Sending this in safe mode

aura5195 · Dec 6, 2014

Hey there,

My 9 year old loves watching utube videos.

This morning my pc would not open any browsing windows. I rebooted and now the only way my pc functions is in safe mode (I can get networking). In normal mode, my pc starts up sloowly, then eventually the screen locks up completely and I have to hard re-boot. Every time.

You guys are super awesome and have saved me before, please help!

dr.moriarty · Dec 7, 2014

Hello, aura5195

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
Java 7 Update 45
Java(TM) 6 Update 30

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box
Code:
:files
C:\Program Files (x86)\Conduit\Community Alerts 
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll 
C:\Program Files (x86)\Conduit
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z 
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
C:\ProgramData\APN\APN-Stub\W3IV6-G\Setup.ini 
C:\ProgramData\APN\APN-Stub\W3IV6-G
C:\ProgramData\APN
C:\ProgramData\Ask
C:\Users\Home\AppData\Local\Conduit
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Dialogs
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1182482_1178159_US.xml 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\Feeds
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml 
C:\Users\Home\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks
C:\Users\Home\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_8_2_0.xml 
C:\Users\Home\AppData\LocalLow\Conduit\Toolbar\Facebook
C:\Users\Home\AppData\LocalLow\Conduit

:reg
[-HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKLM\SOFTWARE\Wow6432Node\Conduit]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS]
[-HKU\S-1-5-21-1746302872-2865033036-1574024556-1001\Software\AppDataLow\Software\Conduit]
[-HKU\S-1-5-21-1746302872-2865033036-1574024556-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKU\S-1-5-21-1746302872-2865033036-1574024556-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

Make sure to shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

When it's done you'll see: Pending: Please uncheck elements you don't want removed.

Now click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).

Look over the log especially under Files/Folders for any program you want to save.

If there's a program you may want to save, just uncheck it from AdwCleaner.

If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)

If you're ready to clean it all up.....click the Clean button.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

Attach that logfile to your next reply.

A copy of all logfiles are saved in the C:\AdwCleaner folder which are created when running the tool.

Now install the current version of Sun Java from:

Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Make sure that when you install the new version of Java that you uncheck the Install the Ask Toolbar junkware checkbox. You do not want to add the stuff junk that most people consider malware to your PC. Also just in case Oracle changes the Java installation in the future to possible install other junk, uncheck all but just installing Java.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").

Then attach the below logs:

the C:\_OTM\MovedFiles log

the JRT.TXT log

C:\MGlogs.zip

AdwCleaner[S#].txt

Make sure you tell me how things are working now!

aura5195 · Dec 7, 2014

Still in safe mode.

I don't know if this messed things up further but I had to switch back and forth between safe mode and regular operating (rebooting probably 6 times) to get these things done.

I did get through the list and have attached the files but my computer is still pretty sick. At least now though, when I operate normally, it functions properly for about 5 minutes before everything just stops working. Not a complete screen freeze anymore either, just a ever-spinning "working" icon and I still have to hard reboot.

The constant hard rebooting of my pc is probably not very good for it, but would it help if I tried to go through this list again in normal mode (just 5 minutes at a time)?

aura5195 · Dec 7, 2014

Whoops, also, I couldn't attach the MG zip file as the website says I've already done so. The first time around, I'm assuming? Shall I rename the newest one and send it over? Also, there was no "mmddyyyy_hhmmss.log" Just the .txt file, so that's what I attached. Hope this was right!

dr.moriarty · Dec 7, 2014

aura5195 said: ↑

..I couldn't attach the MG zip file as the website says I've already done so...Shall I rename the newest one and send it over?
Click to expand...

No - follow my instructions to run the C:\MGtools\GetLogs.bat file, in Safe Mode if needed. This will create an updated MGlogs.zip for attachment.

aura5195 · Dec 7, 2014

Ok, here is the mg-logs file.

I'm still in safe mode. I'm going to reboot now and cross my fingers.

aura5195 · Dec 7, 2014

And no, the computer is still not functioning outside of safe mode.

dr.moriarty · Dec 7, 2014

Also -

Please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.
For 32-bit (x86) systems download Farbar Recovery Scan Tool
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64

Double-click to run it. When the tool opens click Yes to disclaimer.

Press the Scan button.

It will make a log (FRST.txt) in the same directory the tool is run from.

The first time the tool is run, it also makes another log (Addition.txt).

Attach both logfiles to your next reply. (See: How to attach)

aura5195 · Dec 7, 2014

Here you go

dr.moriarty · Dec 7, 2014

I'm asking my colleagues about the problem, aura.

dr.moriarty · Dec 8, 2014

To remove some left-overs, please download and run the following, re-boot, then run it a second time.
McAfee Consumer Product Removal Tool 7.6.133.0

*We will be un-installing Kaspersky as a test.

