Virus shut off programs Need help!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Techwoman, Jun 16, 2015.

  1. Techwoman

    Techwoman Specialist

    Hi I am in a great help. I have a Dell Vostro 400 Desktop with windows Vista Basic 32 bit.

    I had a networking issue so I went into services and found everything was disabled. I had to go to Black Viper to set the computer to its original default services settings. I thought well maybe a virus is doing this. So I ran Malwarebytes in normal mode is found nothing. Then I did it in Safe mode and it found 26 viruses. So that is as far as I got.


    Can someone help me fix this issue before it sets off my settings in service again.

    Thanks so much.
     
    Techwoman, Jun 16, 2015
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read ALL of this message including the notes before doing anything.

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only RogueKiller and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run the rest of the READ & RUN ME FIRST instructions on the infected account.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Jun 16, 2015
    #2
  3. Techwoman

    Techwoman Specialist

    RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Marie [Administrator]
    Started from : C:\Users\Marie\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 06/16/2015 17:45:08

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3160815AS ATA Device +++++
    --- User ---
    [MBR] da036deacd1a76ff003d7eb042934ab8
    [BSP] e5ecab62487d0dea97643843967a883e : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 152531 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: TEAC USB HS-CF Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: TEAC USB HS-xD/SM USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: TEAC USB HS-MS Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: TEAC USB HS-SD Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    Techwoman, Jun 16, 2015
    #3
  4. Techwoman

    Techwoman Specialist

    Okay I have walked through almost every step.

    I attached two of the scans Roug and MB. I stated the problem above as an issue and my friends computer is eating memory and starting slow.

    I now will continue with the three scans
     

    Attached Files:

    Techwoman, Jun 16, 2015
    #4
  5. Techwoman

    Techwoman Specialist

    Hitmanpro Found allot. granted the instructions is a bit old on a few of these I did manage to save the log. I did not do anything waiting for a tech.
     

    Attached Files:

    Techwoman, Jun 16, 2015
    #5
  6. Techwoman

    Techwoman Specialist

    Okay I ran the MGtools Here is the uploaded zip file.
     

    Attached Files:

    Techwoman, Jun 16, 2015
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Many of your problems are not due to a virus. It is due to you having run MSconfig and disabling everything. You should be running your PC in normal startup mode. You have disabled many of your services and programs from running properly.


    However you do have a little junkware to cleanup so we will do that now.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
C:\Users\Marie\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
C:\Users\Marie\AppData\Local\iLivid

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\lptlIE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EF1B578C-4058-4062-890F-31694233FEA5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F19F56EB-DEBF-4B1A-AA72-331A0D091C26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\iLivid.torrent_backup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\Classes\.torrent\iLivid.torrent_backup]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\Classes\iLivid.torrent]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\Conduit]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\iLivid]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\IM]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\ImInstaller]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000_Classes\.torrent\iLivid.torrent_backup]
[-HKEY_USERS\S-1-5-21-410369435-1976559558-23016110-1000_Classes\iLivid.torrent]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXT log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jun 17, 2015
    #7
  8. Techwoman

    Techwoman Specialist

    Sir I said on my first post that something shut off the programs in Services.msc which I went in from the Black viper page and had to set them back to default..

    Thanks for helping me clear the junk. I will do as fallows in the morning.
     
    Techwoman, Jun 17, 2015
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes I know but in MSconfig many services and also startup processes are all disable. This is why your service were shutoff. Run MSconfig and put your PC back into normal startup mode and to correct all of this.
     
    chaslang, Jun 17, 2015
    #9
  10. Techwoman

    Techwoman Specialist

    Okay I did that. I also found another issue I am wondering if you can help me with it?

    It is amazing what I found when I ran her health check on the computer. The configuration of family chipset is causing problems.

    Error
    Symptom: [​IMG]
    Device is not working properly; Windows cannot load the required device drivers. Cause: A device has a configuration problem that prevents it from working properly. Details: The device, Intel(R) G35 Express Chipset Family, is reporting "tv_ConfigMgrErr31". This device will not be available until the issue is resolved. The Plug and Play ID for this device is VideoController3. Resolution: 1. Verify the correct driver is installed.
    2. Try updating the drivers using Windows Update.
    3. Check with the manufacturer for an updated driver.
    4. Attempt to uninstall and then reinstall the device using Device Manager. Related: Explanation of Error Codes Generated by Device Manager
    Manage Devices in Windows Symptom: [​IMG]
    Device is not working properly; Windows cannot load the required device drivers. Cause: A device has a configuration problem that prevents it from working properly. Details: The device, Intel(R) G35 Express Chipset Family, is reporting "tv_ConfigMgrErr31". This device will not be available until the issue is resolved. The Plug and Play ID for this device is ROOT\DISPLAY\0000. Resolution: 1. Verify the correct driver is installed.
    2. Try updating the drivers using Windows Update.
    3. Check with the manufacturer for an updated driver.
    4. Attempt to uninstall and then reinstall the device using Device Manager. Related: Explanation of Error Codes Generated by Device Manager
    Manage Devices in Windows Warning
    Severity: [​IMG]
    Informational Symptom: Missing Events in Event Log Details: Investigate why 36% (9,009) events were lost during data collection. The settings for Event Tracing for Windows (ETW) maximum buffers and buffer size may not be optimal depending on which data sets are being collected. Related: Event Tracing for Windows Basic System Checks

    Tests Result Description [​IMG]

    OS Checks [​IMG]
    Passed Checks for attributes of the operating system Test Groups Tests Failed Description OS Version Check 1 0 Passed [​IMG]

    Disk Checks [​IMG]
    Passed Checks for disk status Test Groups Tests Failed Description SMART Predict Failure Check 1 0 Passed Logical Disk Dirty Bit Check 1 0 Passed Free Disk Space Available C: 1 0 Drive C: has 23% free disk space [33993 MB] [​IMG]

    Security Center Tests [​IMG]
    Passed Checks for state of Security Center related information. Test Groups Tests Failed Description Check that Anti-Spyware Product is up-to-date. 1 0 Passed Check for Anti-Spyware Product that is enabled. 1 0 Passed Check that Anti-Virus Product is up-to-date. 1 0 Passed Check for Anti-Virus Product with on access scanning enabled. 1 0 Passed User Account Control Enabled Check 1 0 Passed Windows Update Enabled Check 1 0 Passed [​IMG]

    System Service Checks [​IMG]
    Passed Checks for state of system services Test Groups Tests Failed Description Abnormally Terminated Services Check 1 0 Passed Workstation Service Check 1 0 Passed [​IMG]

    Hardware Device and Driver Checks [​IMG]
    Failed Survey of Windows Management Infrastructure supported devices. Test Groups Tests Failed Description Controller Device Configured Fail Count 25 0 Controller devices. Controller Device Status Fail Count 25 0 Controller devices. Cooling Configured Fail Count 0 0 Cooling devices. Cooling Status Fail Count 0 0 Cooling devices. Input Configured Fail Count 3 0 Input devices. Input Status Fail Count 3 0 Input devices. Memory Device Configured Fail Count 83 0 Memory devices. Memory Device Status Fail Count 83 0 Memory devices. Motherboard Device Configured Fail Count 13 0 Motherboard devices. Motherboard Device Status Fail Count 13 0 Motherboard devices. Network Configured Fail Count 12 0 Network devices. Network Status Fail Count 12 0 Network devices. Port Device Configured Fail Count 51 0 Port devices. Port Device Status Fail Count 51 0 Port devices. Power Device Configured Fail Count 0 0 Power devices. Power Device Status Fail Count 0 0 Power devices. Printing Device Configured Fail Count 6 0 Printing devices. Printing Device Status Fail Count 6 0 Printing devices. Storage Device Configured Fail Count 7 0 Storage devices. Storage Device Status Fail Count 7 0 Storage devices. Video Device Configured Fail Count 6 1 Video devices. Video Device Status Fail Count 6 0 Video devices. PlugAndPlay Device Configured Fail Count 165 1 PlugAndPlay devices. PlugAndPlay Device Status Fail Count 165 0 PlugAndPlay devices.
    Performance [​IMG]

    Resouce Overview
    Component Status Utilization Details CPU [​IMG]
    Idle 9 % Low CPU load. Network [​IMG]
    Idle 0 % Busiest network adapter is less than 15%. [​IMG]


    Nic Intel[R] 82562V-2 10_100 Network Connection using 1,864 bits and has 100,000,000 bits capacity.
    Disk [​IMG]
    Idle 7 /sec Disk I/O is less than 100 (read/write) per second on disk 0. [​IMG]


    Reads 0.2/sec + Writes 6.4/sec
    Memory [​IMG]
    Normal 34 % 2013 MB Available.

    Software Configuration [​IMG]
    [​IMG]
     
    Techwoman, Jun 17, 2015
    #10
  11. Techwoman

    Techwoman Specialist

    Never mind I fixed the issue.
     
    Techwoman, Jun 17, 2015
    #11
  12. Techwoman

    Techwoman Specialist

    I had a problem with OTM it keeps freezing and then not responding.. What do you want me to do? I tried it twice.
     
    Techwoman, Jun 17, 2015
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try running it after booting in safe boot mode.
     
    chaslang, Jun 17, 2015
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds