Ntlrd Is Missing

Hello, Klienfelt

Run MSconfig and reset the PC for Normal Startup Mode, as it is wasn't meant to control startups for extended periods.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O4 - HKCU\..\Run: [hola] C:\Users\Darren\AppData\Local\Hola\local\app\hola.exe --silent
• O4 - HKUS\S-1-5-21-626224806-3553199098-31642179-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [hola] C:\Users\Darren\AppData\Local\Hola\local\app\hola.exe --silent (User '?')
• O15 - Trusted Zone: http://*.hola.org
• O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
• O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:services
gupdate
gupdatem

:files
C:\Hola
C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
C:\Windows\TEMP\*.*
C:\Users\Darren\AppData\Local\Temp\*.*

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"hola"=-
[HKEY_USERS\S-1-5-21-626224806-3553199098-31642179-1001\Software\Microsoft\Windows\CurrentVersion\run]
"hola"=-
[-HKEY_LOCAL_MACHINE\Software\Hola]
[-HKEY_LOCAL_MACHINE\Software\Partner]

:COMMANDS
[emptytemp]
[resethosts]
[reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

• Close all open windows and browsers.
• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
• Attach that logfile to your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which are created when running the tool.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7\8\10, don't double click, use right click and select "Run As Administrator").

Then upload the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip
• AdwCleaner[S#].txt

Make sure you tell me how things are working now!

 

Just a quick FYI. You got this warning because you had not used Run As Administrator to run MGtools.exe. See the info in the pop message for HijackThis which also states this.

 

I repeat, you need to use Run As Administrator. Dr. Moriarty instructions had the below note:

(Note: if using Vista, Win7\8\10, don't double click, use right click and select "Run As Administrator").

 

You're welcome, Klienfelt.

Please follow the below steps to remove the rest of Hola - an undesirable:
Using AdwCleaner.exe previously downloaded:

• Double click on AdwCleaner.exe to run the tool. (Vista, Win7/8 users should right-click and "Run As Administrator")
• Click on the Scan button.
• After the scan has finished..
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
• A copy of that log file will also be saved in the C:\AdwCleaner folder.
• Upload this log to your next reply.

Don't forget to answer "How is your PC running now?".