Un-install Kaspersky Internet Security. DO NOT re-install until instructed!

If your internet connection is hard-wired, disconnect the ethernet cable. If wireless is being used, disable your wireless.

Now reboot into Normal Boot mode if possible.

Re-run both RogueKiller and HitmanPro (scans only) for fresh logs.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").

Re-establish your internet connection now.

Please restrict your online activities to checking your email for post notifications from this thread and posting replies here.

Please attach:

updated RKreport_SCN

updated HitmanPro log

updated MGlogs.zip

Please explain how your machine is running.

dr.moriarty · Dec 8, 2014

Also -

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.

Please download the attached Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

You should now have both fixlist.txt and FRST64.exe on your Desktop.

Now disconnect your PC connection to the internet by unplugging the ethernet cable ( if it is wireless then temporarily shutdown the wireless network ).

Run FRST64.exe by right clicking on it and selecting "Run As Adminstrator"

Click the Fix button just once and wait.

Your computer should reboot after the fix runs.

Reconnect your internet connection after reboot so you can come back here to continue.

The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

aura5195 · Dec 8, 2014

It was a little hairy getting the Kaspersky uninstalled (in normal mode, wouldn't uninstall in safe mode) before the computer froze up but I managed to get it done. Then I rebooted in normal mode again and re-ran the requested programs and.....amazingly!, the computer hasn't locked up yet!

Here are the updated logs, excepting the Hitman, which wouldn't run without an internet connection.

Would you like me to run the Hitman program now with the internet active?

And I'm moving on to your next step with the script and still in normal mode. My fingers are still crossed!

aura5195 · Dec 8, 2014

Downloaded the fixlist, ran the frst64, clicked the fix button once and waited about a half a second. It popped the log right up on the desktop and did not reboot the computer, so I rebooted and here we are.

The computer is still working normally since about when I uninstalled the Kaspersky, although I haven't tried to do anything with it besides your instructions (per your instructions).

I am now going to power it down and go finish watching cutthroat kitchen with my cell handy to periodically check for any more of your super awesome, life and computer saving, fantastically amazing, awesome (did I say awesome yet?) instructions on how to make my computer work again.

Btw, you're awesome.

dr.moriarty · Dec 8, 2014

The "awesomeness" is chaslang's input.

aura5195 said: ↑

Would you like me to run the Hitman program now with the internet active?
Click to expand...

Yes, for a more complete malware check.

aura5195 · Dec 8, 2014

Ok, here's the Hitman log

aura5195 · Dec 9, 2014

So, I haven't been touching my computer since running that last log. Do you think it is safe for me to start using it again?

dr.moriarty · Dec 10, 2014

Nothing dangerous detected by HitmanPro, but we have a malware scheduled Task I want gone.

Please run a new scan with RogueKiller. After it finishes the scan, select the Tasks tab and then select the below if still present, then click the Delete button.

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\4574 -- wscript.exe (C:\Users\Home\AppData\Local\Temp\launchie.vbs //B) -> Found
Click to expand...

Then immediately reboot your PC.

Running OTM by Old Timer again:

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box
Code:
:Files
C:\Windows\system32\tasks\0
C:\Windows\system32\tasks\4574
C:\Users\Home\AppData\Local\Temp\*.*
:commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file.

After reboot, run a new scan with RogueKiller and save a log as in the original instructions and attach the new log along with the updated OTMlog.txt.

How is your machine performing? Any further problems entering Normal Boot mode?

aura5195 · Dec 10, 2014

I haven't been using it at all but for this and so far it's been running 800% better than it was (which was not at all).

I'm going to leave it up tonight and will see how it's doing in the morning.

dr.moriarty · Dec 11, 2014

Good -
Let's reinstall your anti-virus now and see how your pc runs.

dr.moriarty · Dec 12, 2014

:confused

Are you still with me, aura5195? If all is well with your machine, I have final instructions that I need to give you.
dr.m

Sending this in safe mode

aura5195 Private E-2

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

aura5195 Private E-2

Attached Files:

aura5195 Private E-2

dr.moriarty Malware Super Sleuth Staff Member

aura5195 Private E-2

Attached Files:

aura5195 Private E-2

dr.moriarty Malware Super Sleuth Staff Member

aura5195 Private E-2

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

Attached Files:

aura5195 Private E-2

Attached Files:

aura5195 Private E-2

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

aura5195 Private E-2

Attached Files:

aura5195 Private E-2

dr.moriarty Malware Super Sleuth Staff Member

aura5195 Private E-2

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

Useful Searches