Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware/Virus possible Artua Vladislav (fs) and other symptoms [Closed


  • This topic is locked This topic is locked

#91
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi I was asking because it was still defaulted on NONE from the previous scan, so do I change that back to standard or doesn't that matter?

I guess not.

thanks
  • 0

Advertisements


#92
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Just run this fix, so I'll let you know how it's running soon, thanks.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\tcpip.sys with C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys without a reboot.
< netsh advfirewall reset /c >
Ok.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Frances
->Temp folder emptied: 13635 bytes
->Temporary Internet Files folder emptied: 55426203 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 377034458 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 23603 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3105 bytes
RecycleBin emptied: 70282 bytes

Total Files Cleaned = 413.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09222013_185518

Files\Folders moved on Reboot...
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFKYICSJ\index[1].htm moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I2U9BK3\i[1] moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...
[2013/07/06 06:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) C:\Windows\System32\drivers\tcpip.sys : MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C

Registry entries deleted on Reboot...

Edited by Feather24, 22 September 2013 - 12:08 PM.

  • 0

#93
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:thumbsup:
  • 0

#94
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi quick update so far, over the last few hours I noticed that opening browsers is much faster, however it still keeps stalling in youtube I've had to reboot my computer twice and it's still seems to be struggling.

Not sure if this is a bandwidth issue.

I'll keep monitoring it and report back over the next day or so.

thanks Godawgs.
  • 0

#95
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Let's check the system files and the file system.


Step-1.

Delete Old SFC Log and run SFC

Windows Vista/7

  • Open an elevated command prompt. To do that:
    • Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)

    Posted Image
  • A command window will open like the image below:

    Posted Image
  • Type the following and press ENTER after each line:
    cd  \windows\Logs\cbs
    
    copy  cbs.log  cbs.old
    
    del  cbs.log

    Back at the blinking cursor:
  • Type or copy and paste the following command and press Enter:

    sfc /scannow
    (notice the space between sfc and /scannow, it needs to be there)

    Posted Image

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows did not find any integrity errors
    • Windows found errors but corrected them all
    • Windows found errors but could not fix some of them.
  • Write down the message so that you can post it in your next reply.
  • Type exit and press the ENTER key to close the command window.

Step-2.

Check Hard Disk For Errors:

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • VERY IMPORTANT: Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open. It may stay open for 5 to 10 minutes but when the check has completed the Command window will close automatically..
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what the SFC scan found.
2. The checkhd.txt log
  • 0

#96
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs,

Step 1 results:

1. Windows resource protection didn't find any violation.

Step 2 results:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1446 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
31331 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

244092927 KB total disk space.
87210376 KB in 145085 files.
94868 KB in 31332 indexes.
0 KB in bad sectors.
564623 KB in use by the system.
65536 KB occupied by the log file.
156223060 KB available on disk.

4096 bytes in each allocation unit.
61023231 total allocation units on disk.
39055765 allocation units available on disk.
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1446 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
31331 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

244092927 KB total disk space.
85704552 KB in 145091 files.
94868 KB in 31332 indexes.
0 KB in bad sectors.
565071 KB in use by the system.
65536 KB occupied by the log file.
157728436 KB available on disk.

4096 bytes in each allocation unit.
61023231 total allocation units on disk.
39432109 allocation units available on disk.
  • 0

#97
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. The file system and system files are ok so let's reset the tcpip/ip and winsock and see if that makes any difference.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset catalog /c
netsh int ip reset reset.log /c
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Now try the browsers and see if the issue is resolved. If it is still there continue with the nest step.


Step-2.

Delete Browsing History

For IE
Please click here and follow the instructions to clear the browsing history in IE. This process will clear any cookies and Temp internet files that enable websites to retain preferences so you will have to be re-input. But if the cookies or preferences have become corrupt or invalid this could resolve the issue.

For Firefox
Open the Firefox browser
  • Click the Firefox button in the upper left corner.
  • Put the mouse pointer over the arrow beside History and click Clear Recent History...
  • On the Clear All History page from the Time range to clear... drop down menu select Everything.
  • click the down arrow beside Details and make sure the following boxes have a check mark in them:
    • Browsing & Download History
    • Form & Search History
    • Cookies
    • Cache
  • Click the Clear Now button.
For Chrome
Please click here to go to the chrome support page and follow the instructions under Delete your cache and other browser data


Now try the browsers and see if the issue has been resolved.
  • 0

#98
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs:

Step 1 complete scan results:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::71d9:503d:6c27:606e%10
Default Gateway . . . . . . . . . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:10c9:2e7b:3f57:febf
Link-local IPv6 Address . . . . . : fe80::10c9:2e7b:3f57:febf%11
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::71d9:503d:6c27:606e%10
IPv4 Address. . . . . . . . . . . : 192.168.1.65
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:7b:9d0:3f57:febe
Link-local IPv6 Address . . . . . : fe80::7b:9d0:3f57:febe%11
Default Gateway . . . . . . . . . : ::
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Frances
->Temp folder emptied: 18934 bytes
->Temporary Internet Files folder emptied: 71048472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 379992195 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2470 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15214 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 430.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09262013_104417

Files\Folders moved on Reboot...
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9LQLNI2\index[1].htm moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CXCJW87\i[1] moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#99
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok, Step 2 complete:

Please note: wasn't able to delete "form and search history" from firefox, the tick box was greyed out so I couldn't "check" it.

Otherwise all complete.

Had to re-find the password here!

thanks Godawags.
  • 0

#100
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

thanks Godawags

You are welcome.

Did the last run resolve the video watching issue on YouTube and having to restart the computer? If not, does this happen in all browsers or just one/some?
  • 0

Advertisements


#101
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
So far so good, I'll give it a day to really check it out, it doesn't happen all the time so I need to really try it properly.

Q. Do you think that both malware and or if any viruses are fully cleared now? Wbat are your thoughts and what is the best way to avoid this in future?

Q. I notice some locked files on my C: will these remain locked?

Q. I know we deleted e.g. some software and change quite a lot of settings along the way, I'm struggling to remember everything as we've done lots, will we restore what needs to be restored? I hope that makes sense!


thanks:)

Edited by Feather24, 26 September 2013 - 12:14 PM.

  • 0

#102
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Q. Do you think that both malware and or if any viruses are fully cleared now? Wbat are your thoughts and what is the best way to avoid this in future?

I think we have cleaned everything but I will go back through all of the posts and make sure. When we start the clean up procedure I will also give you some suggestions on how to make the computer more secure in the future.

Q. I notice some locked files on my C: will these remain locked?

I haven't seen any locked files. Can you tell me what they are? If they showed up after we set the computer to show hidden files they have probably always been locked and you just didn't notice them because the computer wasn't set to show them.

Q. I know we deleted e.g. some software and change quite a lot of settings along the way, I'm struggling to remember everything as we've done lots, will we restore what needs to be restored? I hope that makes sense!

As part of the clean up process I will go back through the posts and we will delete/uninstall all of the tools we have used and reset anything that was changed during the process......we're a full service outfit here :D

Just get back to me in the next day or so and we'll take it from there.
  • 0

#103
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi thanks for answering my questions very helpful:)

Ok today I was using the internet a lot, most of the day it was ok, however the last third of the day it seems to crash ie. in youtube, it kept getting stuck, I couldn't even respond here. I needed to reboot the PC 3 times! A bit frustrating!!

When it does work, it works well and much quicker than it did, just not all the time.

Hopefully we can tweak things to sort it soon,

appreciate your efforts Godawgs.
  • 0

#104
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Ok today I was using the internet a lot, most of the day it was ok, however the last third of the day it seems to crash ie. in youtube, it kept getting stuck,

Does this happen in all browsers? While I am waiting for you to answer I am gonna check with some colleagues. I just don't understand why the browser works fine for most of the day and then starts acting up. That sounds more like the site than the browser. Do you have this problem when on any other sites or is it just when you are viewing videos? What do you mean by getting stuck?
  • 0

#105
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok today I tested it again, and it got stuck, ie when I'm e.g. browsing or in youtube, iplayer and watching something, the screen freezes and I have to reboot - freezes means it won't play at all. Sometimes it freezes all functions sometimes just browsers. It happens in all browsers.

Eg. I could be watching a video on youtube, the screen stops and freezes when I try to refresh it just keeps trying to connect and never does. I can close the browser and sometimes e.g. use email, mostly anything web based freezes then. I can usually still use MS office functions though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP