performing maintenance with MGTools problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by muchwork, Jun 3, 2012.

  1. muchwork

    muchwork Private E-2

    My computer seemed to be running slow lately so I decided to run all the scans in the "read me first" thread as I haven't done it in over a year.

    All was going well until I reached MGTools. When I double clicked on the c:\MGTools.exe it did create a MGTools folder but the only other thing that happened was a black window flashed on the screen for less than one second. I was not able to find an MGlogs.zip either. I did a search for it too. I tried clicking on the MGTools.exe file one more time and I got the same result.

    Below are the logs I did get.
     

    Attached Files:

    muchwork, Jun 3, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please shutdown any protection software that you have running and try the below.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\MGlogs.zip
    Did you knowingly install Perfect Optimizer that MBAM deleted? If yes, when?
     
    chaslang, Jun 3, 2012
    #2
  3. muchwork

    muchwork Private E-2

    I double clicked on c:\MGTools\GetLogs.bat and got a split second flash of a black window. Tried it twice with the same result.

    Someone who worked on my computer about a year ago installed it because he likes it. I did not like it at all so I uninstalled it. My computer started behaving very poorly with and I did some searches on the internet and most of what I read about it was not good.

    I did notice those (perfect optimizer) files in that log (whichever one it was in) and figured the uninstall must have been incomplete. Is that correct?
     
    muchwork, Jun 4, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then let's see if we can find out what is happening.

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    analyse <-- this will try to run TrendMicro Hijackthis. Click Twice on the Accept button to accept the license agreement if it shows. Then run a scan and save a log. Tell me what error messages, if any, you see.
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
    getnetinf<-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

    Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.

    Looks like it did not uninstall very much at all.


    Just in case the batch files from MGtools do not work properly, let's also do the below as a backup.

    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop. (If running Vista or Win7 right-click and select Run as Administrator)
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Change the setting of "Drivers" and "Services" to "All"
    • Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
      Code:
      netsvcs
/md5start
afd.sys
atapi.sys
csrss.exe
dhcpcsvc.dll
explorer.exe
lsass.exe
nsiproxy.sys
regedit.exe
services.exe
svchost.exe
tcpip.sys
tdx.sys
userinit.exe
winlogon.exe
/md5stop
%systemdrive%\*.*
%systemdrive%\MGtools\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.sys /90
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%windir%\assembly\GAC\*.ini
%windir%\assembly\GAC_MSIL\*.ini
%windir%\assembly\gac_32\*.ini
%windir%\assembly\gac_64\*.ini
%windir%\assembly\temp\*.ini
%windir%\assembly\tmp\u /s
%allusersprofile%\application data\*.exe
hklm\system\currentcontrolset\services\dhcp
hklm\system\currentcontrolset\services\afd
hklm\system\currentcontrolset\services\tdx
hklm\system\currentcontrolset\services\tcpip
hklm\system\currentcontrolset\services\nsiproxy
hklm\software\microsoft\windows\currentversion\run
hklm\software\microsoft\windows\currentversion\runonce
    • Now click the Run Scan button.
    • Two reports will be created:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Attach both OTL.txt and Extras.txt to your next message. (See how to attach)
     
    chaslang, Jun 4, 2012
    #4
  5. muchwork

    muchwork Private E-2

    Ok, here's a rundown on how things went. I made a couple of mistakes which I hope didn't render the logs useless. Details are below.

    I ran the MGTools scans in the cmd you instructed me to do. No error messages appeared, however I realized about 3/4 of the way thru the scans that I failed to disable my antivirus and firewall. Should I rerun the scans with them disabled?

    Next issue...I went to the MGtools folder to look for the MGLogs.zip (I know..wrong place to look). When I couldn't find it I clicked on GetLogs.bat and it appeared to rerun all the scans that I did in the cmd mode plus more. I then realized my mistake and waited for the scans to complete. I closed the window and found the c:\MGLogs.zip file right where it was supposed to be...imaging that!

    As for OTL, I disabled the antivirus and firewall before running it. All went well with no mistakes (Well, none that I am aware of anyway).

    Logs are attached and hopefully informative.

    I noticed a hijackthis.log file on my desktop. Do you need me to attach that also?
     

    Attached Files:

    muchwork, Jun 5, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Other than the junk MBAM removed, I'm not seeing any malware issues. Your PC is probably slow due to the fact that you do not have enough memory to properly run Windows XP SP3 and everything else you are running. Your logs show
    Code:
    Total Physical Memory 512.00 MB 
Available Physical Memory 122.39 MB
    We recommend at least 4 times this much memory ( i.e., 2 GB ).

    You could stop loading things like below at startup which may help somewhat, but you really need more memory.

     
    chaslang, Jun 5, 2012
    #6
  7. muchwork

    muchwork Private E-2

    Thank you very much for the evaluation. I will look into getting more memory.

    As for your other recommendation: What forum do I go to to find out how to make the files you listed stop loading at start up?
     
    muchwork, Jun 6, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Perhaps the below link will help. I prefer AutoRuns

    Dealing with Startup Process
     
    chaslang, Jun 7, 2012
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds