Virus detected, again......

[AKatRT]

Am having problems. Computer is slow, sometimes doesn't want to go into 'sleep' mode, sometimes blank or garbled screen, unstable screen. Virus got in even though Avast running, regular Malwarebytes checks, spyware blaster running. Downloaded Immunet - it found several problems (incl Trojan) but in the end it slows down so much that the computer gets hung up and the scan doesn't finish. Ran Dr Web CureIt, in safe mode, earlier and it found nothing. Can you help please? Thanks!

[essexboy]

Download aswMBR.exe ( 511KB ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan

 
On completion of the scan click save log, save it to your desktop and post in your next reply


THEN

Download OTS to your Desktop and double-click on it to run it

• Make sure you close all other programs and don't use the PC while the scan runs.
  
• Select All Users
  
• Under additional scans select the following

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  
• When the scan is complete Notepad will open with the report file loaded in it.
• Please attach the log in your next post.

[AKatRT]

Essexboy, am I glad you're still on the job...... Thanks. Log attached. now on to action 2 of your instruction.

[essexboy]

Yelp ?  :rofl: 

[AKatRT]

OTS log attached. Thanks.

[essexboy]

There are a few old AV drivers which I will remove, your temporary folders are very full.  Did these problems occur before or after you installed immunet ?

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (McSysmon) McAfee SystemGuards [On_Demand | Stopped] ->
YN -> (McShield) McAfee Real-time Scanner [Unknown | Stopped] ->
[Driver Services - Safe List]
YY -> (utmwntk1) AVZ Kernel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\utmwntk1.sys
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Google EULA Launcher" -> c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA]
[File - Lop Check]
NY ->  AVG10 -> C:\Users\korporaal\AppData\Roaming\AVG10
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

[AKatRT]

Boy, the actual scenario was somewhat different. Just finshed the scan. Took hours. Frequent messages asking whether to create files that could not be found. Thousands of files were supposedly involved. jpg, png, and a couple of flash player ones. jpgs all looked like garbage. I indicated 'skip' for all except for flashplayer where there was no skip option and I indicated the file was not to be created. At the end it indicated that the system should be rebooted to delete the files - I clicked 'ok' but nothing happened. No 'log' showed up either. What do you think, say? Thanks.

[AKatRT]

I forgot to answer you question, sorry, no, problems already there before and I downloaded immunet as an additional option to fix.

[AKatRT]

Just ran OTS again, same protocol, now indicated either 'cancel' or 'no' when it asked whether I wanted to create a file that did not exist. The scan went very much more quickly. At the end again the message about the required reboot to delete files. And again no reboot occurred. No log visible either. Please advise oh enlightened one..... Thanks. 

[AKatRT]

Don't mean to overwhelm you with posts, but just so you have the most recent status, I can see from the way my pc behaves now, that the problem is not fixed yet. Thanks.

[essexboy]

The reason OTS took forever was because you had near 1000 files in the temp folders 

OK next size hammer

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[AKatRT]

Ok, thanks. Attached. Hope this helps.

[essexboy]

OK no malware evident at all - that is the good news

So we need to find a way to speed your system up and stop it hanging around

Please download Startup Lite from here to your desktop
Run the programme and accept the recommendations given.
Reboot and let me know if there is an improvement

If not lets check the disc out

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

[AKatRT]

Will do and thank you!

[essexboy]

Once done - the defrag may take a while as it runs a full chkdisc first - let me know how the system is behaving