Computer acting stupid

Its been slower than usual, uninstalling some things....when i try to click on them it says disk is not formatted........ugh.........driving me nuts.......help guys please??? here is a hijack this log...........thank Autismmommy (Shari)

 

Hi shan,
Welcome to Major Geeks!

I can''t get enough information from your HijackThis log to tell you if this is a malware problem. Rather than going through the whole cleaning procedure, please start a thread in Software Forum and see what they have to say first. If they send you back over here, then please go through the instructions in the READ & RUN ME FIRST and attach the requested logs.

I'm removing your inline log and will attach it.
Thanks.
abri

 

ok they sent me back over here....i tried to post the logs here in this thread but it says i've already posted them in the software thread and it gave me an upload error.....i don't know what to do now....maybe this will help...here is the link my the thread.........Thanks! Autismmommy (Shari)

http://forums.majorgeeks.com/showthread.php?t=157616

 

Hi autismmommy,
Welcome back

1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Next download and run FindAWF by noahdfear.

• Please go here to download the program:
  • FindAWF.exe
• Save to your desktop.
• Double-click the FindAWF icon.
  • If a Security Alert shows, allow the program to run.
• As instructed, press any key to continue.
• Use the following option: Press 1 then Enter to scan for bak folders
• The scan may take a while, please be patient.
• When done, a text file, Find AWF report is produced.
• Please attach the Find AWF report in your next post.

3) Now go to add/remove programs and uninstall the below:

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_09
Java(TM) 6 Update 3
Java(TM) 6 Update 5

4) Reboot after uninstalling the above.

5) Install the current version of Sun Java from: Sun Java Runtime Environment

6) Now I need for you to put your computer into normal startup mode. Please go to Start / Run and type in msconfig. Click on ok. In the box that opens up, check the box that says normal system start and click on accept and ok.

7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

Ok Abri, bear with me, I've jotted down everything that I want to ask you so this might be jumbled, and confusing so just let me know if you need something explained. Ok some new problems have arisen. When i went into Spybot Search and Destroy to start out with, Tea Timer was unchecked, so i ran awf like you asked but after I did the normal startup, the icon came up in the system tray with the blue and white calendar and padlock icon and the resident protection was checked, I unchecked it and did another awf check so there will be 2 logs named 1st and 2nd. My avast icon is not coming up into the system tray anymore, I have to go into the folder and click on ashdisp.exe icon to get it to come back, and I do have hide inactive icons checked, it doesn't seem to matter whether its checked or unchecked the icon still doesn't appear in the system tray. Since these problem arose with my computer it is taking 15 minutes or so for my add/remove programs to populate, never ever has it taken that long, it used to be almost instantly. Do I need to put my computer back in selective startup mode or does it need to stay in nomal mode? It took along time for all the programs to load when I restarted after changing to normal mode. Do I allow or deny changes to registry entries when spybot search and destroy detects them? After the restart when I changed to normal mode I got a Microsoft Visual C++ Runtime Library error. It said Runtime error! Program:C:\Program Files\BigFix\big fix.exe This application has requested the Runtime library to terminate in an unsual way please contact the applications support team for more information. Also last night I went to Mcafee and did their free scan it found these 2 problems and we not fixed because I don't know how. Downloader-BEW.dll
RemAdm-ProcLaunch!171
Also, can I exit out off all things I don't want running in my system tray or should I keep them running until after we figure this thing out lol?
Ok I think that is it. I hope I did things right.....here are the logs.....Thanks again......Autismmommy

 

Hi autismmommy,

Please run the following: Norton Removal Tool (SymNRT)


After you finish that, run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and look at the following list of items. Select all those with a red number. The others, decide if they need to run at startup or not. Once you've checked the boxes of those you want to fix, make sure to exit all browser windows. After you've closed all your browser windows, then click on FIX:

O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

After you click fix, just close hijackthis.

Also uninstall Spybot S&D. We will reinstall it later.

Run CCleaner.

Reboot.

