Solved

How can I stop pop-ups when all malware scans and virus scans find nothing?

Posted on 2009-04-14
26
466 Views
Last Modified: 2013-11-22
I've got a Windows XP machine that gets a ton of pop-ups and the browser (IE) is hijacked when you launch it.  It's virtually unuseable in normal mode.  In safe mode, IE and Windows runs fine with no pop-ups.

I ran a full malwarebytes scan and Norton scan and find nothing at all.  I can't run Super anti-spyware because it can't be installed in safemode and normal mode is full of pop-ups and freezes everything.  

Any other programs I can use?  I've only got about an hour before I have to return the machine and not making any head way so far.  Thanks!
0
Comment
Question by:Jsmply
  • 11
  • 11
  • 2
  • +2
26 Comments
 
LVL 19

Accepted Solution

by:
Delphineous Silverwing earned 500 total points
Comment Utility
The best thing to do is boot the machine to Safe mode and run Combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
After running Combofix in Safe mode - it is not a bad idea to run it in normal mode.
Will your anti-virus product run a scan in safe mode?
 
0
 

Author Comment

by:Jsmply
Comment Utility
Yes, I have Norton on the machine and it shows nothing.  I just ran a full scan in safe mode.  Combo Fix doesn't do anything itself right?  I have to post a log someplace?  I've never used it.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
Combofix removes a number of common spyware/adware and repairs the damage of them.
0
 

Author Comment

by:Jsmply
Comment Utility
I see ComboFix does remove some things on it's own.  I'm running it now.  It gave me a message about an incompatible OS (maybe because I'm in safe mode?) but it still ran, then it warned me about Norton interfering but i can't disable it in safe mode, now it's running.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
When you run it, it does many different operations to find and destroy the malicious software.  This includes restarting Windows shell.  Unless it prompts you for something, be sure to not click any windows or try to do something else.
0
 

Author Comment

by:Jsmply
Comment Utility
Well I was connected to the machine via LogMeIn and it just logged me out . . . I'm going to have to call the user and see what they see on their end.  
0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
if you use such programs as:
MSN Messenger PLUS!
And installed with Add Support, then this will cause the ad's to popup and not be detected
From detection programs.

Make sure that you have not installed something that comes with AD Support.
If you have, simply uninstall the programs, and then reboot and then reinstall it again
And make sure that you uncheck Ad Support.

If this is not your case, then hopefully the suggestions above will assist you further.

Good Luck
Carrzkiss
0
 
LVL 23

Expert Comment

by:ComputerTechie
Comment Utility
you can also try http://www.malwarebytes.org/mbam.php
it runs in normal and saft mode
CT
0
 

Author Comment

by:Jsmply
Comment Utility
Okay I'm back in, appearantly ComboFix restarted the machine . . . it says it's preparing a log and almost done.
0
 

Author Comment

by:Jsmply
Comment Utility
Strange . . . it created a log that popped up, but the log file is empty?  Is that normal if it finds nothing?  I'm going to try again.
0
 

Author Comment

by:Jsmply
Comment Utility
I ran malwarebytes, it found nothing.  I'm trying Combofix again now.
0
 

Author Comment

by:Jsmply
Comment Utility
Okay this is what I got . . . any help?

------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-04-14.09 - Mommie 04/08/2009 14:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.255 [GMT -7:00]
Running from: c:\documents and settings\Mommie\My Documents\ILGTG-cf.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\Mommie\Application Data\Malwarebytes
2009-04-08 20:32 . 2009-04-06 22:32      15504      ----a-w      c:\windows\system32\drivers\mbam.sys
2009-04-08 20:32 . 2009-04-06 22:32      38496      ----a-w      c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 20:30 . 2009-04-08 21:37      --------      d-----w      c:\windows\LMI1.tmp
2009-04-01 13:42 . 2009-04-01 13:48      --------      d-----w      c:\windows\SHELLNEW
2009-04-01 13:36 . 2009-04-01 13:36      --------      d--h--r      C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 20:59 . 2009-04-08 20:59      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:05 . 2007-06-21 19:29      --------      d-----w      c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 18:14 . 2007-06-21 19:28      --------      d-----w      c:\program files\Common Files\Symantec Shared
2009-04-07 23:01 . 2009-01-01 21:56      24871      ----a-w      C:\logfile
2009-04-01 13:50 . 2007-06-07 23:15      --------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 13:49 . 2009-04-01 13:49      --------      d-----w      c:\program files\Microsoft Works
2009-03-13 19:02 . 2007-06-07 23:34      --------      d-----w      c:\program files\Google
2009-03-09 21:08 . 2009-03-09 21:08      --------      d-----w      c:\documents and settings\Mommie\Application Data\Apple Computer
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\program files\iTunes
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-09 20:55 . 2009-03-09 20:55      --------      d-----w      c:\program files\iPod
2009-03-09 20:55 . 2009-03-09 18:20      --------      d-----w      c:\program files\Common Files\Apple
2009-03-09 20:55 . 2009-01-01 21:36      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 20:54 . 2009-03-09 20:54      --------      d-----w      c:\program files\Bonjour
2009-03-09 20:54 . 2009-01-01 21:36      --------      d-----w      c:\program files\QuickTime
2009-03-09 18:21 . 2009-03-09 18:21      --------      d-----w      c:\program files\Apple Software Update
2009-03-09 18:20 . 2009-03-09 18:20      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple
2009-03-09 05:02 . 2007-06-07 23:17      --------      d-----w      c:\program files\Microsoft.NET
2009-03-09 04:33 . 2007-06-07 23:26      --------      d-----w      c:\program files\Microsoft Small Business
2009-03-09 04:26 . 2007-06-07 23:22      69232      ----a-w      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2007-05-29 17:17      1846784      ----a-w      c:\windows\system32\win32k.sys
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011120090112\index.dat
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-12 05:54 . 2007-05-29 16:35      87447      ----a-w      c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-12 05:40 . 2007-05-29 17:17      250048      --sha-r      C:\ntldr
2007-06-07 23:22 . 2008-12-26 23:52      68456      ----a-w      c:\documents and settings\Mommie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 18:40      118784      ----a-w      c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-27 160592]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
"*LogMeInRescue_194680787"="c:\windows\LMI1.tmp\lmi_rescue.exe" [2009-04-08 1667888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-07 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-07 970752]
"00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-07-05 19:14 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-04-20 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-04-20 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-04-20 125720]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-27 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-21 110592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2007-05-31 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2007-06-15 3147776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"000StTHK"="000StTHK.exe" - c:\windows\system32\[u]0[/u]00StTHK.exe [2001-06-23 11:28 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-13 16132608]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-04-24 118784]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2007-04-24 315392]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Kodak Picture Transfer.lnk - c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe [2007-3-13 7008256]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 16:34      176128      ----a-w      c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Kodak\\Kodak Utilities\\PTS\\Kodak Picture Transfer Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-04-27 9216]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-05-31 106496]
R2 KODAK Picture Transfer Agent;KODAK Picture Transfer Agent;c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer Service.exe [2007-03-13 163840]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2007-02-22 435072]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2007-06-09 29440]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-20 36608]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-03-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mommie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Mommie\Application Data\Mozilla\Firefox\Profiles\oc2trmyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\FpWinLogonNp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt  2009-04-08 21:42
ComboFix2.txt  2009-04-08 21:38

Pre-Run: 96,756,457,472 bytes free
Post-Run: 96,744,079,360 bytes free

191      --- E O F ---      2009-03-10 10:03
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
That might happen when running in safe mode ... reboot into normal mode and run it again.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
After you clean off the malware, you may want to review some of those startup items - some may not be necessary.
0
 

Author Comment

by:Jsmply
Comment Utility
It seems to think all the malware is gone.  Do you see anything bad on that list?
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
The machine has some software installed which I am not familiar.  but a quick review of the list shows it reasonably clean of malware ... I am looking into a couple of the programs.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
The software's I was concerned about are Toshiba tools.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
If you installed any software during this cleanup - don't forget to uninstall it.
Another good anti-spyware to try, if you have residual junk is SuperAntiSpyware:
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
0
 
LVL 8

Expert Comment

by:skywalker39
Comment Utility
Hi Jsmply,

Have you tried SUPERAntiSpyware in Safe Mode? Here's a link: http://www.superantispyware.com/

Also Spyware Doctor with AntiVirus is a good tool to check out, the only down fall it's not free, but you can still scan your computer, it just remove anything. If you want to check that out here's the link: http://www.pctools.com/spyware-doctor-antivirus/

Do you have a firewall? Firewalls can prevent alot of popups from happening, Zonealarm is a good one to check out, there's also a Free edition of it. Here's a link: http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
0
 

Author Comment

by:Jsmply
Comment Utility
Okay, now we got most of the pop-ups stopped but the machien is running so slow it took about 10 minutes for IE to open.  Something is still going on.  I'm still looking.  
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
Two ideas -
1 - Some malware damages the installed anti-virus software.  You may need to reinstall Norton, but uninstall the other anti-spyware software first.
2 - A plug-in is damaged.  Launch Internet Explorer without plug-ins
           iexplore -extoff
Disable all of the add-ons (Internet Options > Programs Tab) and turn them on one-by-one until you find which one causes the slow start.
0
 

Author Comment

by:Jsmply
Comment Utility
Okay, I uninstalled and re-isntalled Norton and disabled a LOT of the Toshiba startup software, it was nuts.  They have like 10 Toshiba programs that run at startup.  It's running much better now.

I'm not sure what fixed the pop-ups though, Combofix never told me it removed any spywayre . . . does it typically say "x amount of infections found . . . healed, etc" ?

Either way, thanks!  Since Malwarebytes didn't find anything, i have to assume the winning variable was ComboFix.  It would not let me run SuperAntiSpyware in safe mode.  I assume that is a limitation of the software?  I've seen that before on a different machine as well.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
Comment Utility
The new version of SuperAntiSpyware may not allow running in Safe Mode.  Unfortunately, more and more of these utilities require normal mode to run.  The best way to stop malware is in safemode, because windows will not launch it in the first place.  Security software cannot protect a computer from something that is launched before it; especially if that malware is well written.
Combofix does usually tell you what it deleted.  That may have ended up in the first report that turned out blank.  The results file should be on the hard drive somewhere, either the root or combofix folder.
0
 
LVL 8

Expert Comment

by:skywalker39
Comment Utility
Here's a link about running SUPERAntiSpyware in Safe Mode.
http://www.superantispyware.com/supportfaqdisplay.html?faq=75
0
 

Author Comment

by:Jsmply
Comment Utility
Thanks skywalker. In this case though the machine ran to slow in normal mode to do anything at all and I can't seem to install super anti spyware in safe mode either!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now