Generic Load Point

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only RogueKiller and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run the rest of the READ & RUN ME FIRST instructions on the infected account.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

You need to take a look at this.

HOW TO: Attach Items To Your Post

 

Yes, continue on now please with all of the other requested logs. Thanks.

 

Hi. Can you try zipping up the Hitman log and attaching it that way?

 

Just an FYI: These are not malware. They are from iolo System Checkup that you have installed.

 

You can just rerun Hitman and allow it to fix the Potential Unwanted Programs that it showed. The other items are not issues.

You should also run the below.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

Try booting in safe boot mode and run it there.

 

Okay try the below instead. If it does not run then your problem may be Norton 360 even if disabled.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Yes there are some ads that will come up with this stuff in it. Just ignore it. It is not malware. Just advertisements.

 

There are just a few minor things to clean up.


Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe
 
:Files
C:\Documents and Settings\Sue & Tom\Local Settings\Application Data\Conduit
C:\Program Files\Conduit
C:\Documents and Settings\Sue & Tom\Local Settings\Temp\*.*
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect]
[-HKEY_USERS\S-1-5-21-1343024091-2111687655-1177238915-1004\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1343024091-2111687655-1177238915-1004\Software\SmartBar]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Well you seem to have problems just about running everything. I want to point out something here though. There has been no real significant malware found. You just have a few minor adware issues and that is all. It is really not that important that we make sure these last few items are removed.

The new item you just mention about your PCs performance is due to your PC specs:

Code:

Processor x86 Family 15 Model 4 Stepping 4 GenuineIntel ~2793 Mhz 
Total Physical Memory 1,024.00 MB 
Available Physical Memory 192.43 MB 

This shows you have an older slower processor design and also that you have about 1/3 of the memory I would recommend for running Windows XP SP3 especially on a slower computer style. Also your available ( free ) memory is low by standards required to keep Windows running efficiently. Norton 360 may just be too much for your PC, but with such low memory and old processor style, most modern day protection software is going to cause performance issues.

 

Yes that is what I said in my last message. I was just stating you don't have enough memory to run it properly.

As mentioned in my last message, triple your memory is the fastest solution. But one other thing to keep in mind is that Microsoft will officially stop supporting updates to Windows XP this April ( see http://windows.microsoft.com/en-us/windows/end-support-help ). This does not mean you cannot run your PC anymore, it just means there will be no official support from Microsoft anymore.

So the choice is really in your hands. Do you want to send any money to keep this PC running better for any length of time or do you want to put that money towards a new PC with more capabilities and more future?

You could price out memory upgrades in the below link which will also analyze your PC to tell you exactly what you can add.

http://www.crucial.com/systemscanner/

And then you can research the cost of new PCs.


Just an FYI: I have quite a few PCs running Win XP that I will not be changing yet. Obviously I need them to do all this kind of malware removal work. But they work just fine. I have no less than 2 GB of memory in any of them and that is on the ones that are at least dual core processors ( which are faster/newer than yours PC type. I do have one older PC than is similar to yours. It is a 3 GHz processor which is faster but it is the same vintage. I have 3 GB of memory in this one. And while it is slower than other newer PCs, it runs fine. But I Norton 360 would probably slow it down a bunch too.

 

You're welcome.

Yes the below.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!

Happy New Year!