Then please run GetLogs.bat (in the MGTools folder under C) by double clicking on it and attach a new set of MGlogs.zip

abri

 

ok i did everything i misread your instructions on hijack this i removed all of the ones you listed lol, but i went back and checked and none of the ones you checked need to run at startup so everything is fine. I used the uninstall tool in spyboy s&d, do I need to delete the folder it still has a plugin folder with 3 .dll files in it and also advcheck.dll, a shortcut, teatimer.exe and spybotsd152.exe. oh and also, when i restart my computer superaantispyware free edition pops up asks to run or cancel. I click cancel, but when i try to get into the program to look to see if could stop it from running at startup it pulls up a screen asking if i want to modify, repair or remove......not sure what to do there.......Thanks.....Autismmommy

 

Hi autismmommy,

Please run GetLogs.bat (in the MGTools folder under C) by double clicking on it and attach a new set of MGlogs.zip

In the future, whenever you are installing new programs and they ask you if you want to install by default or using the custom option, always choose custom. One of the options it will give you is whether to install it in the start menu or not. Be sure that that is unchecked unless it's something like your antivirus which needs to load at startup. What happens when you try to regulate your startup menu using msconfig, is that when you uninstall programs, it leaves the startup items in there, so you have a lot of dead links and programs stuck there with no way to get out except by manually deleting them.

Normally if you uninstall Spybot S&D using add/remove programs, there will not be any folders or files left. I will look at this and get back to you. Please attach the MGlogs.zip.

Thanks.
abri

 

sorry i could have sworn i attached that to the last email guess not lol...here it is

 

ok abri i have another question. When these problems with my computer started a week or so ago, whatever the problem is (malware, etc) uninstalled a game called Snood that i have on my desktop in a folder named Games. It is downloaded into C:\Program Files\Real /Real Games. I deleted the shortcut from my desktop games folder (which took forever it locks up when I tried this) I went to the main folder and tried to delete it and its saying it can't delete it because the directory is not empty, when I try to open the folder its says The disk in drive C is not formatted . Do you want to format it now? I always click cancel because i (1) don't know why it would say that because that game was never a disk it was downloaded years and years ago and (2) I didn't know if it was a virus. I've went through my add/remove programs and Snood is not in there, I can't seem to get it deleted.....can you help with this please? I have a feeling that is where alot of my problems are at......Thanks Autismmommy (Shari)

 

i went into registry editor and typed in the search box snood and only 1 entry comes up......its this entry

My Computer\HKEY_USERS\S-1-5-21-828362178-473089183-2992051409-1003\Software\Microsoft\Search Assistant\ACMru\5603

I just wanted to let you know that I found that.....I hope that helps you and I figure out this problem..if not I tried lol.......Thanks ......Shari

 

Hi autismmommy,
I think Snood is harmless and not related to any of the other problems you're having. Do you want to uninstall it or were you suspecting it of being the cause of the problems you've been having? For now, just let it sit.

Your computer has a certain infection which requires a couple of steps to get it out. I have to see what the easiest way will be to remove it.

While you're waiting, you can rerun analyse.exe (in the MGTools folder) by double-clicking on it, click on Do a system scan only and in the window that appears when it finishes check the following item. Close your browser windows and then click on FIX.

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

abri

 

No I don't want to uninstall Snood, the whatever the problem is already did. When I click on the folder that it was downloaded into I get an error saying the disk in drive c is not formatted do you want to format it now? So I'm not sure. I fixed the problem you requested and I will wait to see what you come up with....what is the name of the infection my comp has? Just curious.......Thanks.........Shari

 

Hi shari,
The name of the infection is AWF. It has to be fixed the right way or I will end up removing valid files from your computer. Thanks for more patience.
abri

 

thanks abri.....I really appreciate it!!!!

Patiently waiting.....

Shari

 

Hi autismmommy,

It was worth waiting.

To begin with, you had an infection on your computer at one time called AWF and something or someone got it out but left a lot of remnant folders that still need to be deleted. We'll do that first.

Download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner!

Next I would like for you to run chkdsk to see if your harddrive has any flaws in it.

To do that, go to Start and left-click on My Computer. When it opens you'll see the different drives. Right-click on the C drive and select Properties. Then choose the Tools tab and you'll see three options on that page. The first one will check the harddrive for flaws and consistency. Click on check now.

When you've completed the above please attach the Avenger log and any information from chkdsk.

I wanted to ask you if you have the possibility of reinstalling Snood over the old copy? I wondered if it would allow you to do this without attempting to reformat your C drive again?

abri

 

ok i did the avenger and i'll post the log in this reply. When i ran chkdsk it went through phase 1 and 2 but at the end of phase 2 it said windows was unable to complete the disk check. also my avast icon is still not showing up in the system tray...i am still having to go to the folder and double click on the ashdisp icon. Also, even though i uninstalled spybot search and destroy the resident icon is still coming up in the system tray on reboot. I don't have a hard copy of snood, I tried to click on the folder its still telling me the disk in drive c is not formatted would you like to format it now but when i single click on it a little caption box says folder is empty but when i try to delete it, it says cannot delete snood full version directory is not empty. Hope I did everything right.........let me know whats next.........Thanks....Shari

 

Hi Shari,

The problems you're describing suggest that before we continue with too many more instructions, you should make sure you have all your data backed up - photos, documents, music, bookmarks, emails, anything which you can't replace later. You don't need to back up things like your programs which can be downloaded and replaced later. I ask you to do this as a precaution, because I don't know what will come of each consecutive effort we make from this point on. After you're sure you have everything on an external medium, then you can continue as follows.

Please go to How to Protect Yourself from Malware and find the free antivirus programs. Download and install Avast and when it asks you if it should install it over the existing one, say yes. Then have it update and see if this gets rid of the missing icon problem.

Then rightclick on the blue and white shield for Spybot S&D and if you can find the option to disable it, do so. Whether you are able to disable it or not, go to the download link for that in the READ & RUN ME FIRST instructions. After you've downloaded the installation program, have it install over the old one if it asks you. Select Custom installation and do not have it install Teatimer. After you've install it, have it do the updates and see if it works properly. If it works properly, click on Immunize in the main menu on the left side.

If neither of the above work or if you have problems when you're trying to do these two things, please tel me what happens.

To come back to the problem you are having with Snood, your description sounds like a problem with corrupted files on your harddrive. The information that Windows was not able to complete the chkdsk is pointing in this direction and possibly in the direction of a faulty harddrive. I'll look into this further and get back to you after you complete the above.

Let me know how this goes?
abri

 

well that sounds scary!!!! I hope it doesnt come to that at all!!!! I fixed the avast problem tonight, I completely uninstalled/reinstalled avast and it fixed the problem.....but tonight one of the kids I am babysitting was trying to get on AIM and she said it was acting stupid, so i check it out and when you click on the desktop shortcut for aim it was opening up a microsoft works word processor document that i have saved on my comp! Weird!!! So I totally uninstalled/reinstalled AIM and it fixed that too!!!! The spybot s&d resident no longer comes up in the system tray, but i had to completely uninstall/reinstall that too.......i did the immunization and a scan spybot s&d found contravirus and i fixed it.....so what does that mean? what exactly is the contravirus? I have not backed up my files yet, I'm hoping I won't have to, I hate doing that........but I did all the other stuff to see what happened and wanted to let ya know.......so whats the next step?

Thanks

Shari

 

Hi autismmommy,

I'm glad some of those things work. When you use msconfig to regulate your startup items, that they don't get uninstalled correctly.

As for backing up your data, you need to do this at the moment your computer is working. (i.e. it's easier to back things up now than it will be if your harddrive fails.)

I'm going to ask you to download and run two scans. Counterspy and GMER. Counterspy is the trial version of an antispyware program which may pick up some things the other programs have not gotten. GMER is a rootkit scan.

Please go to Alternate Scans where you'll find a list of Free Offline Scanning Tools. Counterspy is about the 4th one down. This is a trial version and will need to be uninstalled after you're run it. Please have it fix everything it finds. When it's finished, there should be a log you can attach with your next post.

When you finish Counterspy, I would like for you to go to Alternate Scans again and this time scroll about halfway down the page to the list of Rootkit Scans. Please use the link "Running GMER to Detect Rootkits". There are two links on the GMER line. The first one called GMER is only the download. The link next to it includes instructions for running the program. When the scan is finished, please attach that log as well.

Finally, I would like for you to run chkdsk again, only this time I'll have you run it following a reboot. After you attach the above two logs to a post here in the forum, please do the following:

Go to Start / Run and copy/paste in chkdsk C: /x (there is a space afer the C: ). When you run this it will give you an error message and give you a prompt about scanning on the next restart. Say yes

Thanks.
abri

 

can i run these scans even if I havent backed my computer up? I have a file on my computer for my moms boyfriend that is 1.6 gigs.....it wont fit on a data cd and i tried to transfer to the file to a imagemate sd/mmc device with a 2gb memory card but it won't go..its a .rar file. He is supposed to come over and use winrar and split it into smaller files so I can burn it on to data cds, but he has a weird work schedule. I can back everything else except that file. I would like to use backing up my files as a last resort....so let me know if i can run those programs without the backups done.......thanks so much and sorry for the delay in my replies. A friend of mine had a family emergency and had to go out of town so I have her 2 kids (both have autism) and with the name autismmommy I'm sure you figured out i have a autistic child of my own lol........so its been kinda crazy here....... 3 autistic kids come join the madness!!!!!

Thanks again

Shari

 

Hi autismmommy,

Skip the Counterspy to start with and just do the GMER and the other way I showed you for running chkdsk.

Thanks.
abri

 

i ran chkdsk after restart and it did its thing.......i backed up alot of my files except that 1 file i told you about and my bookmarks/favorites. here is the gmer log.........Thanks........Shari

 

Hi autismommy,

I would like for you to look at the report of the chkdsk. To get to it, open Control Panel, double click on "Adminstrative Tools", double click on the "Event Viewer" icon, then click on "Application". In the "Source" column, double click on the "Winlogon" item. The log should be in there. If you can copy/paste that into your post, please do, otherwise just read it and tell me if it found things and if it fixed them.

I don't find anything relating to rootkits in your GMER log.

I would still like for you to download and run Counterspy. Since everything else is completed, I can't see any reason not to continue with that. You can back up that one file when you have the opportunity to do so. Your computer is working even though it's got some strange quirks at the moment.

After running the chkdsk, are you still getting the same format message when you click on the Snood folder?

abri

 

ok...ran counterspy and got the log to chkdsk....it took me a while to figure out how to get the logs from both but I got em lol....and also....i CAN open snood folder, i put a shortcut back into my games folder it seems to work fine...i found out last night that my blubster folder was doing the same thing that snood was but its fixed too......i can at least get into the blubster folder haven't tried running the program yet.......oh and my add/remove programs comes right up now woohooo!! should i go ahead and uninstall counterspy now? if so i think i need to use the add/remove programs cause i don't see an uninstall program for it in its folder...... well let me know the next step.....Thanks soo much!!! Shari

 

Well, that makes me happy!

I must now extract three promises from you:

One that you will read the How to Protect Yourself from Malware thread below.
Two that you will use add/remove programs to uninstall programs.
Three that you will never again use msconfig to manage your startup items (more below)
Four (okay I lied), that you will use CCleaner regularly
and Five, that you will back your data up from time to time.

Yes! You can uninstall Counterspy. Please note that one of the things found by counterspy was a remote backdoor trojan, which meant your computer could be used by someone remotely. It's quarantined. Please be sure when you uninstall Counterspy, that if there's an option to delete everything in quarantine, that you do this.

Also, please go to C:\Program Files and see if there is a folder in there called C:\PROGRAM FILES\MYWEBSEARCHWB If so, delete it.

After you complete the above, I would like for you to run CCleaner.

Then run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

After I've had a chance to make sure your logs are not showing any further signs of malware, I'll post you the final cleanup instructions where you will be asked to remove all the tools and logs that were put on your computer by us and to set a new restore point. The link for how to protect your computer from malware will be with those instructions. But before I give you those to you, I want to give you some information on managing your startup items:

Remember to attach the MGlogs.zip!
Thanks!
abri

 

