Author Topic: [Solved]Virus infection. (Read 4010 times)

MarkJohnson · « **on:** April 30, 2015, 07:52:14 PM »

I am working on a friends desktop and he says he got some virus notifications a while back. Had some reg cleaner pt on his computer that he removed, and removed his legit A/V program as well.

It is still laging badly and sometimes refuses to boot or takes forever to boot.

MBAM didn't report anything.

Here are the logs.

Thanks for any help.
-=Mark=-

essexboy · « **Reply #1 on:** April 30, 2015, 08:36:32 PM »

Let me know if this makes a difference

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
AppInit_DLLs: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs => HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs File Not Found
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-1594460089-1084525592-3987088789-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

MarkJohnson · « **Reply #2 on:** April 30, 2015, 09:03:38 PM »

Okay, it ran fine. seems a little better. reboot was alittle slow still, but maybe doing cleaning still?

It still beeps at desktop startup like something isn't working right.

Here's my Los you requested.

essexboy · « **Reply #3 on:** April 30, 2015, 09:17:31 PM »

It might be worth running chkdsk /r to clear any HDD errors

MarkJohnson · « **Reply #4 on:** April 30, 2015, 10:07:41 PM »

I tried running chkdsk on my hdd, but no success. I did find it seems to be hanging on internet drivers. It hangs for like a full minute before it finally gets online connection.

I updated drives from Gigabyte's website for this motherboard, but it still has issues.

My other PC connects immediately without issue.

Any clues what to try next?
-=Mark=-

essexboy · « **Reply #5 on:** April 30, 2015, 10:24:27 PM »

Have you run SFC ? https://support.microsoft.com/en-gb/kb/929833/en-gb

MarkJohnson · « **Reply #6 on:** April 30, 2015, 10:46:28 PM »

yes, I ran sfc /scannow. It reports everything is fine.

This is weird. I just can figure out what is going on. I was hoping new NIC drivers would do the trick.

Thanks for your help
-=Mark=-

essexboy · « **Reply #7 on:** May 01, 2015, 02:28:44 PM »

Have you tried a clean boot to see if there is a driver conflict

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

MarkJohnson · « **Reply #8 on:** May 01, 2015, 07:39:02 PM »

That seems to have done the trick!

Thanks a ton for your help
-=Mark=-

essexboy · « **Reply #9 on:** May 01, 2015, 07:39:58 PM »

All you need do now is determine which driver/service is the culprit

MarkJohnson · « **Reply #10 on:** May 01, 2015, 10:51:21 PM »

I found it. It was teamviewer 9.

I reenabled the other items and it is booting right up. and have it on normal startup.

Thanks again for the help
-=Mark=-

essexboy · « **Reply #11 on:** May 01, 2015, 11:02:59 PM »

My pleasure, you can use delfix to remove any tools that were used

Download and run Delfix
Select the options as shown

MarkJohnson · « **Reply #12 on:** May 02, 2015, 01:06:40 AM »

Thanks again.

I'll try to close the thread. Marked solved.

-=Mark=-

Author Topic: [Solved]Virus infection. (Read 4010 times)

MarkJohnson

[Solved]Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.

essexboy

Re: Virus infection.

MarkJohnson

Re: Virus infection.