My PC is screwed up!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Dimwit, Mar 6, 2010.

  1. Dimwit

    Dimwit Private E-2

    Hello Officers and Men;)

    This is my first post but over the years I have lurked around MajorGeeks and have found enough info to get me out of trouble time and time and time again. But now I am stumped and ask for help.

    A week ago I downloaded a lot of stuff (including dubious free driver scanners etc) trying to get an old LifeView FlyVideo TV Tuner to work. I was unsuccessful and no longer want to do this (I think the card is really just sh*t or perhaps just shot). However in the process I have messed up my PC badly. Spybot reports MarketShare, says it removes it but it bounces back. Adaware and Defender say I am clean but a scan by PrevX reported 200 “items” – I have forgotten what they were (they offered to "fix" them for $29.99!)

    I have followed various suggestions from various sources to remove MarketShare & RelevantKnowledge but Spybot still reports MarketShare.

    My machine has become horribly sluggish, now boots up slowly and so forth. Something seems to be hogging memory? (I am out of my depth when it comes to memory!)

    I have followed the READ AND RUN instructions and attach my 4 log files. As a last step after a reboot I made a Highjack log (analyse.exe log) and will attach this as a followup post to do this (I am not sure how to do this but I am sure it will become clear when I come to do it). I hope I’ve got these right and hope someone will be kind enough to help me! :wave
     

    Attached Files:

    Dimwit, Mar 6, 2010
    #1
  2. Dimwit

    Dimwit Private E-2

    Hello Again!
    This is the Highjack Log I didnt have room for in my original post! :wave
     

    Attached Files:

    Dimwit, Mar 6, 2010
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We did not ask for a HijackThis log. We need the log from running MGtools which is C:\MGlogs.zip
     
    chaslang, Mar 7, 2010
    #3
  4. Dimwit

    Dimwit Private E-2


    Chaslang, thanks for response. I am sorry. I clicked on the wrong file in my second post attachment.:banghead Here it is.....
     

    Attached Files:

    Dimwit, Mar 7, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How much memory do you have in this PC? Your logs are only showing 97 MB free which is bad, but I question what it is showing for your total memory. It shows 4 GB, but it would be very unlikely for you to have 4 GB and only 97 MB free.

    Your logs are basically clean. Just a few minor details to take care of.

    If you are going to use Skype, you should uninstall Skype 2.6, and install the current version which has fewer security risks.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 7, 2010
    #5
  6. Dimwit

    Dimwit Private E-2


    Chaslang: Wow! Thanks! It is going to take a while and here in Old England it is too late in the day for my brain to function properly. I will try and get on with it tomporrow AM:wave:zzz
     
    Dimwit, Mar 7, 2010
    #6
  7. Dimwit

    Dimwit Private E-2


    Chasland, I am not very experienced in the ways of forum posts and responded to you with a Word Doc with embedded images and find they wont paste in the forum :-o. Hence to retain my formatting I am attaching the document. Hope this is not too unacceptable. KR
     

    Attached Files:

    Dimwit, Mar 8, 2010
    #7
  8. Dimwit

    Dimwit Private E-2

    As A PS to last post Everest also reports thus:

    [ Memory Modules / A0 ]

    Memory Module Properties:
    Socket Designation A0
    Type EDO
    Speed 70 ns
    Installed Size 4096 MB
    Enabled Size 4096 MB

    [ Memory Modules / A1 ]

    Memory Module Properties:
    Socket Designation A1
    Type EDO
    Speed 70 ns
    Installed Size Not Installed
    Enabled Size Not Installed

    [ Memory Devices / A0 ]

    Memory Device Properties:
    Form Factor DIMM
    Size 4096 MB
    Total Width 64-bit
    Data Width 64-bit
    Device Locator A0
    Bank Locator Bank0/1
    Manufacturer None
    Serial Number None
    Asset Tag None
    Part Number None
     
    Dimwit, Mar 8, 2010
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to post text into the forum if you expect us to comment on anything. We cannot spend the time to copy and paste the info of what you said (quoted info) for our replies.

    But either way it really does not matter since you are not having any malware problems beyond what was already removed. I suggest that you post in the Hardware Forum to resolve your memory reporting issues since this could be the root of your performance problems. At least it is worth checking to find out why some reports are showing your memory incorrectly.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Mar 13, 2010
    #9
  10. Dimwit

    Dimwit Private E-2

    Thanks Chaslang for all your help. Sorry about sending my last report as an attachment – I didn’t (and still don’t understand why it didn’t!!:-o) think it would make any difference if you read it in one form or another. As I am vision impaired I normally compose in Font 36 in WORD and then cut and paste it to wherever in a normal size. Major Geeks Forum would not let me paste my inline clips which were really the basis of my report – just in case any of them meant anything to you.
    Anyhow it is a relief to know that an expert sees my PC clean of malware. I have completed your “Final Steps” without any problems and followed your advice where necessary re protecting my system from malware. I will see if the Hardware Geeks can demystify my memory reporting error.
     
    Dimwit, Mar 21, 2010
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Mar 23, 2010
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds