Hy Geeks

Welcome to Major Geeks!

Other than a couple minor items that were already removed, your logs are clean. Thus it does not appear that your problems are due to malware and you should investigate them in the Software Forum if you wish.

I do however recommend that you uninstall Ask Toolbar


Since you are not having malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Yes you do. You can see in the newfiles.txt log in MGlogs.zip that Ask Toolbar appears in your installed programs list towards the end of the log.

And the below folders exist too:
C:\Documents and Settings\NEC\Local Settings\Application Data\AskToolbar
C:\Program Files\Ask.com

Also the below is seen in your HijackThis log:
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

Quarantine from ComboFix. MGclean.bat will normally remove it if found unless you have permissions problems on your folders. Goto the lowest level files and folders inside of QooBox and delete from the bottom up. This will sometimes work when you have permissions issues. Also safe boot mode is an option.

Yes you did. It is run as part of MGtools which is why the instructions stated to uninstall it now.

 

Run this Resetting Registry and File Permissions and after reboot see if you can remove it.

If HijackThis no longer appears in Add/Remove Programs, it was likely already removed.

 

Right click on the c:\QooBox\BackEnv folder and select Properties

• Then select the Security tab
• Now find your user account name in the Group or user names: list
• The in the Permissions list at the bottom make sure that the Full Control checkbox is checked so that the all permissions for your account are enable ( that is all the check boxes below Full Control should then be checked ).
• Then click Apply and OK to close the Window.

Repeat the above on the QooBox folder.

Now see if you can first delete the BackEnv folder and if it deletes then delete the QooBox folder.

 

What changed? You did not do anything with the last fix because you had no Security tab. Thus you have not changed anything from my part. And in addition, even if you had found the Security tab, just changing permissions on these two folders would have no impact on the ability to boot your PC properly. What else was being done on the PC? Any programs installed, updated, modified, download.....etc.

Also I don't understand what you are saying, if you cannot boot your PC up to Windows properly then how did you run System Restore.

DrWatson is part of Windows. It is a debugging tool that runs automatically during Windows crashes. See >> http://support.microsoft.com/kb/308538

 

So then are you saying that everything back to normal now?

 

Right click Start and select Explore. This will open up Windows Explorer.

• Now on the top menu, click on Tools and select Folder Options
• On the Folder Options form, select the View tab
• Scroll towards the bottom of the Advance settings area
• Look for the Use simple file sharing (Recommended) option and tell me if the check box is checked or unchecked.

 

Okay then uncheck it and apply the settings. Then see if the Security tab I asked about earlier will show up.

This is a Windows problem with permissions. It is a frequently complained about issue on the internet and I have never seen any real cure other than reinstall. Some people run into this problem, and some do not. Yes it is possibly that malware could be a triggering point ( but you did not really have any malware ), but the problem still results from Windows being problematic. If you get the Security tab to come back, you may be able to set permissions properly to allow you to remove the folders without rebooting.

The above problem, along witht he problem of freezing and also with Dr.Watson running are all signs of problems with Windows that may require a repair install or a full reinstall to fix.

 

We cannot and will not help you to do anything considered illegal. You can download and install Win XP SP3 direct from Microsoft Windows Update if you have a legitimate Windows XP license. Making a slipstreamed CD still requires having an original Windows XP CD. Any help you require in doing this ( legitimately only ) can be found in the Software Forum.

 

You're welcome.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!