Windows freezes after startup

Discussion in 'Malware Help (A Specialist Will Reply)' started by mekong22, Jan 8, 2014.

  1. mekong22

    mekong22 Private E-2

    I'm having problems very similar to those identified in this thread

    http://forums.majorgeeks.com/showthread.php?t=225757

    About three or four days ago, my computer completely froze. I tried restarting a few times but it didn't help. In safe mode, I'm not having any issues. I originally ran malwarebytes and ESET which found Win32/PrcView among other issues. After letting those clean what they could, it seemed like the computer was working again for a short period but then it went right back to freezing. Now there is a blue box with an upside down arrow on the right side of my screen (regardless what program is open) and my firefox home page had changed to

    http://search.conduit.com/?ctid=CT3...M=2&UP=SPDF57CAC9-90B0-4B67-A931-74B511DE8D11

    I have windows 7, 64 bit

    Here are the logs. I had to run everything in safe mode.

    thanks in advance for any help you can provide
     

    Attached Files:

    mekong22, Jan 8, 2014
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may be having problems with McAfee, but let's remove all the junkware you installed and see what changes occur.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Conduit
C:\ProgramData\Conduit
C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\vdrmpvw9.default\CT3315826
C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\vdrmpvw9.default\searchplugins\conduit.xml
C:\Users\Jim\AppData\Roaming\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\Users\Jim\AppData\Roaming\SearchProtect
C:\Users\Jim\AppData\LocalLow\Conduit
C:\Users\Jim\AppData\Local\Conduit
C:\Program Files (x86)\InternetHelper3.5
C:\Users\Jim\AppData\LocalLow\InternetHelper3.5
C:\Users\Jim\AppData\Roaming\PC Health Kit
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
C:\Users\Jim\AppData\Local\Conduit
C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\vdrmpvw9.default\bProtector_extensions.sqlite
C:\Users\Jim\AppData\Local\Temp\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DE2041A3-B310-414D-BD8D-86A59465094B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_USERS\S-1-5-21-124944108-2087374701-2801019263-1001\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-124944108-2087374701-2801019263-1001\Software\Conduit]
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Also, please download SystemLook_x64 from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :regfind
Conduit
BackgroundContainer
:filefind
Conduit
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
    • Please attach the SystemLook.txt log found on your Desktop to next reply.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • the SystemLook log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jan 9, 2014
    #2
  3. mekong22

    mekong22 Private E-2

    Thanks chaslang!

    I went through your directions. The start page on firefox looks like it's fixed and the blue box with the arrow is gone. At first, it seemed like programs were working fine, but after a little while, everything is freezing again and I suddenly can't do anything until I go back to safe mode.

    Here are my logs. Let me know what you recommend next
     

    Attached Files:

    mekong22, Jan 9, 2014
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As stated below, you may be having problems with McAfee or something else. Your logs are clean.

    Suggestion: Uninstall McAfee and reboot. Then also run the below to make sure McAfee is cleaned up:

    http://www.majorgeeks.com/files/details/mcafee_consumer_product_removal_tool.html


    Did that help with your problem?
     
    chaslang, Jan 11, 2014
    #4
  5. mekong22

    mekong22 Private E-2

    Thanks again for the reply, chaslang

    I uninstalled and reinstalled McAfee and ran the consumer products removal tool, but still no luck.

    The computer works fine in safe mode, and I typically get 5-10 minutes after a regular startup before everything freezes. I tried leaving it on overnight incase there was some update going on the background that was freezing things up, but that didn't help.

    Also, I should note, when I shut down the computer from safe mode it shuts right away, but when I shut down from regular mode it takes several hours to shut down. If it doesn't complete the shutdown overnight, I force it to shut down by holding down the power button the next morning.

    Also, although the Firefox homepage is fixed, I noticed that Chrome still has that search.conduit.... page when I start it up

    I ran the MGlogs in regular mode just incase that shows anything that didn't come up in safe mode (I had to run it immediately after starting the computer so it would complete before things froze), see attached.

    Let me know if you have any other suggestions.

    thanks again
    mekong
     

    Attached Files:

    mekong22, Jan 12, 2014
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    It would have better if you just left McAfee uninstalled completely during your debugging of the freeze problem. It would be less to contend with. This is not a malware issue so I will have to send you to the Software Forum. The steps you should take would be to selectively disable various processes using MSconfig and then reboot to see if you can find any particular item that is the cause.

    And as far as the conduit home page in Google, you should be able to just change it to what you want. Doesn't that work?
     
    chaslang, Jan 13, 2014
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds