win xp system cleaning logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 9550, Apr 6, 2013.

  1. 9550

    9550 Private E-2

    hey all
    working on my mothers laptop. it would startup and there was a brief period where you could do anything with the computer, but after 30seconds or so, comp slowed dramatically and was practically unusable. i ran tdskiller and it turned up at least one rootkit. got rid of them ( i assume).
    then i went throught the read and run me procedure. i didnt do that initially because i wanted to get the thing running well enough to do it all.

    last couple days i went through the read and run me first for windows xp

    attached is the log for rogue killer. it says 4 because i made a few errors. didnt disable fogger, antivirus, etc. and then i ran it again
    please let me know if i need to do anything

    also attached is also the logs for mgtools, malware bytes, tdsskiller and hitman pro.
    again, please let me know if theres anything i need to do.

    when running hitman pro, it asked me to activate the software, so i chose free activation. this activation process ended up apparently deleting files (guide said dont delete anything). am i mildly screwed? system seems fine.


    btw, i have it set up with avira free antivirus, and comodo firewall. do i need more? is avira free a reasonable choice or is there a more preferred AV?

    thanks in advance for all your help
     

    Attached Files:

    9550, Apr 6, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes and there appear to be several reasons why and none of them are malware. Here is what I see:
    1. Older slower style processor:
    2. Not enough memory to properly run Windows XP:
    3. Strain introduce by too many security programs
      AVG appears to be uninstalled however not properly. Seem like you may have installed all of these and more in a very short time period. I see signs of McAfee too.
    Let's try a couple things. First you must run MSconfig and put this PC into Normal Startup mode. MSconfig must not be used as a startup manager. See >> Dealing with Startup Process Make sure that you do this step with MSconfig and then reboot before continuing.

    Now uninstall the below:
    Advanced SystemCare 6
    COMODO Internet Security
    Smart Defrag 2
    SUPERAntiSpyware

    Again, make sure that you uninstall ALL of the above before continuing with the below because the below will break any of them that are still installed.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Documents and Settings\All Users\Application Data\Babylon
C:\Documents and Settings\New User\Application Data\Babylon
C:\Documents and Settings\New User\Local Settings\Application Data\Avg2013
C:\Documents and Settings\All Users\Application Data\AVG10
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Comodo Downloader
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
C:\Program Files\COMODO
C:\Program Files\COMODOSUPERAntiSpyware                                   
C:\WINXP\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\Documents and Settings\New User\Local Settings\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F52BE4-0310-4F91-BE5B-945513E6AA73}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_USERS\S-1-5-21-1957994488-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_USERS\S-1-5-21-1957994488-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-1957994488-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-1957994488-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_USERS\S-1-5-21-1957994488-616249376-1417001333-1003\Software\Softonic]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 7, 2013
    #2
  3. 9550

    9550 Private E-2

    thank you sir
    will get to work on it right now

    one note in case it helps to understand more of the problem:
    iirc, only asc6, smart defrag, and ccleaner were installed when the problems arose. my nephew downloaded a game 'minecraft' and it seems the trouble started soon after. any other items installed were done when i started trying to solve the problem. was having trouble getting avira to run, so tried avg.
    the system runs great right now just from going through the read me run me stuff.

    will get going on your latest request. thanks again
     
    9550, Apr 7, 2013
    #3
  4. 9550

    9550 Private E-2

    am i supposed to do the otm and getlogs.bat with hidden files shown and antivirus off and the defogger running?

    i assumed not, and during the getlogs.bat activity, i got a notice from avira that a host file was blocked. please let me know if this is an issue.
    thanks
     
    9550, Apr 7, 2013
    #4
  5. 9550

    9550 Private E-2

    logs attached

    i will be keeping an eye on this thread for a few more hours in case you have more instructions/advice
    thanks again

    system is running as well as it was before i did these last couple steps.

    also, with regard to msconfig not being set to normal startup, i changed it because on normal startup, it would ask if i wanted xp home or xp pro, so i changed the boot.ini file to remove the xp home option and used msconfig to use that edited boot file. i may not be describing it properly, but regardless, now it is back to asking home or pro, and if possible, i would like to make that not happen anymore. not a big deal, but still, if possible, i would prefer it.

    edit: will be watching a few more hours today and can make changes to the computer if necessary. tomorrow can chat but wont be able to make any changes until late afternoon
     

    Attached Files:

    9550, Apr 7, 2013
    #5
  6. 9550

    9550 Private E-2

    ok, first abnormality:
    i am getting a 'found new hardware' popup on startup. hardware wizard starts. new device is 'unknown'
    i havent installed anything
    i assume it has something to do with the last two steps we just completed.
    do i go through with install or ?
     
    9550, Apr 7, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just edit your C:\boot.ini file. It currently has the below in it.
    Remove the red highlighted line.
     
    chaslang, Apr 10, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Has nothing to do with the fixes made. Nothing was changing any hardware configuration. You can allow it to go thru the hardware wizard and see what happens. If it is unknown, I don't see how it could be fixed though.
     
    chaslang, Apr 10, 2013
    #8
  9. 9550

    9550 Private E-2

    ok, i edited the boot.ini file. things are fine it appears
    i ran through the setup wizard for the unknown hardware and let it complete, chose dont show again or whatever it says, and hasnt shown up again during startups.

    any comment on my question 'am i supposed to do the otm and getlogs.bat with hidden files shown and antivirus off and the defogger running?'?

    if no comment, are there any final steps i need to perform?(uninstall the tools we used perhaps?)

    can/should i re-install the advanced system care(i dont know if you wanted it removed to get it out of the way during repair or if it isnt needed)? this is my mothers laptop and i have her use that as a tool every now and then, as well as ccleaner. perhaps thats redundant?

    can/should i re-install comodo firewall or just let windows firewall do the job?


    thanks again for your help
     
    9550, Apr 11, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are only supposed to run what is requested an nothing else. Defogger has nothing to do with those instructions.

    I don't recommend performance tweakers and especially do not recommend using any registry cleaner tweaking tool. The can frequently cause more harm then good in the long run. Registry cleaning should only be run exactly as advised by an expert and then only specific things should be fixed. Registry cleaners can show hundreds to thousands of issues on brand new Windows installations. Obviously, they are not problems at all.

    As long as you only install Comodo's Firewall and nothing else. It is much more secure than the Windows firewall but you do have to put up with more questions about approving what is allowed to run.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Apr 15, 2013
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds