Solved

How can I stop pop-ups when all malware scans and virus scans find nothing?

Posted on 2009-04-14
26
476 Views
Last Modified: 2013-11-22
I've got a Windows XP machine that gets a ton of pop-ups and the browser (IE) is hijacked when you launch it.  It's virtually unuseable in normal mode.  In safe mode, IE and Windows runs fine with no pop-ups.

I ran a full malwarebytes scan and Norton scan and find nothing at all.  I can't run Super anti-spyware because it can't be installed in safemode and normal mode is full of pop-ups and freezes everything.  

Any other programs I can use?  I've only got about an hour before I have to return the machine and not making any head way so far.  Thanks!
0
Comment
Question by:Jsmply
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 11
  • 2
  • +2
26 Comments
 
LVL 19

Accepted Solution

by:
Delphineous Silverwing earned 500 total points
ID: 24141630
The best thing to do is boot the machine to Safe mode and run Combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141637
After running Combofix in Safe mode - it is not a bad idea to run it in normal mode.
Will your anti-virus product run a scan in safe mode?
 
0
 

Author Comment

by:Jsmply
ID: 24141649
Yes, I have Norton on the machine and it shows nothing.  I just ran a full scan in safe mode.  Combo Fix doesn't do anything itself right?  I have to post a log someplace?  I've never used it.
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141682
Combofix removes a number of common spyware/adware and repairs the damage of them.
0
 

Author Comment

by:Jsmply
ID: 24141687
I see ComboFix does remove some things on it's own.  I'm running it now.  It gave me a message about an incompatible OS (maybe because I'm in safe mode?) but it still ran, then it warned me about Norton interfering but i can't disable it in safe mode, now it's running.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141692
When you run it, it does many different operations to find and destroy the malicious software.  This includes restarting Windows shell.  Unless it prompts you for something, be sure to not click any windows or try to do something else.
0
 

Author Comment

by:Jsmply
ID: 24141705
Well I was connected to the machine via LogMeIn and it just logged me out . . . I'm going to have to call the user and see what they see on their end.  
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 24141715
if you use such programs as:
MSN Messenger PLUS!
And installed with Add Support, then this will cause the ad's to popup and not be detected
From detection programs.

Make sure that you have not installed something that comes with AD Support.
If you have, simply uninstall the programs, and then reboot and then reinstall it again
And make sure that you uncheck Ad Support.

If this is not your case, then hopefully the suggestions above will assist you further.

Good Luck
Carrzkiss
0
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 24141730
you can also try http://www.malwarebytes.org/mbam.php
it runs in normal and saft mode
CT
0
 

Author Comment

by:Jsmply
ID: 24141733
Okay I'm back in, appearantly ComboFix restarted the machine . . . it says it's preparing a log and almost done.
0
 

Author Comment

by:Jsmply
ID: 24141743
Strange . . . it created a log that popped up, but the log file is empty?  Is that normal if it finds nothing?  I'm going to try again.
0
 

Author Comment

by:Jsmply
ID: 24141762
I ran malwarebytes, it found nothing.  I'm trying Combofix again now.
0
 

Author Comment

by:Jsmply
ID: 24141783
Okay this is what I got . . . any help?

------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-04-14.09 - Mommie 04/08/2009 14:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.255 [GMT -7:00]
Running from: c:\documents and settings\Mommie\My Documents\ILGTG-cf.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\Mommie\Application Data\Malwarebytes
2009-04-08 20:32 . 2009-04-06 22:32      15504      ----a-w      c:\windows\system32\drivers\mbam.sys
2009-04-08 20:32 . 2009-04-06 22:32      38496      ----a-w      c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 20:30 . 2009-04-08 21:37      --------      d-----w      c:\windows\LMI1.tmp
2009-04-01 13:42 . 2009-04-01 13:48      --------      d-----w      c:\windows\SHELLNEW
2009-04-01 13:36 . 2009-04-01 13:36      --------      d--h--r      C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 20:59 . 2009-04-08 20:59      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-04-08 20:32 . 2009-04-08 20:32      --------      d-----w      c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:05 . 2007-06-21 19:29      --------      d-----w      c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 18:14 . 2007-06-21 19:28      --------      d-----w      c:\program files\Common Files\Symantec Shared
2009-04-07 23:01 . 2009-01-01 21:56      24871      ----a-w      C:\logfile
2009-04-01 13:50 . 2007-06-07 23:15      --------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 13:49 . 2009-04-01 13:49      --------      d-----w      c:\program files\Microsoft Works
2009-03-13 19:02 . 2007-06-07 23:34      --------      d-----w      c:\program files\Google
2009-03-09 21:08 . 2009-03-09 21:08      --------      d-----w      c:\documents and settings\Mommie\Application Data\Apple Computer
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\program files\iTunes
2009-03-09 20:56 . 2009-03-09 20:55      --------      d-----w      c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-09 20:55 . 2009-03-09 20:55      --------      d-----w      c:\program files\iPod
2009-03-09 20:55 . 2009-03-09 18:20      --------      d-----w      c:\program files\Common Files\Apple
2009-03-09 20:55 . 2009-01-01 21:36      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 20:54 . 2009-03-09 20:54      --------      d-----w      c:\program files\Bonjour
2009-03-09 20:54 . 2009-01-01 21:36      --------      d-----w      c:\program files\QuickTime
2009-03-09 18:21 . 2009-03-09 18:21      --------      d-----w      c:\program files\Apple Software Update
2009-03-09 18:20 . 2009-03-09 18:20      --------      d-----w      c:\documents and settings\All Users\Application Data\Apple
2009-03-09 05:02 . 2007-06-07 23:17      --------      d-----w      c:\program files\Microsoft.NET
2009-03-09 04:33 . 2007-06-07 23:26      --------      d-----w      c:\program files\Microsoft Small Business
2009-03-09 04:26 . 2007-06-07 23:22      69232      ----a-w      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2007-05-29 17:17      1846784      ----a-w      c:\windows\system32\win32k.sys
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011120090112\index.dat
2009-01-12 06:24 . 2009-01-12 06:24      32768      --sha-w      c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-12 05:54 . 2007-05-29 16:35      87447      ----a-w      c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-12 05:40 . 2007-05-29 17:17      250048      --sha-r      C:\ntldr
2007-06-07 23:22 . 2008-12-26 23:52      68456      ----a-w      c:\documents and settings\Mommie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 18:40      118784      ----a-w      c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-27 160592]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
"*LogMeInRescue_194680787"="c:\windows\LMI1.tmp\lmi_rescue.exe" [2009-04-08 1667888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-07 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-07 970752]
"00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-07-05 19:14 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-04-20 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-04-20 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-04-20 125720]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-27 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-21 110592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2007-05-31 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2007-06-15 3147776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"000StTHK"="000StTHK.exe" - c:\windows\system32\[u]0[/u]00StTHK.exe [2001-06-23 11:28 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-13 16132608]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-04-24 118784]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2007-04-24 315392]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Kodak Picture Transfer.lnk - c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe [2007-3-13 7008256]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 16:34      176128      ----a-w      c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Kodak\\Kodak Utilities\\PTS\\Kodak Picture Transfer Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-04-27 9216]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-05-31 106496]
R2 KODAK Picture Transfer Agent;KODAK Picture Transfer Agent;c:\program files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer Service.exe [2007-03-13 163840]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2007-02-22 435072]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2007-06-09 29440]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-20 36608]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - PXHELP20

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-03-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mommie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Mommie\Application Data\Mozilla\Firefox\Profiles\oc2trmyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\FpWinLogonNp.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt  2009-04-08 21:42
ComboFix2.txt  2009-04-08 21:38

Pre-Run: 96,756,457,472 bytes free
Post-Run: 96,744,079,360 bytes free

191      --- E O F ---      2009-03-10 10:03
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141785
That might happen when running in safe mode ... reboot into normal mode and run it again.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141819
After you clean off the malware, you may want to review some of those startup items - some may not be necessary.
0
 

Author Comment

by:Jsmply
ID: 24141849
It seems to think all the malware is gone.  Do you see anything bad on that list?
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141874
The machine has some software installed which I am not familiar.  but a quick review of the list shows it reasonably clean of malware ... I am looking into a couple of the programs.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141919
The software's I was concerned about are Toshiba tools.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24141954
If you installed any software during this cleanup - don't forget to uninstall it.
Another good anti-spyware to try, if you have residual junk is SuperAntiSpyware:
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24142019
Hi Jsmply,

Have you tried SUPERAntiSpyware in Safe Mode? Here's a link: http://www.superantispyware.com/

Also Spyware Doctor with AntiVirus is a good tool to check out, the only down fall it's not free, but you can still scan your computer, it just remove anything. If you want to check that out here's the link: http://www.pctools.com/spyware-doctor-antivirus/

Do you have a firewall? Firewalls can prevent alot of popups from happening, Zonealarm is a good one to check out, there's also a Free edition of it. Here's a link: http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
0
 

Author Comment

by:Jsmply
ID: 24142033
Okay, now we got most of the pop-ups stopped but the machien is running so slow it took about 10 minutes for IE to open.  Something is still going on.  I'm still looking.  
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24142601
Two ideas -
1 - Some malware damages the installed anti-virus software.  You may need to reinstall Norton, but uninstall the other anti-spyware software first.
2 - A plug-in is damaged.  Launch Internet Explorer without plug-ins
           iexplore -extoff
Disable all of the add-ons (Internet Options > Programs Tab) and turn them on one-by-one until you find which one causes the slow start.
0
 

Author Comment

by:Jsmply
ID: 24142760
Okay, I uninstalled and re-isntalled Norton and disabled a LOT of the Toshiba startup software, it was nuts.  They have like 10 Toshiba programs that run at startup.  It's running much better now.

I'm not sure what fixed the pop-ups though, Combofix never told me it removed any spywayre . . . does it typically say "x amount of infections found . . . healed, etc" ?

Either way, thanks!  Since Malwarebytes didn't find anything, i have to assume the winning variable was ComboFix.  It would not let me run SuperAntiSpyware in safe mode.  I assume that is a limitation of the software?  I've seen that before on a different machine as well.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 24142801
The new version of SuperAntiSpyware may not allow running in Safe Mode.  Unfortunately, more and more of these utilities require normal mode to run.  The best way to stop malware is in safemode, because windows will not launch it in the first place.  Security software cannot protect a computer from something that is launched before it; especially if that malware is well written.
Combofix does usually tell you what it deleted.  That may have ended up in the first report that turned out blank.  The results file should be on the hard drive somewhere, either the root or combofix folder.
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24142857
Here's a link about running SUPERAntiSpyware in Safe Mode.
http://www.superantispyware.com/supportfaqdisplay.html?faq=75
0
 

Author Comment

by:Jsmply
ID: 24142884
Thanks skywalker. In this case though the machine ran to slow in normal mode to do anything at all and I can't seem to install super anti spyware in safe mode either!
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question