Makes me really happy!!! I read through the how to protect yourself from malware and i have my windows set to update automatically, i use avast antivirus, my windows firewall is turned on, i will definitely be using ccleaner regularly (I have been using Regcleaner 4.1 for years) do you think ccleaner is better? If so I'll delete regcleaner, i have a hard copy of it so I can always go back to it if i want to, i use the CA Yahoo Anti-spy regularly I check for updates everytime. If you think I need a different realtime antispyware tool, I'll try to get one, my money is limited so a free one would be good lol, (I looked at the list of free ones and am unsure as which one to choose) I use spybot search and destroy regularly, I will download spyware blaster, i checked my active x security settings, i only had to change one, but the last one Allow paste operations via script to Disable is not on my list, i created a password for my user account. I do use limewire alot, but I do not download codecs, cheats, serial numbers or anything like that just mp3s. Ok so I think I've fulfilled my 3 or 5 of whatever promises lol. I'm not a computer genius, but I think I know enough to get me around and "try" to be a minor geek. I will use add/remove programs to uninstall all programs from now on, and i'll use hijack this or the programs options or settings to disable at startup. Ok as for counterspy i used the add/remove programs uninstall tool and told it to delete everything but the sunbelt software folder is still in program files do i need to manually delete this? there was NOT a folder named MYWEBSEARCHWB, I ran ccleaner and it found 10.5 mbs to delete, when i run ccleaner do i need to click on the registry icon and have it run and fix those also, or just the cleanup? Speaking of cleanup, i use Cleanup!4.0 about once a week but its scares me how much stuff it finds, should i just stick to ccleaner as my temp files cleaner??? And I attached the mglog.zip. I think that is all for now...if I think of more I'll wait to ask you later.......Thanks again sooo much.....Shari

 

Hi autismmommy,

Just for information and possible interest, if you open the log you attached in this thread called winlogon.txt (click on it, then mark open and click on ok), then you'll be able to see the orphans from your programs that weren't working. They're all back together with their programs now.

1) Please go to add/remove programs and uninstall

Viewpoint Media Player
Java(TM) 6 Update 5

2) You're still running your computer in diagnostic or selective startup mode! If you don't want the following programs loading at startup, you need to remove them from the startup list in a different way than by using msconfig.

iTunesHelper - iTunesHelper.exe
PhilipsDM - DeviceManager.exe
PhilipsLime - LimeAlive.exe

To remove these correctly, please reset your computer to normal startup mode. Go to Start / Run type in msconfig and click on ok. In the box that opens up, make sure normal system start is checked, click on accept and okay. This may cause your computer to reboot. If not, please go ahead and reboot it yourself.

Then go to the C:\MGTools folder and find the program called analyse.exe. Double-click on this and in the window that opens, click Do a system scan. Allow it to run until it produces a window with the log for HijackThis. Go down this list until you come to the 04 items. Find the 04 lines which refer to the above three programs that you don't want to have run at startup. Put a checkmark in the box next to each of these, then close all your browser windows and click on FIX.

When you uninstall all the tools we had you use, I will have you keep the backup for these entries so you can use HijackThis to restore them at a future time.

3) YES, you need to manually uninstall the remaining 2 Sunbelt folders. Look for them here:

C:\Documents and Settings\Owner.SHARI\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

4) Install the current version of Sun Java from: Sun Java Runtime Environment


5) And now to your questions. I recommend CCleaner for removing your temporary internet files, cookies, logs, and all of those things checked on the Windows tab. I don't recommend using any tools to make changes to your registry or to clean it unless it's necessary. If you use Erunt. to create a backup of your registry, then you have a place to go back to if you want to run one of the registry cleaners and end up removing something that needed to be there. Also, after I have you reset your system restore (soon... soon) you will have a clean restore point to return to. My general motto with computers and particularly with the registry is, if it aint broke don't fix it. Of the programs you mentioned, I find CCleaner is the safeest and you don't need more than that.

You can get adequate protection software for free. CA is a good company and with that, Spybot and Spyware Blaster, your antivirus and a two-way firewall you have good protection.

After you've done all of the above, I would like for you to go through the final cleanup instructions. Normally I would have you remove HijackThis, but since you have removed items from your startup menu, I'm going to have you move HijackThis and move one of the back up folders so you can keep them.

Please create a folder under C:\Program Files called HijackThis. After you create the folder, open the C:\MGTools folder and move analyse.exe from the MGTools folder to the HijackThis folder you just created. Then go back to the MGTools folder and look for the folder called backups. Open that and select the most recent backup file and move it into the same folder with analyse.exe. When you've finished that, then please do the final cleanup instructions:

abri

 

Yes i see where they were all recovered cool!!! :cool i uninstalled the 2 things you asked. i deleted the 3 things out of hjt so they won't come up during startup, and changed it to normal startup. i already have hjt downloaded onto my computer do i still need to make a new folder and move analyse to it along with the backup or can i just use hjt and do a new backup through there? i deleted the C:\Program Files\Sunbelt Software folder but this one wasn't there C:\Documents and Settings\Owner.SHARI\Application Data\Sunbelt Software i installed the current version of sun java so that is done. I am only going to use ccleaner from now on, but as far as regcleaner goes it creates a backup so that would be ok to use if need be huh? I uninstalled cleanup4.0 by using the add/remove programs but if i decide to uninstall regcleaner 4.1, its not in my add/remove programs so would i just use regcleaners' uninstall program? Ok, another question about add/remove programs, about a year ago my son was playing a game called Sesame Street Letters and we heard a loud boom, it took me like 20 minutes to figure out what made the noise, the cd exploded in the drive (i'll attach the pics they are awesome!) but my question is i want to uninstall the game, but when i click to remove it, it says please insert the disk, well i can't do that, its in a million pieces, so how would i go about uninstalling it? ok that is it for now i'll reread through your post and make sure i've done everything, i know i haven't, but like i told you before its been crazy, I'll do some more tonight and post any questions i have.......Thanks again Abri!!!

Shari

 

Hi autismmommy,

I'm just not sure what to think. You came here with the name autismmommy. In cleaning your computer, we found 55 orphans. Then I read that you heard a big boom while your child was playing Sesame Street and found that the cd blew up. I'm sorry, but I simply had to laugh when I read this. LOL You're right, the pictures are awesome! I'm glad no one was hurt. And Chaslang would like to know if your cd drive still functioned after that?

I think if it were me who wanted to uninstall this game, I would write to the company and explain to them that their cd blew up and that I had decided to uninstall the game and didn't know how to do this without the cd. And I would send them the pictures. However, there might be an easier and less time-consuming way to do this. Can you find this file?

C:\\CWONDERS\\LETTERS\\CWRUN.EXE

abri

 

LOL!!!!!!!! sorry i know i'm a little bit overwhelming sometimes hehehe....and tell chaslang no i had to buy a new drive! The crazy thing is that i researched it and i found that it COULD happen but usually in faster drives, mine was a 52x (super slow compared to the new ones). Yes I found the cwrun application.....do i just delete it? I'll wait on your answer, along with the answers to my other questions and I'll try not to do anything else that will blow my drive up lol.

Shari

 

No! Don't delete it. lol ... That's the uninstall program for the Sesame Street program! Try double-clicking on it and see if it will allow you to uninstall the program.

Let me know how this goes?

For HJT, you just need to get the most recent backup file out of MGTools/backups before you delete the whole MGTools folder. Otherwise it will get deleted. If you already have hijackthis somewhere on your computer, just put it in that folder.

Do a search of your C:\ drive for Sunbelt Software and if you find any folders delete them. They should not be confused with Sun which is different.

abri

 

i double clicked on it and tried open command it nothing happens. I moved the most recent backup from mgtools to hjt and deleted the mgtools folder. the search for sunbelt came up nothing so i guess its gone....do i need to start removing all the programs that you had to download??

Thanks......Shari

 

Hi autismmommy,

You ask you to remove some of the programs in the final cleanup instructions, like Combofix, Avanger and the registry patch. Removing the others is optional. I recommend keeping CCleaner (run at the default setting everyday) & Spybot S&D (be sure to click on the immunize button if you haven't and it can be run around once a month). It needs to be updated once in awhile. You can choose to keep SuperAntiSpyware and MalwareBytes. Counterspy you already removed. That was the biggest one. And you should still install Spyware Blaster if you haven't and make sure it's updated. With the above and your resident antivirus and a two-way firewall you should have good protection. The rest depends to some degree on your browsing habits.

As for uninstalling the Sesame Street Game, see if it's in HijackThis's or CCleaner's Uninstalls list and try that. Also, if I didn't already mention this, you might wish to try getting an email address for them (see if their website is on the cd cover) and tell them what happened and see if they can advise you how to uninstall it.

