times

Where are the logs, I requested?

Share this post


Link to post
Share on other sites

Thanks Lynx. Nice to continue to hearing from you.

Attached are the logs. As I mentioned before, nothing has changed and all the 3 issues mentioned in the first post are still there.

Share this post


Link to post
Share on other sites

The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.

-----------------------------------------------------------

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u18 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Adobe Reader 8.1.2

Java 6 Update 13

-----------------------------------------------------------

Now we need to use ComboFix to remove some stuff.

  • Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KILLALL::

File::
C:\Documents and Settings\All Users\Application Data\smxrsjou.kmd
C:\WINDOWS\system32\honomige.exe
C:\WINDOWS\system32\wojidiko.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    th_CFScript.gif
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.

-----------------------------------------------------------

Attach logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free/Anti-Malware
  • HiJackFree

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites

Download avz4.zip from here

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: AVZupdate.jpg
  • Click Start to begin the update

Note: If you receive an error message, chose a different source, then click Start again

  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.