Eight Steps Done. Log Files Attached.

Status
Not open for further replies.
N

NetCablesPlus

Posts: 207   +1
Hi,

I have a Win XP machine (all up to date patches and service packs.) I would like to ensure that it is clean. I run McAfee Viruscan, Spysweeper, and Spybot regularly and did so just prior to starting the Eight Steps.

I could not do Step #6 as the scanner could not find a Java JRE and I did not see it listed in Internet Options nor in Add/Remove programs. I may not have Java running on this machine. It is not used for gaming or anything like that.

I am attaching the logs as requested. I appreciate your help with this.

I realized that I forgot to add the "problems" that I am noticing that caused me to go through the eight steps. It started with some emails that seemed to conflict with SpySweeper's monitoring. I would have difficulty downloading emails to Outlook and SpySweeper would come up with warnings. Eventually, that stopped, but then, every time I re-booted, my machine would suddenly think that my combination printer/scanner/fax machine was newly installed and puts me through the set up process again and again. Finally, I suddenly came up with problems when using Norton Ghost to clone my hard drive to an external drive. It wetn from taking under an hour to needing twelve hours to do the back up. I have not recently installed any new programs, so having these "driver" problems made me think that I may have something new lurking on my system that I need to clean out.

Thanks in advance for any help with this.
 

Attachments

  • mbam-log-2008-12-06 (14-03-55).txt
    1.5 KB · Views: 5
  • hijackthis.log
    8 KB · Views: 5
I suspect a conflict between SpySweeper & McAfee virusscan. What were the latest changes? New applications? Updates? Cnet software reviews cites conflicts for SpySweeper (vista) with third party virus scanners. Patches in XP have the potential to cause similar problems.

MBAM only complained about WeatherBug. I trusted that application, but all these scanners keep going after it, so I gave up.
 
Did you un-install Webroot Spy Sweeper and Spybots S&D before doing the 8 steps, as requested in that guide?

I would recommend that you still un-install these programs anyway, then test again
Webroot Spy Sweeper: Good for slowing down computers!
Spybots S&D: Malwarebytes is way better, also the resident protection is mainly annoying
 
Thanks for the feedback mbam.

Kimsland, thanks for jumping in. I followed the instructions which I thought were to disable certain functions in SpySweeper and Spybot, but did not actually un-install them. You are recommending that I uninstall them as a further measure?
 
Good Morning NetCablesPlus

From SAS log. This was likely your issues. Your HJT is clean.
Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1390067357-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com
HKU\S-1-5-21-1390067357-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com#*
HKU\S-1-5-21-1390067357-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com\www
HKU\S-1-5-21-1390067357-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com\www#*
HKU\S-1-5-21-1390067357-1202660629-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com\www#http
Click to expand...

Because the first run and removals can expose more that were hidden the first run it behooves me to ask that you run MBAM and SAS again until they report clean.

I know it takes a while but do it when you are sleeping working or doing something else.

Get Startup Control Panel http://www.mlin.net/StartupCPL.shtml use it to uncheck anything that may get in the way. Reboot to come up without them, do the scans etc. When finished recheck.

An additional Malware scan get and run XClean_Micro D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found as it has no log.

Additionally because of the Browser Hijacks found by SAS do the below.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

PS I found out yesterday that within the next 2-3 weeks I am getting Fiber Optic right to the house. I have been stuck at 3mb up and 512 down because that was all that was available. Soon 12 mb and 2mb down.
 
Wow, mflynn, thank you for your advice! Sounds like a great project for me for next weekend as I unfortunately have business travel most of this upcoming week. I will report back on the results when I finish. Thanks again.

By the way, Mike, congrats on getting fiber soon. When we moved into our current house in June of 1998, we were notified that the cable company was wiring our street for Internet in July. So, I have been spolied by a great connection for over ten years, now. I often forget that a lot of people are still on dial up speed connections. Sounds like you will have it for the holidays. Enjoy.
 
Hi Again,

I have followed all of your steps above. MBAM came back clean the first time and SAS found some AdWare entries that it removed. When I ran it a second time, it cam back clean.

I am attaching the three logs, as requested.

Thanks again for your help with this.
 
Ok good!

You had some Malware and it says it cleaned it. So you need to run ComboFix again to confirm it is in fact clean, finds nothing else.

Mike

EDIT: Refresh me on remaining issues
 
Hi Again,

Did as you instructed and also ran HJT again. Attached are the files. I think that Combofix ran clean because it did not ask me to re-boot.

The issues that I was having started with some emails that seemed to conflict with SpySweeper's monitoring. I would have difficulty downloading emails to Outlook and SpySweeper would come up with warnings. Eventually, that stopped, but then, every time I re-booted, my machine would suddenly think that my combination printer/scanner/fax machine was newly installed and puts me through the set up process again and again. Finally, I suddenly came up with problems when using Norton Ghost to clone my hard drive to an external drive. It wetn from taking under an hour to needing twelve hours to do the back up. I have not recently installed any new programs, so having these "driver" problems made me think that I may have something new lurking on my system that I need to clean out.

Anyway, I look forward to learning the results of these two logs.
 
Hi Net

Ok the logs were clean.

So lets deal with System.

First lets cleanup deeply.
----------------------------------------------------------------------------------------------------------------------------------
Run CCleaner Temp and Registry 2 times or more until no more found.
----------------------------------------------------------------------------------------------------------------------------------

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------
The malware issues could be found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

This item could clear your Ghost issue!
----------------------------------------------------------------------------------------------------------------------------------
For a general system check

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Flush DNS
Flush Icons
Process Idle Tasks
Repair Permissions
Reset WMI/WBEM (not reinstall)

Watch for any File not found or other errors and make note as this may lead to the fix!

----------------------------------------------------------------------------------------------------------------------------------

Java is for way more than gaming. A lot of Websites require it to run properly.

Get it here: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26223

Couple more things that would help but this is enough fro now.

Get back with results.

Mike
 
Mike,

It seems like the "issues" have gone away without taking the steps you outlined in your last post. Ghost is working fast again and I have re-booted the machine several times without the machine trying to re-install my printer/scanner/fax. The email conflict with Outlook and SpySweeper has not turned up, either, though that was intermittent, so it is possible that it comes back, but based upon what some have said about SpySweeper, I might be more inclined to shut it off and replace it with something else, if it does.

I am thinking that there is no need to continue with your next set of steps, but what do you think? Thanks again for your help with this.
 
The whole post is basically cleanup.

Up to you. It will be here if you want to do it later.

Mike
 
Actually, you entire instructions have been cut and pasted into a Word document and both saved on a disk and printed out in hardcopy. :)

I cannot tell you how much I appreciate your help with this. I also wish to thank everyone else who jumped in to help. Finally, please accept my best wishes for a joyous holiday season and a happy, healthy, and prosperous new year.
 
Status
Not open for further replies.

Similar threads

midian182
The average employee loses a day per week to emails, according to Slack study
Replies
10
Views
466
mrvco
mrvco
Shawn Knight
A closer look at Quake II's eight-way local multiplayer split screen mode
Replies
8
Views
654
MakeMSGreatAgain
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E

Latest posts

Back