Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I stop pop-ups when all malware scans and virus scans find nothing?

Posted on 2009-04-14
26
Medium Priority
?
494 Views
Last Modified: 2013-11-22
I've got a Windows XP machine that gets a ton of pop-ups and the browser (IE) is hijacked when you launch it.  It's virtually unuseable in normal mode.  In safe mode, IE and Windows runs fine with no pop-ups.

I ran a full malwarebytes scan and Norton scan and find nothing at all.  I can't run Super anti-spyware because it can't be installed in safemode and normal mode is full of pop-ups and freezes everything.  

Any other programs I can use?  I've only got about an hour before I have to return the machine and not making any head way so far.  Thanks!
0
Comment
Question by:Jsmply
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 11
  • 2
  • +2
26 Comments
 
LVL 19

Accepted Solution

by:
Delphineous Silverwing earned 2000 total points
ID: 24141630
The best thing to do is boot the machine to Safe mode and run Combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141637
After running Combofix in Safe mode - it is not a bad idea to run it in normal mode.
Will your anti-virus product run a scan in safe mode?
 
0
 

Author Comment

by:Jsmply
ID: 24141649
Yes, I have Norton on the machine and it shows nothing.  I just ran a full scan in safe mode.  Combo Fix doesn't do anything itself right?  I have to post a log someplace?  I've never used it.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141682
Combofix removes a number of common spyware/adware and repairs the damage of them.
0
 

Author Comment

by:Jsmply
ID: 24141687
I see ComboFix does remove some things on it's own.  I'm running it now.  It gave me a message about an incompatible OS (maybe because I'm in safe mode?) but it still ran, then it warned me about Norton interfering but i can't disable it in safe mode, now it's running.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141692
When you run it, it does many different operations to find and destroy the malicious software.  This includes restarting Windows shell.  Unless it prompts you for something, be sure to not click any windows or try to do something else.
0
 

Author Comment

by:Jsmply
ID: 24141705
Well I was connected to the machine via LogMeIn and it just logged me out . . . I'm going to have to call the user and see what they see on their end.  
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 24141715
if you use such programs as:
MSN Messenger PLUS!
And installed with Add Support, then this will cause the ad's to popup and not be detected
From detection programs.

Make sure that you have not installed something that comes with AD Support.
If you have, simply uninstall the programs, and then reboot and then reinstall it again
And make sure that you uncheck Ad Support.

If this is not your case, then hopefully the suggestions above will assist you further.

Good Luck
Carrzkiss
0
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 24141730
you can also try http://www.malwarebytes.org/mbam.php
it runs in normal and saft mode
CT
0
 

Author Comment

by:Jsmply
ID: 24141733
Okay I'm back in, appearantly ComboFix restarted the machine . . . it says it's preparing a log and almost done.
0
 

Author Comment

by:Jsmply
ID: 24141743
Strange . . . it created a log that popped up, but the log file is empty?  Is that normal if it finds nothing?  I'm going to try again.
0
 

Author Comment

by:Jsmply
ID: 24141762
I ran malwarebytes, it found nothing.  I'm trying Combofix again now.
0
 

Author Comment

by:Jsmply
ID: 24141783
Okay this is what I got . . . any help?

------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-04-14.09 - Mommie 04/08/2009 14:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.255 [GMT -7:00]
Running from: c:\documents and settings\Mommie\My Documents\ILGTG-cf.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\Mommie\Application Data\Malwarebytes
2009-04-08 20:32 . 2009-04-06 22:32      15504      ----a-w      c:\windows\system32\drivers\mbam.sys
2009-04-08 20:32 . 2009-04-06 22:32      38496      ----a-w      c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 20:30 . 2009-04-08 21:37      --------      d-----w      c:\windows\LMI1.tmp
2009-04-01 13:42 . 2009-04-01 13:48      --------      d-----w      c:\windows\SHELLNEW
2009-04-01 13:36 . 2009-04-01 13:36      --------      d--h--r      C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 20:59 . 2009-04-08 20:59      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:05 . 2007-06-21 19:29      --------      d-----w      c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 18:14 . 2007-06-21 19:28      --------      d-----w      c:\program files\Common Files\Symantec Shared
2009-04-07 23:01 . 2009-01-01 21:56      24871      ----a-w      C:\logfile
2009-04-01 13:50 . 2007-06-07 23:15      --------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 13:49 . 2009-04-01 13:49      --------      d-----w      c:\program files\Microsoft Works
2009-03-13 19:02 . 2007-06-07 23:34      --------      d-----w      c:\program files\Google
2009-03-09 21:08 . 2009-03-09 21:08      --------      d-----w      c:\documents and settings\Mommie\Application Data\Apple Computer
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\program files\iTunes
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-09 20:55 . 2009-03-09 20:55      --------      d-----w      c:\program files\iPod
2009-03-09 20:55 . 2009-03-09 18:20      --------      d-----w      c:\program files\Common Files\Apple
2009-03-09 20:55 . 2009-01-01 21:36      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 20:54 . 2009-03-09 20:54      --------      d-----w      c:\program files\Bonjour
2009-03-09 20:54 . 2009-01-01 21:36      --------      d-----w      c:\program files\QuickTime
2009-03-09 18:21 . 2009-03-09 18:21      --------      d-----w      c:\program files\Apple Software Update
2009-03-09 18:20 . 2009-03-09 18:20      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple
2009-03-09 05:02 . 2007-06-07 23:17      --------      d-----w      c:\program files\Microsoft.NET
2009-03-09 04:33 . 2007-06-07 23:26      --------      d-----w      c:\program files\Microsoft Small Business
2009-03-09 04:26 . 2007-06-07 23:22      69232      ----a-w      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2007-05-29 17:17      1846784      ----a-w      c:\windows\system32\win32k.sys
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011120090112\index.dat
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-12 05:54 . 2007-05-29 16:35      87447      ----a-w      c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-12 05:40 . 2007-05-29 17:17      250048      --sha-r      C:\ntldr
2007-06-07 23:22 . 2008-12-26 23:52      68456      ----a-w      c:\documents and settings\Mommie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 18:40      118784      ----a-w      c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-27 160592]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
"*LogMeInRescue_194680787"="c:\windows\LMI1.tmp\lmi_rescue.exe" [2009-04-08 1667888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-07 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-07 970752]
"00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-07-05 19:14 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-04-20 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-04-20 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-04-20 125720]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-27 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-21 110592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2007-05-31 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2007-06-15 3147776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"000StTHK"="000StTHK.exe" - c:\windows\system32\[u]0[/u]00StTHK.exe [2001-06-23 11:28 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-13 16132608]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-04-24 118784]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2007-04-24 315392]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Kodak Picture Transfer.lnk - c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe [2007-3-13 7008256]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 16:34      176128      ----a-w      c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Kodak\\Kodak Utilities\\PTS\\Kodak Picture Transfer Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-04-27 9216]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-05-31 106496]
R2 KODAK Picture Transfer Agent;KODAK Picture Transfer Agent;c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer Service.exe [2007-03-13 163840]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2007-02-22 435072]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2007-06-09 29440]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-20 36608]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-03-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mommie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Mommie\Application Data\Mozilla\Firefox\Profiles\oc2trmyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\FpWinLogonNp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt  2009-04-08 21:42
ComboFix2.txt  2009-04-08 21:38

Pre-Run: 96,756,457,472 bytes free
Post-Run: 96,744,079,360 bytes free

191      --- E O F ---      2009-03-10 10:03
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141785
That might happen when running in safe mode ... reboot into normal mode and run it again.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141819
After you clean off the malware, you may want to review some of those startup items - some may not be necessary.
0
 

Author Comment

by:Jsmply
ID: 24141849
It seems to think all the malware is gone.  Do you see anything bad on that list?
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141874
The machine has some software installed which I am not familiar.  but a quick review of the list shows it reasonably clean of malware ... I am looking into a couple of the programs.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141919
The software's I was concerned about are Toshiba tools.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141954
If you installed any software during this cleanup - don't forget to uninstall it.
Another good anti-spyware to try, if you have residual junk is SuperAntiSpyware:
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24142019
Hi Jsmply,

Have you tried SUPERAntiSpyware in Safe Mode? Here's a link: http://www.superantispyware.com/

Also Spyware Doctor with AntiVirus is a good tool to check out, the only down fall it's not free, but you can still scan your computer, it just remove anything. If you want to check that out here's the link: http://www.pctools.com/spyware-doctor-antivirus/

Do you have a firewall? Firewalls can prevent alot of popups from happening, Zonealarm is a good one to check out, there's also a Free edition of it. Here's a link: http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
0
 

Author Comment

by:Jsmply
ID: 24142033
Okay, now we got most of the pop-ups stopped but the machien is running so slow it took about 10 minutes for IE to open.  Something is still going on.  I'm still looking.  
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24142601
Two ideas -
1 - Some malware damages the installed anti-virus software.  You may need to reinstall Norton, but uninstall the other anti-spyware software first.
2 - A plug-in is damaged.  Launch Internet Explorer without plug-ins
           iexplore -extoff
Disable all of the add-ons (Internet Options > Programs Tab) and turn them on one-by-one until you find which one causes the slow start.
0
 

Author Comment

by:Jsmply
ID: 24142760
Okay, I uninstalled and re-isntalled Norton and disabled a LOT of the Toshiba startup software, it was nuts.  They have like 10 Toshiba programs that run at startup.  It's running much better now.

I'm not sure what fixed the pop-ups though, Combofix never told me it removed any spywayre . . . does it typically say "x amount of infections found . . . healed, etc" ?

Either way, thanks!  Since Malwarebytes didn't find anything, i have to assume the winning variable was ComboFix.  It would not let me run SuperAntiSpyware in safe mode.  I assume that is a limitation of the software?  I've seen that before on a different machine as well.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24142801
The new version of SuperAntiSpyware may not allow running in Safe Mode.  Unfortunately, more and more of these utilities require normal mode to run.  The best way to stop malware is in safemode, because windows will not launch it in the first place.  Security software cannot protect a computer from something that is launched before it; especially if that malware is well written.
Combofix does usually tell you what it deleted.  That may have ended up in the first report that turned out blank.  The results file should be on the hard drive somewhere, either the root or combofix folder.
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24142857
Here's a link about running SUPERAntiSpyware in Safe Mode.
http://www.superantispyware.com/supportfaqdisplay.html?faq=75
0
 

Author Comment

by:Jsmply
ID: 24142884
Thanks skywalker. In this case though the machine ran to slow in normal mode to do anything at all and I can't seem to install super anti spyware in safe mode either!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question