WiredWX Hobby Weather ToolsLog in

 


descriptionMS Removal tool ruining my computer EmptyMS Removal tool ruining my computer

more_horiz
I ended up getting the MS Removal tool on my computer and it was popping up everywhere and keeping me from being able to do anything. So I went into safe mode to try and see if I could figure out how to fix it. Then I was promted to do a system restore and like an idiot I thougt this would fix everything. I don't have the MS Removal signs and program in my face all the time anymore but now when I am not in safe mode I can not open Fire Fox or Internet Explorer and whenever I try and open my documents or something like that it takes forever to open up. Hoping you can help and thanking you for your time in advance, all of my documents are in the attachment. Thanks!

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Hi there jnunley and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

First, let us delete some malware files that remain:

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:


:files
C:\Documents and Settings\All Users\Application Data\gL28321OhKpD28321
C:\WINDOWS\tasks\BC567E1A87CDFCCE.job

:commands
[resethosts]

  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

About you internext/mozilla problems. Have you tried to simply uninstall mozilla firefox and reinstall it and do the same with Internet explorer?

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Okay this is what I got when I ran your code in OTL and hit the Run Fix button it only took about 30 seconds.

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\gL28321OhKpD28321 folder moved successfully.
C:\WINDOWS\tasks\BC567E1A87CDFCCE.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06152011_202729


I'm going to run the other scans now.

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Here's what I got from Anti-Malware

Code:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6864

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/15/2011 8:53:24 PM
mbam-log-2011-06-15 (20-53-24).txt

Scan type: Quick scan
Objects scanned: 203433
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
That is clean.

Please download aswMBR by Alwil Software from here and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz

Code:


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-16 07:05:25
-----------------------------
07:05:25.781    OS Version: Windows 5.1.2600 Service Pack 3
07:05:25.781    Number of processors: 2 586 0xF0D
07:05:25.781    ComputerName: NUNLEY  UserName: NUNS
07:05:29.593    Initialize success
07:05:39.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:05:39.250    Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7KP Size: 76319MB BusType: 3
07:05:41.281    Disk 0 MBR read successfully
07:05:41.296    Disk 0 MBR scan
07:05:41.296    Disk 0 Windows XP default MBR code
07:05:43.312    Disk 0 scanning sectors +156280320
07:05:43.343    Disk 0 scanning C:\WINDOWS\system32\drivers
07:05:49.609    Service scanning
07:06:03.328    Disk 0 trace - called modules:
07:06:03.359    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
07:06:03.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fdeab8]
07:06:03.375    3 CLASSPNP.SYS[f758cfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f574a0]
07:06:03.390    Scan finished successfully
07:06:21.828    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NUNS\Desktop\MBR.dat"
07:06:21.875    The log file has been saved successfully to "C:\Documents and Settings\NUNS\Desktop\aswMBR.txt"

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Clean as well.
Do you have any problems remaining?

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Same as before, I uninstalled Firefox like you said and reinstalled it but now when I try to open it not in safe mode Anti-Mal ware tells me it stopped it from going to a potentially dangerous website, every time. I haven't uninstalled IE yet but it seems to have the same problem it can't connect to the Internet.

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
The only time I can get on the internet is in Safe Mode.

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
jnunley wrote:
Same as before, I uninstalled Firefox like you said and reinstalled it but now when I try to open it not in safe mode Anti-Mal ware tells me it stopped it from going to a potentially dangerous website, every time. I haven't uninstalled IE yet but it seems to have the same problem it can't connect to the Internet.

"Anti-Mal ware" tells you ==> Is this Malwarebytes' anti-malware that does it?

Can you go to Tools ==> Options ==> General in Firefox and put www.google.com as your home page. If you do that, what happens if you close Firefox and reopen it?

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Yes Malwarebytes' anti-malware tell me that, sorry. I will try it later I am at work right now so it will be a while before I get a chance to respond.
Thanks!

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Yeah that worked, thank you so much! My computer just runs extra slow now any suggestions on what I can do to help that?

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
1014.04 Mb Total Physical Memory | 224.87 Mb Available Physical Memory | 22.18% Memory free


Here is the likely problem of your computer slowness. Lack of memory. I recommend you look carefully at all programs that load during startup and check if you really want them.
Also check out blackviper.com which has excellent information on Windows services that can be disabled, freeing up more memory.

====================

It appears you have Ask Toolbar installed. Practically all, if not all anti-malware sites, including GeekPolice, have Ask Toolbar flagged as untrustworthy, because it uses shady practices for distributing and installing its toolbar, see here for more info.

I therefore highly recommend you to go to Start >> Control Panel >> Add/Remove Programs and remove the following programs if present:
  • AskBarDis
  • Ask Toolbar

After that go to the C:\Program Files folder and delete the following folders, if present:
  • AskBarDis
  • Ask.com

This will also free up some memory.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

I note you have Adobe Acrobat 8 full version on your computer. Be aware that old Adobe versions are full of security holes.

I recommend you install a separate PDF reader and set that as standard program for opening of PDFs. Only use Acrobat 8 if you need to edit a PDF.

Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10.0. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.


====================

I think we can close this case. Your computer is free of malware. You have some work left with optimizing your computer, but that will be your call. You decide what is worthy to run on your computer and what is not.

Do you have any more questions or do you want to hear my ALORTKYCC (Awesome List Or Recommendations to Keep Your Computer Clean)?

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Let's hear the list!

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
Allright! Now that we have you cleaned, we´ve got to make sure you stay clean.
Let me provide you with some recommendations:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

descriptionMS Removal tool ruining my computer EmptyRe: MS Removal tool ruining my computer

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum