TechSpot

Eight Steps Done. Log Files Attached.

By NetCablesPlus
Dec 6, 2008
  1. Hi,

    I have a Win XP machine (all up to date patches and service packs.) I would like to ensure that it is clean. I run McAfee Viruscan, Spysweeper, and Spybot regularly and did so just prior to starting the Eight Steps.

    I could not do Step #6 as the scanner could not find a Java JRE and I did not see it listed in Internet Options nor in Add/Remove programs. I may not have Java running on this machine. It is not used for gaming or anything like that.

    I am attaching the logs as requested. I appreciate your help with this.

    I realized that I forgot to add the "problems" that I am noticing that caused me to go through the eight steps. It started with some emails that seemed to conflict with SpySweeper's monitoring. I would have difficulty downloading emails to Outlook and SpySweeper would come up with warnings. Eventually, that stopped, but then, every time I re-booted, my machine would suddenly think that my combination printer/scanner/fax machine was newly installed and puts me through the set up process again and again. Finally, I suddenly came up with problems when using Norton Ghost to clone my hard drive to an external drive. It wetn from taking under an hour to needing twelve hours to do the back up. I have not recently installed any new programs, so having these "driver" problems made me think that I may have something new lurking on my system that I need to clean out.

    Thanks in advance for any help with this.
     

    Attached Files:

  2. rf6647

    rf6647 TS Maniac Posts: 829

    I suspect a conflict between SpySweeper & McAfee virusscan. What were the latest changes? New applications? Updates? Cnet software reviews cites conflicts for SpySweeper (vista) with third party virus scanners. Patches in XP have the potential to cause similar problems.

    MBAM only complained about WeatherBug. I trusted that application, but all these scanners keep going after it, so I gave up.
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Did you un-install Webroot Spy Sweeper and Spybots S&D before doing the 8 steps, as requested in that guide?

    I would recommend that you still un-install these programs anyway, then test again
    Webroot Spy Sweeper: Good for slowing down computers!
    Spybots S&D: Malwarebytes is way better, also the resident protection is mainly annoying
     
  4. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Thanks for the feedback mbam.

    Kimsland, thanks for jumping in. I followed the instructions which I thought were to disable certain functions in SpySweeper and Spybot, but did not actually un-install them. You are recommending that I uninstall them as a further measure?
     
  5. mflynn

    mflynn TS Rookie Posts: 2,655

    Good Morning NetCablesPlus

    From SAS log. This was likely your issues. Your HJT is clean.
    Because the first run and removals can expose more that were hidden the first run it behooves me to ask that you run MBAM and SAS again until they report clean.

    I know it takes a while but do it when you are sleeping working or doing something else.

    Get Startup Control Panel http://www.mlin.net/StartupCPL.shtml use it to uncheck anything that may get in the way. Reboot to come up without them, do the scans etc. When finished recheck.

    An additional Malware scan get and run XClean_Micro D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
    No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

    Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

    Please make a note of what it found as it has no log.

    Additionally because of the Browser Hijacks found by SAS do the below.

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    Mike

    PS I found out yesterday that within the next 2-3 weeks I am getting Fiber Optic right to the house. I have been stuck at 3mb up and 512 down because that was all that was available. Soon 12 mb and 2mb down.
     
  6. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Wow, mflynn, thank you for your advice! Sounds like a great project for me for next weekend as I unfortunately have business travel most of this upcoming week. I will report back on the results when I finish. Thanks again.

    By the way, Mike, congrats on getting fiber soon. When we moved into our current house in June of 1998, we were notified that the cable company was wiring our street for Internet in July. So, I have been spolied by a great connection for over ten years, now. I often forget that a lot of people are still on dial up speed connections. Sounds like you will have it for the holidays. Enjoy.
     
  7. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Hi Again,

    I have followed all of your steps above. MBAM came back clean the first time and SAS found some AdWare entries that it removed. When I ran it a second time, it cam back clean.

    I am attaching the three logs, as requested.

    Thanks again for your help with this.
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok good!

    You had some Malware and it says it cleaned it. So you need to run ComboFix again to confirm it is in fact clean, finds nothing else.

    Mike

    EDIT: Refresh me on remaining issues
     
  9. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Hi Again,

    Did as you instructed and also ran HJT again. Attached are the files. I think that Combofix ran clean because it did not ask me to re-boot.

    The issues that I was having started with some emails that seemed to conflict with SpySweeper's monitoring. I would have difficulty downloading emails to Outlook and SpySweeper would come up with warnings. Eventually, that stopped, but then, every time I re-booted, my machine would suddenly think that my combination printer/scanner/fax machine was newly installed and puts me through the set up process again and again. Finally, I suddenly came up with problems when using Norton Ghost to clone my hard drive to an external drive. It wetn from taking under an hour to needing twelve hours to do the back up. I have not recently installed any new programs, so having these "driver" problems made me think that I may have something new lurking on my system that I need to clean out.

    Anyway, I look forward to learning the results of these two logs.
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Net

    Ok the logs were clean.

    So lets deal with System.

    First lets cleanup deeply.
    ----------------------------------------------------------------------------------------------------------------------------------
    Run CCleaner Temp and Registry 2 times or more until no more found.
    ----------------------------------------------------------------------------------------------------------------------------------

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    ----------------------------------------------------------------------------------------------------------------------------------
    The malware issues could be found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    This item could clear your Ghost issue!
    ----------------------------------------------------------------------------------------------------------------------------------
    For a general system check

    Download Dial-A-Fix (DAF)
    http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
    http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

    Have XP CD available in case DAF needs a file.

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here 1 at a time do the below

    Flush DNS
    Flush Icons
    Process Idle Tasks
    Repair Permissions
    Reset WMI/WBEM (not reinstall)

    Watch for any File not found or other errors and make note as this may lead to the fix!

    ----------------------------------------------------------------------------------------------------------------------------------

    Java is for way more than gaming. A lot of Websites require it to run properly.

    Get it here: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26223

    Couple more things that would help but this is enough fro now.

    Get back with results.

    Mike
     
  11. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Hi Mike,

    Thanks. I will get started on this tomorrow morning. Have a nice evening in the meantime.

    JR
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    You too!

    Mike
     
  13. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Mike,

    It seems like the "issues" have gone away without taking the steps you outlined in your last post. Ghost is working fast again and I have re-booted the machine several times without the machine trying to re-install my printer/scanner/fax. The email conflict with Outlook and SpySweeper has not turned up, either, though that was intermittent, so it is possible that it comes back, but based upon what some have said about SpySweeper, I might be more inclined to shut it off and replace it with something else, if it does.

    I am thinking that there is no need to continue with your next set of steps, but what do you think? Thanks again for your help with this.
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    The whole post is basically cleanup.

    Up to you. It will be here if you want to do it later.

    Mike
     
  15. NetCablesPlus

    NetCablesPlus TS Maniac Topic Starter Posts: 228

    Actually, you entire instructions have been cut and pasted into a Word document and both saved on a disk and printed out in hardcopy. :)

    I cannot tell you how much I appreciate your help with this. I also wish to thank everyone else who jumped in to help. Finally, please accept my best wishes for a joyous holiday season and a happy, healthy, and prosperous new year.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...