James2571

Help removing tools

Recommended Posts

I had received help with a slow laptop, and video issues a few weeks back, and the issue was resolved the best it could be, so I followed the instructions to remove the tools from my system, and ran into problems.

 

1.  My computer will now not turn off when I use "Shut Down" from the START menu. I have to physically turn it off.

 

2.  I keep getting an error (while I am in Firefox) that my "Virtual Memory is too low" 

 

Not sure how to fix it.  Could be also why video is having issues as well.

 

Attached are my OTL & Extras log, along with the EEK Log from todays updated EEK.

 

Please help. 

 

Thank you.

Share this post


Link to post
Share on other sites

To increase the size of Virtual Memory (PageFile) on Windows XP:

  • Click Start, right-click My Computer, and then click Properties.
  • In the System Properties dialog box, click the Advanced tab.
  • In the Performance pane, click Settings.
  • In the Performance Options dialog box, click the Advanced tab.
  • In the Virtual memory pane, click Change.
  • Change the Initial size value and the Maximum size value to a higher value, click Set, and then click OK.
  • Click OK to close the Performance Options dialog box, and then click OK to close the System Properties dialog box.
  • Download AdwCleaner and save it on your desktop.
    • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
    • Attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
    • If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer.
    Download Junkware Removal Tool and save it on your desktop.
    • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log is saved to your desktop and will automatically open.
    • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
    Download ComboFix from Link

    Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    !!! IMPORTANT !!! Save ComboFix to your Desktop

    NOTE: ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything left over. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      See HERE for help

    • Double click on Combo-Fix & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **NOTE: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    NOTE:

    1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

    3. If you get a message that states "illegal operation attempted on a registry key that has been marked for deletion" restart your computer.

    Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

    • ComboFix (C:\combofix.txt)
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

I am attaching the logs you recommended.

 

The overall system speed has increased, but the system will still not shut down using the Start button.

 

Still having slow video issues.

 

Also when I was running the Combofix scan, I received the message that the "real time scanners were active" for "AVG Antivirus Free Edition 2012, Avast Antivirus, and Lavasoft Ad-Aware"  I thought I removed all of these from my system during the last session of help.

 

Please advise. 

 

Thanks

Share this post


Link to post
Share on other sites

You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everything you used MsConfig to disable. If you are receiving error messages, related to these items, at system start; we can fix this without using MsConfig.

Avast removal tool: http://www.avast.com/uninstall-utility

AVG removal tool: http://www.avg.com/us-en/utilities

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.

    Vista\Win 7 users: Right click on SystemLook.exe, click Run As Administrator

  • Copy the content of the following codebox into the main textfield:

    :filefind
    *ad-aware*
    *adaware*
    *lavasoft*
    
    :folderfind
    *ad-aware*
    *adaware*
    *lavasoft*
    
    :regfind
    ad-aware
    adaware
    lavasoft
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Attach this log in your next reply.
NOTE: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

OK, I was able to remove Avast from my system.

 

AVG was not able to finish the removal due to my having to manually turn off my computer. 

 

Attached is the log information from Ad-Aware scan in Systemlook.

 

I have reactivated anything that was disabled in MSCONFIG.

 

System still will only shut down by pushing the Power button. 

 

Share this post


Link to post
Share on other sites

OK, reinstall Ad-aware.

Restart

Uninstall Ad-aware.

Restart

Run the search again, from my previous post.

Share this post


Link to post
Share on other sites

OK, I reinstalled Ad-aware and uninstalled it. 

 

Looks there are now more files than their was the last time.  I am attaching the system look after reinstallation. 

 

I also am including the combo-fix log.

 

 

Share this post


Link to post
Share on other sites

Try this to remove Ad-Aware: http://www.appremover.com/download

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.

Share this post


Link to post
Share on other sites

I ran appremover and it didn't find anything from Ad-aware. 

 

I am attaching the OTLFix Log and the systemlook afterwards.

 

Still only able to power off with power button.

 

Any ideas as to why?

 

Thank you.

Share this post


Link to post
Share on other sites

To clean KAVICHS alternate data streams on NTFS partitions, do the following:

  • Download Klstreamremover.zip and extract the file to root folder of partition you plan to clean ADS, i.e. C:\, D:\ and so on
  • Do the following:

    Start -> Run

    type cmd

    Click "OK"

    The Command Console will open

    Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

    Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

    c:\klstreamremover.exe -r
    exit
    The Command Console will close.
NOTE: You will need to repeat the above steps for each partition on your hard drive.

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.

Share this post


Link to post
Share on other sites

Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Register System Files
    • Remove Policies Set By Infections
    • Repair Volume Shadow Copy Service
    • Set Windows Services To Default Startup


    Note: Leave everything else unchecked [*]Put a checkmark in Restart System When Finished [*]Now click the Start button (bottom right)

This will take a while to finish.

 

Once Windows Repair by Tweaking.com has finished and your computer has restarted.

 

Run a fresh scan with OTL, attach the new OTL log to your reply.

Share this post


Link to post
Share on other sites

I ran the windows repair.  Looked like it fixed a lot of things.

 

Did not fix the shut down issue. I still have to manually turn off the computer.  It did shut down at the end of the windows repair scan, just not when I use START, SHUT DOWN. It just stays on a blue screen.

 

Here is the OTL log after the windows repair reboot.

 

 

Share this post


Link to post
Share on other sites

Windows is having difficulty shutting down 1 or more processed and/or services. That is why the shut down is hanging.

You did not unzip klstreamremover.exe to the root of drive c, in accordance with the instructions I posted. Therefore it failed to run and remove the KAVICHS ADS, when you entered the command in my instructions.

Move klstreamremover.exe from C:\klstreamremover to C:\.

Do the following:

Start -> Run

type cmd

Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

c:\klstreamremover.exe -r
exit
The Command Console will close.

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.

Share this post


Link to post
Share on other sites

OK, let's take a fresh look.

Run a fresh scan with OTL, attach the new OTL log to your reply.

Share this post


Link to post
Share on other sites

The KAVICHS ADS are still present. Otherwise your OTL log looks fine.

How are things running?

Share this post


Link to post
Share on other sites

It is still not powering off (except manually).   I keep getting a virtual memory low error, even after I adjusted the level to maximum space. (After using Firefox for 10 minutes). Not sure if does the same thing with IE but Im sure it would.

 

I ran the kavich from c:\\.

 

Should I try it in SAFE mode with MS-Dos prompt?

Share this post


Link to post
Share on other sites

OK.  I ran it in Safe Mode.  It took an EXTREMELY long amount of time to finish. 

 

There were a bunch of strings

 

Here is the OTL after this was completed.

 

 

Share this post


Link to post
Share on other sites

Also my computer is having script errors when I am trying to view webpages in Firefox.

 

I ran Combo-Fix and have attached the log.

 

Please help.   Not getting better.

 

 

Share this post


Link to post
Share on other sites

If FF is displaying a script error message, it is because the script is taking to long to execute. Any number of things can cause that, the number 1 cause is slow server response.

The KAVICHS streams are still present. Either you can reinsntall KAV 5, reboot and uninstall, or just ignore them.

Otherwise your logs look fine.

How are things running?

Share this post


Link to post
Share on other sites

Still running horrible. 

 

Still won't shut off without manual help. 

 

Video is better.

 

Real play launches everytime I start up also.  How can I remove this from startup?  What things do I need during startup? 

 

Maybe it is time to retire this old girl!

Share this post


Link to post
Share on other sites

Let's take a look at the Startup items.

Download AutoRuns and save it to your Desktop.

  • Right click on the downloaded file and choose Extract All Files.
  • Once extracted, open the program named Autoruns.
  • Click on Options and then Hide Microsoft and Windows Entries.
  • Press F5 to refresh the startup list.
  • Next go to File -> Save and choose the file type to Text File (.txt).
  • Please attach the text file to your next reply.

Share this post


Link to post
Share on other sites

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Windows Registry Editor Version 5.00

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"=-
Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Restart

Share this post


Link to post
Share on other sites

Ok, fixed the registry.  But it still autolaunches Realplayer on bootup.

 

Have some other items that are in the bottom right corner quicklaunch area that I don't know if I need.

 

Dell Quickset

Secure Delivery

some magnifying glass that says indexing complete. 

 

Video appears a little better, still getting the Virtual Memory Low error after about 5 minutes. 

 

It also looks like I have a lot of processes running that could be chewing stuff up.  What do you think?  Or should I be getting help somewhere else??? 

Thank you.

Share this post


Link to post
Share on other sites

RealPlayer should not be launching on Windows start with the removal of the registry key.

Run a fresh scan with OTL, attach the new OTL log to your reply.

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.

Share this post


Link to post
Share on other sites

I am currently running OTL and it has frozen during "KILLING PROCESSES - DO NOT INTERRUPT". 

 

What should I do.  It has been at least 15 minutes.

 

Help!  lol

 

Thanks

Share this post


Link to post
Share on other sites

OK.  That stopped realplayer from launching on startup.  Thank you.

 

Still perplexed by the fact that it still takes 10 minutes (literally) before it will shut down using Start Menu, Shut down.

 

Any thoughts on this? 

 

Thanks

Share this post


Link to post
Share on other sites

Windows is having difficulty shutting down one or more applications. There really isn't a way to trouble shoot shutdown problems.

Any other issues?

Share this post


Link to post
Share on other sites

I guess not.   

 

That has been that issue I have been looking to get fixed since the beginning of this post.  (That and the "Virtual Memory Low Error).

 

Seems like I am still at that same spot I was when I posted this thread 16 days ago. 

 

Guess I will have to look elsewhere to resolve this.

 

Thank you anyway.

Share this post


Link to post
Share on other sites

OK,

 

Virtual Memory

 

Drive C:\  9410MB Space Available

 

Initial Size (minimum) 3070MB

MAX Size 4096MB

 

These Initial & MAX sizes are adjustable

 

Also Paging File Size is set to 3070MB

 

Thank you,

Share this post


Link to post
Share on other sites

You don't have a lot of available drive space left. It may look like a lot, but it really isn't.

The virtual memory settings look fine. Your Virtual Memory settings control the size of the pagefile, and the size is consistent with your settings.

Share this post


Link to post
Share on other sites

Ok Thank you,

 

It is time to retire this computer.  I haven't had any issues with the virtual memory until my initial problem (Shut down taking long time).   Since neither of them can be fixed sufficiently it is time to move on.

 

Thank you for all of your attempts to fix this. 

 

I am sorry to have wasted your time.  Issue is still there after many days and no resolution available. 

 

Thank you,

 

No need to reply to this message.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.

Combofix /Uninstall

(Note: There is a space between the ..X and the /U that needs to be there.)

CF.jpg

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
Delete the following from your Desktop: (If they exist)

AdwCleaner.exe

CFscript.txt

FixReg.reg

JRT.exe

JRT.txt

TDSSKiller.exe

Anything else I had you use

Delete the following files: (If they exist)

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\AdwCleaner[s1]

C:\ComboFix

C:\FRST

C:\Qoobox

C:\TDSSKiller_Quarantine

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner
Run CCleaner
  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:

    4l5a4i.png

  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck 2wlsw11.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.
Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.