I think that's it.
abri

 

the ones i still have on my comp that you had me download are find awf, iobit, malwarebytes anti malware, norton removal tool, gmer, ccleaner, and superantispyware. I am keeping ccleaner, superantispyware, and iobit. I like it better than the windows defragger, which do you think is better? I am going to download spywareblaster after i post this. I think i am also gonna keep my regcleaner since it has a backup feature.

I was re-reading through all the posts last night and i saw that
at one time you had me run avenger and one of the folders to delete was
C:\Program Files\Java well i looked and the java folder is still there or its back? It has jre1.6.0_05 and jre1.6.0_06folders in it along with jre-6u6-windows-i586-p. in my add/remove programs list java(TM)6 Update 6 is there. Is this ok?


Also in my add/remove programs there is something in there i'm not sure what it is its yahoo its got the red Y then it has what looks like to me chinese writing i can make out i researched alt keys and it looks something like this yahoo Y¤u"ã¦C

what is avanquest update?

I ran spybot search and destroy last night and it found virus blast it was (SBI $58AE462E) Data C:\Program Files\\config.ini I had it fix the problem and i used the immunization.

in ccleaner on the left hand side the registry icon (blue box that looks like a rubix cube with squares coming off) do i need to use that when i do ccleaner?

Also, this is a random question i was told you could type in %temp% in your address bar and it opens up a folder and its safe to delete everything
in that folder is this correct?

Thanks Abri!!!!!!

Shari

 

also, i tried to use ccleaners uninstalls list and it says the same thing my add/remove programs says about the sesame street game....I guess I'll contact the company and see what they say.....Thanks.....Shari

 

Hi austismmommy,

Yes, you can remove the Norton Removal Tool, AWF and GMER. You need to run CCleaner everytime you get off the internet.

Since Spybot picked up that one program, please download and run RogueRemover

I don't know with some of the things on your computer, like the Yahoo corruption, if that might be due to your initial AWF infection having been removed incorrectly. Something left you with several damaged programs. Also, your drive got damaged somehow and that may have been what corrupted things. With the Yahoo, I would simply uninstall it and install whatever the newest version is. All those bak folders we had you remove, like with QuickTime, it seems like those were the programs that were showing problems when you first came in here, also your Avast and Spybot When you reinstalled them, they were okay. I think they got damaged and that's what I think you're seeing with the Yahoo. By the way, I'm impressed at how you printed that out! lol
CCleaner's registry box on the left side. Don't be so trigger happy!
I think if you read the How to protect yourself from malware thread, you'll see this mentioned with some praise and support. I believe running the check does not automatically mean it will fix everything, so you can see what it finds. My own recommendation is for caution when you're working with a system this is working well.

I expect the Java folder is there because you installed Java 6 Update 6 which is the current one. The one I had you delete was full of old installations which you had already removed via add/remove programs. It had been affected by the original AWF infection and was simply left over. This is an installation program and you don't need it anymore:
jre-6u6-windows-i586-p. The other two are update schedulers, which I try to have you remove using HijackThis. The one ending in 05 you can delete.

If you run C:\MGTools\analyse.exe by double clicking on it and then click on Do a system scan ... See if you find an 04 entry for

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"

If you find it, put a checkmark next to it and after closing all your browser windows, have HijackThis fix it. It doesn't need to run at startup.

avanquest update - don't know - there are some references to it in google, but I'm not sure what you have that might have to do with avanquest
Right click on it and see if you can get any information on it in properties, like when it was installed?

%temp% is this pathway: C:\Dokumente und Einstellungen\Lan\Lokale Einstellungen\Temp
Either way you can see what's in it and if you need it anymore.
I think this is also emptied by CCleaner, but I haven't checked it.

I can't imagine having 3 autistic children in the house at once. I expect you could write some good stories. I would enjoy sharing some of my experiences with you about having a parent with Alzheimers.

Let me know if the Rogue Removal Tool finds anything.
Thanks.
abri

 

you said i need to run ccleaner everytime i get off the net, I don't get off the net i have dsl.......find awf, gmer, norton tool are off my comp. I ran the rogue remover (dang its a fast scan it took about 10 seconds) it found nothing. Should I leave it on my computer? Wow I impressed a Major Geek woohooooooooo!!! I clicked remove on that yahoo thing and it said do you want to remove yahoo toolbar and all of its contents? I did a quick search on the net and couldn't find where that file was named anything but yahoo toolbar so I uninstalled it, reinstalled yahoo toolbar and its now correct in the add/remove programs.....i ran the ccleaners registry cleaner and i am posting a log of what it found......i ran hjt and removed O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"

I deleted jre-6u6-windows-i586-p and the one ending in 05. When i right click on avanquest update it says its LiveUpdateLauncher.exe version 1.0.0.1the company is BVRP and the language is French. I researched it and found that it is a motorola phone tools software package that I bought on ebay for my Razr V3 cellphone. So its fine, sorry i should have researched it before i asked.

2 of the autistic kids went home today, their mom got back into town around 1 this afternoon. It was difficult but we had a good time. I would love to hear your stories about your parent with Alzheimer's. Oh and the stories I could tell lol.....I would like to share a pic of my tattoo I got of the autism awareness ribbon for my son Levi (and a pic of him too) I hope its ok, if not just delete them........Thanks again Abri...and please feel free to tell me your stories, I'd love to hear them...sometimes i think that is all a person that lives in tough times needs, someone to talk to and just LISTEN!!!

 

Hi autismmommy,

Badly worded. I meant you should run CCleaner whenever you quit browsing. Be sure your internet settings are set to delete cookies after each session and that the settings are for the shortest time for your history and temporary internet files. Because Spybot still found something when you ran it, there may be a temp file hanging around somewhere and the easiest way to thwart their efforts is to keep running CCleaner at the default setting with the windows tab as the active one.

Thanks for sharing the great pictures. I will leave the tattoo one but remove the other one shortly. If you wish any non-malware contact, turn on your pm's in the user profile and send me a pm.

abri

 

ok i will run ccleaner every night before i go to bed...ok maybe i'm having a brain fart or something but I have searched my comp and can't find where set my interent settings to delete cookies after each session. I went to internet options, general tab, browsing history settings, check for newer versions of stored pages is set to automatically, and days to keep pages in history is set to zero....but i can't find where to change settings of the temporary internet files or the cookies.....sorry my brain isn't working lol....after i've done all this stuff to my comp i cant figure out how to do something easy like this hehehehe....maybe i need to go back to bed and wake up and try it again lol......did you look through the registry file i sent? it found some strange stuff lol......let me know if i should fix the issues, i've used my regcleaner that i have on my comp and it didn't find those......thanks.......Shari

 

In Firefox if you go to Tools and Options, you'll find these settings can be reached on the Privacy tab. In Internet Explorer the settings button is on the General tab under Temporary Internet Files.

On registry issues I would only caution you, that if you feel inclined to fix things, to fix them slowly and methodically and with a backup. As I said before, I generally don't do much with the registry if the computer is working.

Hope that answers all your questions.
Best of luck with your computer!
abri

 

I use IE 7, if i go to tools, internet options, general tab, all i see is where you can change/set your home page, the next one says browsing history (delete temporary internet files, history, cookies, saved passwords, and web form information) if you click on delete it brings up another page where you can
delete each of those individually) if you click on settings it says where you can change to checked for new versions of stored pages, how much disk space to use, current location, move folder, view objects, or view files and how many days history will savethe list of websites you vistited it is set to 0. I don't see where there is a place to automatically have my computer delete
any of these after each session. Also, I clicked on the delete button on browsing history and you have the option to delete alli did but when i click on the view objects button there are 22 things in there 1 of them says its damaged. Maybe i misunderstoodam i looking for a setting where it will automatically delete these files?

Shari

 

Hi autismmommy,
No. You can use CCleaner whenever you leave your browser to delete these things. The setting you have for internet history is fine. Now that I look more closely, I only see the option with settings cookies in Firefox. I don't use Internet Explorer very often.
abri

 

oh ok....i thought i was going crazy lol.....tonight i will create a clean restore point...and i guess we'll be done right?

shari

 

You're not going crazy!
Yes to the restore point and keep your data backed up.
All the best to you and your computer!

 

did the clean restore point and all is cool...i will back up files up from time to time...and thank you soooo much for helping me...I really appreciate it!!

Shari

 

You're welcome!