Help with Win XP Cleaning

Most frequently, problems like this are hardware related. Possibly heat or a hard disk or memory problem.

Don't need to since this is not necessary.

You needed to attach them as requested however I see from the below that your system crashed before you got to doing this.

MGtools does not really remove anything of significance. It just removes a few minor malware files if found and resets a few registry keys to normal defaults to work around potential issues where malware has disabled things like Task Manger, RegEdit...etc. Everything else that it does is just information collecting. Thus it is unlikely that running MGtools caused any kind of crash.

It is possibly that if you do have malware, that it finally just got to a point where things hit the breaking point. There are quite a few new forms of malware that are infecting necessary Windows system files and eventually these infections can cause quite unpredictable problems.

This again sounds like a hard disk issue as mentioned above.

Again sounds like a hardware issue if you cannot access the BIOS.

The password it is looking for is the password for the Administrator user account. Note this is the account actually named Administrator, not an account that just has administrator priviledges. You need to know this password since it is your PC. If you put one in (which is dangerous since malware could change it to anything it wants) then it should be blank. If you cannot figure out what the password is, you will need to use another PC to create the disk mentioned in the below and reset the password to blank. Only reset it to blank with this tool. Trying to set it to something other than blank frequently fails.

http://home.eunet.no/~pnordahl/ntpasswd/


However, I'm not sure what good getting to the Recovery Console is going to do since you are not getting error messages about missing operating system files. As stated above, sounds more like a possible disk crash of some kind.

 

These are malware files not system files. Removing these was necessary. The act of removing these has never cause a crash like you are mentioning where chkdsk constantly runs.

Have you tried running chkdsk /r from the Recovery Console?

See the below for more info on the Recovery Console

http://support.microsoft.com/kb/314058

 

Re: Got the logs off HDD!

It did not finish running properly so we will need to manually cleanup after it.

Questiions like this should be posted in the Hardware Forum but you can check out the software available for downloading in the below links:

http://www.majorgeeks.com/downloads7.html

http://www.majorgeeks.com/downloads26.html

Why do you have all of those port open in your firewall for Akamai NetSession Interface. Did you install something related to this? IS it part of this program? C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe See: http://www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!