Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 499
  • Last Modified:

How can I stop pop-ups when all malware scans and virus scans find nothing?

I've got a Windows XP machine that gets a ton of pop-ups and the browser (IE) is hijacked when you launch it.  It's virtually unuseable in normal mode.  In safe mode, IE and Windows runs fine with no pop-ups.

I ran a full malwarebytes scan and Norton scan and find nothing at all.  I can't run Super anti-spyware because it can't be installed in safemode and normal mode is full of pop-ups and freezes everything.  

Any other programs I can use?  I've only got about an hour before I have to return the machine and not making any head way so far.  Thanks!
0
Jsmply
Asked:
Jsmply
  • 11
  • 11
  • 2
  • +2
1 Solution
 
Delphineous SilverwingGood Ol' GeekCommented:
The best thing to do is boot the machine to Safe mode and run Combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 
Delphineous SilverwingGood Ol' GeekCommented:
After running Combofix in Safe mode - it is not a bad idea to run it in normal mode.
Will your anti-virus product run a scan in safe mode?
 
0
 
JsmplyAuthor Commented:
Yes, I have Norton on the machine and it shows nothing.  I just ran a full scan in safe mode.  Combo Fix doesn't do anything itself right?  I have to post a log someplace?  I've never used it.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
Delphineous SilverwingGood Ol' GeekCommented:
Combofix removes a number of common spyware/adware and repairs the damage of them.
0
 
JsmplyAuthor Commented:
I see ComboFix does remove some things on it's own.  I'm running it now.  It gave me a message about an incompatible OS (maybe because I'm in safe mode?) but it still ran, then it warned me about Norton interfering but i can't disable it in safe mode, now it's running.
0
 
Delphineous SilverwingGood Ol' GeekCommented:
When you run it, it does many different operations to find and destroy the malicious software.  This includes restarting Windows shell.  Unless it prompts you for something, be sure to not click any windows or try to do something else.
0
 
JsmplyAuthor Commented:
Well I was connected to the machine via LogMeIn and it just logged me out . . . I'm going to have to call the user and see what they see on their end.  
0
 
Wayne BarronCommented:
if you use such programs as:
MSN Messenger PLUS!
And installed with Add Support, then this will cause the ad's to popup and not be detected
From detection programs.

Make sure that you have not installed something that comes with AD Support.
If you have, simply uninstall the programs, and then reboot and then reinstall it again
And make sure that you uncheck Ad Support.

If this is not your case, then hopefully the suggestions above will assist you further.

Good Luck
Carrzkiss
0
 
ComputerTechieCommented:
you can also try http://www.malwarebytes.org/mbam.php
it runs in normal and saft mode
CT
0
 
JsmplyAuthor Commented:
Okay I'm back in, appearantly ComboFix restarted the machine . . . it says it's preparing a log and almost done.
0
 
JsmplyAuthor Commented:
Strange . . . it created a log that popped up, but the log file is empty?  Is that normal if it finds nothing?  I'm going to try again.
0
 
JsmplyAuthor Commented:
I ran malwarebytes, it found nothing.  I'm trying Combofix again now.
0
 
JsmplyAuthor Commented:
Okay this is what I got . . . any help?

------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-04-14.09 - Mommie 04/08/2009 14:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.255 [GMT -7:00]
Running from: c:\documents and settings\Mommie\My Documents\ILGTG-cf.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\Mommie\Application Data\Malwarebytes
2009-04-08 20:32 . 2009-04-06 22:32      15504      ----a-w      c:\windows\system32\drivers\mbam.sys
2009-04-08 20:32 . 2009-04-06 22:32      38496      ----a-w      c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 20:30 . 2009-04-08 21:37      --------      d-----w      c:\windows\LMI1.tmp
2009-04-01 13:42 . 2009-04-01 13:48      --------      d-----w      c:\windows\SHELLNEW
2009-04-01 13:36 . 2009-04-01 13:36      --------      d--h--r      C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 20:59 . 2009-04-08 20:59      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:05 . 2007-06-21 19:29      --------      d-----w      c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 18:14 . 2007-06-21 19:28      --------      d-----w      c:\program files\Common Files\Symantec Shared
2009-04-07 23:01 . 2009-01-01 21:56      24871      ----a-w      C:\logfile
2009-04-01 13:50 . 2007-06-07 23:15      --------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 13:49 . 2009-04-01 13:49      --------      d-----w      c:\program files\Microsoft Works
2009-03-13 19:02 . 2007-06-07 23:34      --------      d-----w      c:\program files\Google
2009-03-09 21:08 . 2009-03-09 21:08      --------      d-----w      c:\documents and settings\Mommie\Application Data\Apple Computer
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\program files\iTunes
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-09 20:55 . 2009-03-09 20:55      --------      d-----w      c:\program files\iPod
2009-03-09 20:55 . 2009-03-09 18:20      --------      d-----w      c:\program files\Common Files\Apple
2009-03-09 20:55 . 2009-01-01 21:36      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 20:54 . 2009-03-09 20:54      --------      d-----w      c:\program files\Bonjour
2009-03-09 20:54 . 2009-01-01 21:36      --------      d-----w      c:\program files\QuickTime
2009-03-09 18:21 . 2009-03-09 18:21      --------      d-----w      c:\program files\Apple Software Update
2009-03-09 18:20 . 2009-03-09 18:20      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple
2009-03-09 05:02 . 2007-06-07 23:17      --------      d-----w      c:\program files\Microsoft.NET
2009-03-09 04:33 . 2007-06-07 23:26      --------      d-----w      c:\program files\Microsoft Small Business
2009-03-09 04:26 . 2007-06-07 23:22      69232      ----a-w      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2007-05-29 17:17      1846784      ----a-w      c:\windows\system32\win32k.sys
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011120090112\index.dat
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-12 05:54 . 2007-05-29 16:35      87447      ----a-w      c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-12 05:40 . 2007-05-29 17:17      250048      --sha-r      C:\ntldr
2007-06-07 23:22 . 2008-12-26 23:52      68456      ----a-w      c:\documents and settings\Mommie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 18:40      118784      ----a-w      c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-27 160592]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
"*LogMeInRescue_194680787"="c:\windows\LMI1.tmp\lmi_rescue.exe" [2009-04-08 1667888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-07 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-07 970752]
"00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-07-05 19:14 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-04-20 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-04-20 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-04-20 125720]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-27 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-21 110592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2007-05-31 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2007-06-15 3147776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"000StTHK"="000StTHK.exe" - c:\windows\system32\[u]0[/u]00StTHK.exe [2001-06-23 11:28 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-13 16132608]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-04-24 118784]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2007-04-24 315392]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Kodak Picture Transfer.lnk - c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe [2007-3-13 7008256]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 16:34      176128      ----a-w      c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Kodak\\Kodak Utilities\\PTS\\Kodak Picture Transfer Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-04-27 9216]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-05-31 106496]
R2 KODAK Picture Transfer Agent;KODAK Picture Transfer Agent;c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer Service.exe [2007-03-13 163840]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2007-02-22 435072]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2007-06-09 29440]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-20 36608]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-03-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mommie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Mommie\Application Data\Mozilla\Firefox\Profiles\oc2trmyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\FpWinLogonNp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt  2009-04-08 21:42
ComboFix2.txt  2009-04-08 21:38

Pre-Run: 96,756,457,472 bytes free
Post-Run: 96,744,079,360 bytes free

191      --- E O F ---      2009-03-10 10:03
0
 
Delphineous SilverwingGood Ol' GeekCommented:
That might happen when running in safe mode ... reboot into normal mode and run it again.
0
 
Delphineous SilverwingGood Ol' GeekCommented:
After you clean off the malware, you may want to review some of those startup items - some may not be necessary.
0
 
JsmplyAuthor Commented:
It seems to think all the malware is gone.  Do you see anything bad on that list?
0
 
Delphineous SilverwingGood Ol' GeekCommented:
The machine has some software installed which I am not familiar.  but a quick review of the list shows it reasonably clean of malware ... I am looking into a couple of the programs.
0
 
Delphineous SilverwingGood Ol' GeekCommented:
The software's I was concerned about are Toshiba tools.
0
 
Delphineous SilverwingGood Ol' GeekCommented:
If you installed any software during this cleanup - don't forget to uninstall it.
Another good anti-spyware to try, if you have residual junk is SuperAntiSpyware:
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
0
 
skywalker39Commented:
Hi Jsmply,

Have you tried SUPERAntiSpyware in Safe Mode? Here's a link: http://www.superantispyware.com/

Also Spyware Doctor with AntiVirus is a good tool to check out, the only down fall it's not free, but you can still scan your computer, it just remove anything. If you want to check that out here's the link: http://www.pctools.com/spyware-doctor-antivirus/

Do you have a firewall? Firewalls can prevent alot of popups from happening, Zonealarm is a good one to check out, there's also a Free edition of it. Here's a link: http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
0
 
JsmplyAuthor Commented:
Okay, now we got most of the pop-ups stopped but the machien is running so slow it took about 10 minutes for IE to open.  Something is still going on.  I'm still looking.  
0
 
Delphineous SilverwingGood Ol' GeekCommented:
Two ideas -
1 - Some malware damages the installed anti-virus software.  You may need to reinstall Norton, but uninstall the other anti-spyware software first.
2 - A plug-in is damaged.  Launch Internet Explorer without plug-ins
           iexplore -extoff
Disable all of the add-ons (Internet Options > Programs Tab) and turn them on one-by-one until you find which one causes the slow start.
0
 
JsmplyAuthor Commented:
Okay, I uninstalled and re-isntalled Norton and disabled a LOT of the Toshiba startup software, it was nuts.  They have like 10 Toshiba programs that run at startup.  It's running much better now.

I'm not sure what fixed the pop-ups though, Combofix never told me it removed any spywayre . . . does it typically say "x amount of infections found . . . healed, etc" ?

Either way, thanks!  Since Malwarebytes didn't find anything, i have to assume the winning variable was ComboFix.  It would not let me run SuperAntiSpyware in safe mode.  I assume that is a limitation of the software?  I've seen that before on a different machine as well.
0
 
Delphineous SilverwingGood Ol' GeekCommented:
The new version of SuperAntiSpyware may not allow running in Safe Mode.  Unfortunately, more and more of these utilities require normal mode to run.  The best way to stop malware is in safemode, because windows will not launch it in the first place.  Security software cannot protect a computer from something that is launched before it; especially if that malware is well written.
Combofix does usually tell you what it deleted.  That may have ended up in the first report that turned out blank.  The results file should be on the hard drive somewhere, either the root or combofix folder.
0
 
skywalker39Commented:
Here's a link about running SUPERAntiSpyware in Safe Mode.
http://www.superantispyware.com/supportfaqdisplay.html?faq=75
0
 
JsmplyAuthor Commented:
Thanks skywalker. In this case though the machine ran to slow in normal mode to do anything at all and I can't seem to install super anti spyware in safe mode either!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 11
  • 11
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now