internet in safe mode only

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by adic27, May 13, 2015.

  1. adic27

    adic27 Private E-2

    i don't know what stared this but i can now only get to websites in safe mode.

    only page that really works in normal mode is Google. a few other site partially load or only the home page loads fully

    at first one day i couldn't open certain applications like fl studio or traktor so i decided to uninstall comodo which i recently switched over to from pc tools. or maybe it was also avast... cant remember

    the apps now open but only internet in safe mode now.

    i did scans with spybot, malwarebytes, ccleaner, super anti spyware and avast

    tried system restore but could only go back so far

    also tried the proxy thing but not sure if i use a proxy server or what it really is

    should i follow the procedures in this link

    http://forums.majorgeeks.com/showthread.php?t=35407

    or is there a simple fix for this. i think uninstalling comodo or avast is the reason for this.

    thanks
     
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

  3. adic27

    adic27 Private E-2

    thanks for the reply..

    if i already have malwarebytes installed is that ok?
     
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Yes, glad you already have it in your tools.
     
  5. adic27

    adic27 Private E-2

    the RogueKiller log was not saved to my desktop... should i look somewhere else?
     
  6. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    RogueKiller's logs are in the below location on Vista/Win 7/Win8.x

    C:\ProgramData\RogueKiller\Logs
     
  7. adic27

    adic27 Private E-2

    in malwarebytes do i attach the protection log or the scan log or both? there is no export log button on mines but there is when i double click the either the protection log or the scan log. should i attach both?
     
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just the scan log. ;)
     
  9. adic27

    adic27 Private E-2

    so with hitman pro if some of the results are already set to be deleted by default.. should i leave it or change everything to ignore?
     
  10. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Please read and follow our guide's instructions more carefully.
     
  11. adic27

    adic27 Private E-2

    just didnt know whether you meant within the program or not.

    so should i change them to ignore or ignore the results completely?

    sorry for being confused but it says "If you do not take this warning seriously, you may be refused help!" thats why im asking, to be sure

    thanks
     
  12. adic27

    adic27 Private E-2

    never mind im retarded lol :-o
     
  13. adic27

    adic27 Private E-2

    logs
     

    Attached Files:

    Last edited: May 14, 2015
  14. adic27

    adic27 Private E-2

    hope i attached all the right files the right way
     

    Attached Files:

  15. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You need to attach the last requested log - RKreport_SCN log.
     
  16. adic27

    adic27 Private E-2

    for some reason its not there but i remember doing the scan as its the first one i did.


    doe sit delete after reboot or something?
    should i rerun the scan?

    also there was 2 mglog zips.. one on the desktop and on in the root folder. should i attach both? they both have the same date and time
     
    Last edited: May 14, 2015
  17. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Your RogueKiller log directory is:

    C:\ProgramData\RogueKiller\Logs

    NOTE: Per the R&R ME FIRST - each tool is to be run only once unless otherwise instructed.
     
  18. adic27

    adic27 Private E-2

    rogue
     

    Attached Files:

  19. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Cracked software found - refer to our forum policy:
    Warning about Porn, Keygens, Cracks, and other Illegal Software

    You have both Comodo and AVAST firewalls running - that definitely would cause problems.

    Please download and run AppRemover 3.1.24.1 ..Let me know if Comodo Internet Security is listed and can be removed.

    *Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Adic\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

    Re-run Hitman Pro and have it fix these:
    Suspicious Files
    • C:\Users\Adic\Desktop\New folder (11)\Crack\Alternative\adobe.snr.patch-painter.exe
    • C:\Users\Adic\Downloads\EASEUS Partition Master 9.3 Professional+Technican Edition+Key\crack\cracked_Technician Edition\LicenseMgr.dll
    Next remove all the Potential Unwanted Programs. Reboot immediately after.

