Using "Vista Cleaning Procedure" - RootRepeal Freezing

Hey there! :cool First off thanks for making a site like this and keeping it up to date and having consistent and constant responses to all of the world's computer problems!

OK, so I'm currently going through the "Vista Cleaning Procedure" at the end of the "Malware Removal Guide" that I've already gone through. I've done everything to the T according to your instructions and I'm stuck on the RootRepeal program.

The problem is as follows: I'm able to install and then run RootRepeal and it will run for a good 30 min. and then it gets to this point:

http://i47.tinypic.com/5umtza.jpg

I'm including 2 other pics to show the program is indeed frozen due to "error" see-through box I'm receiving. I've waiting for over a few hours before posting. :zzz I believe I'm suppose to be able to see this "error" box however the program is not displaying it correctly as you can see above. Here are two more pics to show processing is at idle and program is still running and responding:

http://i48.tinypic.com/148k9b6.jpg

http://i46.tinypic.com/2lk31ut.jpg

I've been able to run SUPERanti Spyware, Malwarebytes, and Combofix just fine. I've attached there logs to this thread. I have not continued past the RootRepeal procedure as of yet so I have not run MGtools.

What should I do from here? :confused Thanks a ton in advance!

 

Using "Vista Cleaning Procedure" - RootRepeal Freezing - Adding MGTools Logs

Hey there :wave, I've gone ahead and ran MGTools and attached them here for an addition to my other post. The other post is named the same minus " - Adding MGTools Logs".

Hope this helps to figure out why RootRepeal is freezing on the winsxs folder. I'm also going to try and slim down that folder with the Service Pack Clean-up tool (Compcln.exe). I'm hoping this will be OK. :cool

 

Hello sweetdawg8.

Please try this. (if it won't run then just go ahead with the MGtools scan and attach the log)

Download Rooter.exe to your desktop.

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at C:\Rooter.txt



Now run MGtools and attach the MGlogs.zip along with the Rooter.txt log (if it ran).

 

Here is my attached Rooter log with the program you told me to download. My GMlogs.zip has already been attached below.

<b>As an update to these replies.</b> After running all the malware programs and anti-virus as well as getting a new anti-virus, firewall and active malware program I have not had any problems as of yet. :-D All of this is after running through the Vista Cleaning Procedure. However, if you do find I have some other issues through viewing of these logs PLEASE let me know. Thanks!! :cool

P.S. I'm now running Avast! Antivirus, COMODO Firewall Pro and SUPERAntiSpyware. Each of them being off your list to further protect my computer.

 

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new C:\MGlogs.zip file that will be created.

 

Here is my MGlogs.zip file.

There is actually one problem I'm having. When booting up or rebooting my computer sometimes gets stuck on the "Welcoming..." screen just before getting to my desktop. If I push Ctrl-Alt-Delete once it will continue to my desktop as normal. :confused

 

I'm not sure about that. You might need to ask in the Software Forum after we are done here. I don't think it's malware related.

First I would make sure that the disk has been cleaned (run CCleaner) then defragment it. You can use the built in Windows defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

Important! Be sure to uncheck Install optional Yahoo! Toolbar during the install process to avoid installing the Yahoo! Toolbar.

Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.



If Webroot Spysweeper is not a paid version I would suggest uninstalling it or atleast setting it to disabled. Avast, Comodo and Windows Defender are enough. Too much real-time protection is never a good thing and can cause performance and stability issues.

Edit: In Add or Remove Programs you have Webroot AntiVirus with Spy Sweeper and Avast installed. You need to pick either Webroot or Avast and uninstall the other.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

After clicking Fix checked, exit HijackThis.



Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.




If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

I did get the success message.

Everything but the "Welcome" screen seems to be working as normal now. I will check about this in the Software forum. :-D

I've completed everything in your last reply. Is there anything else we need to do? :cool

 

Nope.

Safe surfing.

 

:-D Beautiful. Thanks so much!! :cool