    Now re-run a new scan with RogueKiller.exe.
    Click the Registry tab and locate these detections, then click the Delete button.:
    • [Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    • [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    • [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} -> Found
    • [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} -> Found
    • [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Found
    • [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
    • [Orphan] (X64) HKEY_USERS\S-1-5-21-2225320090-3866159512-1080612366-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Found
    • [Orphan] (X86) HKEY_USERS\S-1-5-21-2225320090-3866159512-1080612366-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Found
    Then immediately reboot your PC.

    After reboot, run a new scan with both Hitman Pro & RogueKiller and save a log as in the original instructions and attach the new logs.

    Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

    Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
    Java 7 Update 25

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    • O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
    • O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
    • O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (file missing)
    • O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    • O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    After clicking Fix, exit HJT.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :services
    CmdAgent
    gupdate
    gupdatem
    
    :files
    C:\ProgramData\Comodo
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\COMODO
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    C:\ProgramData\{662EAAEC-9E9A-4C69-A658-884E51E909BB}
    C:\ProgramData\{88B8AF8F-5980-4AEA-8609-D1E2AD7B4515}
    C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}
    C:\ProgramData\{918DB9BF-E1E3-42BB-83A3-9E631E2D8A4A}
    C:\ProgramData\{B7A1E54D-F7F7-4EA6-B108-D94B87C085DF}
    C:\ProgramData\{B9128DCD-EAF1-4915-8EE4-29A858B9802C}
    
    :commands
    [purity]
    [EmptyTemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Make sure to shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Next download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Attach that logfile to your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which are created when running the tool.

    Now install the current version of Sun Java from:
    Make sure that when you install the new version of Java that you uncheck the Install the Ask Toolbar junkware checkbox. You do not want to add the stuff junk that most people consider malware to your PC. Also just in case Oracle changes the Java installation in the future to possible install other junk, uncheck all but just installing Java.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXT log
    • C:\MGlogs.zip
    • AdwCleaner[S#].txt
    • updated Hitman Pro & RogueKiller logs
    Make sure you tell me how things are working now!
     
    Last edited: May 16, 2015
  20. adic27

    adic27 Private E-2

    is it ok to have been thus far doing this in safe mode?
     
  21. adic27

    adic27 Private E-2

    i think i messed up. i went to clean my desktop before i read you whole reply so those 2 things that i was supposed to fix with hitman pro are not there anymore. should i carry on or....?
     
  22. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Continue on - performing the remaining steps in Normal Startup Mode.
     
  23. adic27

    adic27 Private E-2

    Out of the 8 you told me to delete with rouge killer the last one didnt delete. Under status it says error[2] Should I continue?
     
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes.
     
  25. adic27

    adic27 Private E-2

    logs
     

    Attached Files:

  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You still haven't removed your cracked software.
     
  27. adic27

    adic27 Private E-2

    sorry about that. took care of it
     

    Attached Files:

  28. adic27

    adic27 Private E-2

    firefox is going slow like in a stop motion effect kinda way.
    I had a all cpu meter gadget and it started beeping (never did this before... never knew it beeped until now) I guess indicating my cpu was over heating? they all read 101 degrees. I closed the gadget to stop the beeping

    still can only get internet in safe mode.
     
  29. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You were given these instructions in the READ ME FIRST:
    I stopped counting at 87 new additions to your "Uninstall Programs List"...

    How did you remove the Comodo Firewall as it no more appears?(You never replied to my question)

    What you know what these tasks are?

    C:\Windows\system32\tasks\{288F4ACB-7E1B-4337-B856-99F3BAB51BC4}
    C:\Windows\system32\tasks\{34CB62D7-AF56-4A63-B9D5-C6A9B51385AA}
    C:\Windows\system32\tasks\{38B08505-DF79-4522-819D-0F61CC4ABC83}
    C:\Windows\system32\tasks\{61A18060-E9BB-4990-807F-1270E37516AA}
    C:\Windows\system32\tasks\{A5CD97DF-354F-4188-8C62-F3086C004199}
    C:\Windows\system32\tasks\{A92556ED-7799-427D-B26A-B100D281762C}
     
  30. adic27

    adic27 Private E-2

    I uninstalled comodo before I started this thread. I used revo uninstaller

    I didn't install anything or run any scans other than the ones that I was instructed to run. I have no clue about the tasks.. sorry

    what should I do now?
     
  31. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    • While going through your original logs, Comodo Firewall still had a service running-
    • If you compare the newfiles.txt logs found in each MGLogs.zip you attached, you will see the new software that was installed.
    Please delete these manually then re-boot:
    C:\Windows\system32\tasks\{288F4ACB-7E1B-4337-B856-99F3BAB51BC4}
    C:\Windows\system32\tasks\{34CB62D7-AF56-4A63-B9D5-C6A9B51385AA}
    C:\Windows\system32\tasks\{38B08505-DF79-4522-819D-0F61CC4ABC83}
    C:\Windows\system32\tasks\{61A18060-E9BB-4990-807F-1270E37516AA}
    C:\Windows\system32\tasks\{A5CD97DF-354F-4188-8C62-F3086C004199}
    C:\Windows\system32\tasks\{A92556ED-7799-427D-B26A-B100D281762C}

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7/8, use right-click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
    How is your machine performing now?
     
  32. adic27

    adic27 Private E-2

    should I do this in normal mode or is it ok to be in safe mode?
     
  33. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Try using normal startup mode first.
     
  34. adic27

    adic27 Private E-2

    Also there were other tasks.. like 2 other ones, maybe new ones. Just deleted the ones u said to. Should I have deleted the others?
     
  35. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    I think that you should clear them all out.
     
  36. adic27

    adic27 Private E-2

    There's one left. Shud I delete it while the repair program is running?
     
  37. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You should NOT be doing anything else while the Windows_Repair is running!
     
  38. adic27

    adic27 Private E-2

    computer still running the same. can only connect to internet in safe mode. in safe mode now. only page that loads in normal mode is google. a few other pages load but not all the way. avast cant update dropbox wont connect etc.

    thanks for helping me so far. anything else I can do?
     
  39. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome.

    You could ask for help in the Software forum because I don't see malware.

    It is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, Win 7/8 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work through the below link:
    Safe surfing! [​IMG]
     
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Agreed there is no malware causing the problem but I do see in the logs that nwktst.txt shows a connection in safe mode but in normal boot mode it shows media disconnected.

    I would suggest trying the below:
    • Uninstall ALL protection software ( Avast, Spybot, etc )
    • Remove the hosts file changes made by Spybot
    • Then reboot the PC and see if there is any change.
     
  41. adic27

    adic27 Private E-2

    i dont think its malware either. maybe services conflicting or something. i think either comodo or avast did this

    anyway, how do i "Remove the hosts file changes made by Spybot"? in spybot right?
     
  42. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Go ahead and un-install SpyBot using your Revo Uninstaller Pro 3.0.8, then go to

    https://support.microsoft.com/en-us/kb/972034

    Below the "Windows 7 and earlier versions of Windows" -
    Expand the section labeled Reset the Hosts file manually for further instructions.
     
    Last edited: May 21, 2015
  43. adic27

    adic27 Private E-2

    came down to simply uninstalling some comodo crap that was left behind for some reason, even after using revo.

    found some suggestions on google from people that fixed this problem trying to help other people with the same problem. the suggestions didn't work for me but led me to a easy solution

    went to control panel
    network and internet
    view network status and tasks (under network and sharing center)
    change adapter settings (left panel)
    right click local area connection and go to properties

    and there was something that said "comodo firewall security" or something. I right clicked that and uninstalled it and now my internet works

    im done with comodo! years ago it was blocking one of my music programs and no one can figure out why. turned out to be comodo... and now this no more comodo

    thanks to everyone that tried to help
     
  44. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is the reason why I had suggested uninstalling all protection software. Frequently it has been a cause of problems like this. It is not just a Comodo issue. We have seeen any of the security programs cause these issues.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds