Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow Malware or Virus? [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

OTL took care of the stuff it was supposed to and ComboFix found some things that didn't show up clearly in OTL. It was mostly just junk, but it needed to be removed.
As for the slowness of the system, one of the things that can cause a slowdown is having two or more AntiVirus programs installed. They both use system resources to load which would cause a slowdown at boot up. OTL only showed Microsoft Security Essentials, but the ComboFix scan shows that McAfee VirusScan, or parts of it are still on the system also:

ComboFix 12-03-12.03 - Administrator 03/13/2012 2:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


I have checked the original OTL log and the subsequent OTL logs and can't see McAfee listed in the installed programs. Do you remember uninstalling McAfee at any time, or did you just install MSSE over it?

I want to get a Security Scan log and see if McAfee shows up on it. After the scan, I want you to look in Add/Remove Programs in the Control Panel and see if McAfee VirusScan is listed as an installed program.

Question: In your original post you said that you had defragged the system. Did you use the built in Windows defragg program or did you use the defragg program from Auslogics


Step-1.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-2.

Check for McAfee VirusScan


1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s) (If present):

McAfee VirusScan

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\McAfee

2. Close Windows Explorer.


Step-3.

Clean up McAfee

Download and run MCPR.exe:

1. Download the removal tool from here.
2. Save the MCPR.exe file to your desktop.
3. Disable Microsoft Security Essentials AV
4. Ensure that all McAfee windows are closed. (there shouldn't be any)
5. Double-click MCPR.exe to run the removal tool.
6. Restart your computer after receiving the message CleanUp Successful.
Your McAfee product will not be fully removed until the system is restarted.

Don't forget to restart Microsoft Security Essentials AntiVirus when the system has been restarted.


Step-4.

Things For Your Next Post:
1. The Checkup.txt log
2. Let me know what happened with McAfee VirusScan
3. Answer to the question about defragging the system.
4. After the McAfee cleanup runs tell me if you notice any differences in the boot up speed.
  • 0

Advertisements


#17
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs

I believe when I bought this system it had McAfee installed on it but after that ran out I think I tried Micro Trend then when that ended downloaded Avast and then I wanted to try out Microsoft Security Essentials Antivirus and I'm still battling which of these two are better. Avast or Microsoft Security maybe you could advise me. I heard that Microsoft Security takes more time on boot up then Avast so not sure which is better, but I thought I deleted all contents from each one of these before installing another one. I did download and ran the security check. Log to follow, also I went into add and remove programs and found nothing there showing for McAfee, looked in windows explorer and found nothing there as well. I downloaded and I ran the McAfee clean up and on reboot computer was faster on bootup. So maybe there was still something there. Also I use to use windows defrag but someone told be to try Auslogics. Auslogics seemed to do a faster job then the built in Windows defrag. I know though sometimes faster is not always better but that is what I'm using right now. So again, maybe you can advise me here as well. All in all the computer seems to be running better. Before I forget I want to thank you again for your time I know this has been a long process.

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 31
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Edited by Pat_54, 14 March 2012 - 01:09 AM.

  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

That's good news about the system booting up a little faster. Unfortunately, AntiVirus programs are notoriously bad at completely removing themselves. I am somewhat surprised that MSSE installed and runs. One of it's major caveats is that previous AV's should be completely uninstalled before installing it. MSSE even has a page that lists the cleanup tools for the major AV programs.

As for which AV to use, MSSE actually uses less resources that Avast, so it should boot up quicker. It has a smaller footprint on the system that Avast. No AV can catch 100% of everyrthing, but MSSE is just as effective as Avast. And lastly I use it. It is one of the rare programs that Microsoft has developed that is unintrusive, easy to use and it integrates into the Windows system well.

I recommend that you continue to use Auslogics. It does a more comprehensive job at Defragging than the Windows program. It will actually show you what it is doing. At the end of working it will show you how much speed you picked up

Before I forget I want to thank you again for your time I know this has been a long process.

You are more than welcome. Some computers require a longer process. This one has been relatively short so far. At GeeksToGo our main concern is that you will be a happy camper at the end of the process, whatever it is.

TrendMicro and Avast also have clean up tools. We are going to run those to remove anything that uninstalling the programs left behind.

We are getting to the end. It is important that you stay with me until we get there. I don't see anything left in your logs. Next we need to check for any stragglers that the diagnostic tools didn't catch. First we will use MBAM. Then we will do an online scan. Online scans use up to 43 virus definition engines and do a more thorough scan.


Step-1.

Run the Trend Micro Cleanup Tool

Click on this link to the Trend Micro page with instructions for running the cleanup tool on Windows XP.
Follow the directions on that page.


Step-2.

Run the Avast Cleanup Tool

  • Download aswclear.exe on your desktop
  • Restart Windows in Safe Mode. To do that....
    • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
    • An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
      NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
      Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
    • Use the down arrow key to highlight Safe Mode and push the ENTER key.
    Windows XP
    Posted Image
  • Double click the aswclear.exe file to run the uninstall utility
  • If you installed avast! in a different folder than the default, browse for it. (Note: Since you already uninstalled the program, you probably won't find a folder)
  • Click REMOVE
  • Restart your computer


Step-3.

Posted ImageMalwarebytes' Anti-Malware

  • Double click the MBAM.exe file to run the program..
  • MBAM will open. You will see a console like the one below.

    Posted Image
  • If MBAM didn't ask you to update it, click the Update tab and update the program before running the scan. Make sure all other windows are closed.
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-5.

Things For Your Next Post:
1. The MBAM log
2. The ESET log
3. How is the system running now?
  • 0

#19
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs.

I will stick with this till you say we are done. I ran the removal of Micro Trend and Avast. Then ran Malwarebytes and did the online scan and here are those logs. I have restarted computer four times and opened a couple different programs and at this point can't tell much if any change. I know this is going to sound really stupid but on start up of computer it seemed a little faster before then when I did the removal of Micro Trend and Avast. So what happened, I have no clue.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PATTY [administrator]

3/15/2012 2:30:26 PM
mbam-log-2012-03-15 (14-30-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270028
Time elapsed: 38 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0ae1bc57c014e240adee630cc91e1090
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-15 10:35:00
# local_time=2012-03-15 06:35:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 27822777 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92163
# found=7
# cleaned=7
# scan_time=5082
C:\Documents and Settings\Administrator\Desktop\downloads\UBCD4WinV360.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\Desktop\downloads\unlocker1.8.8.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP92\A0018793.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP92\A0018794.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\UBCD4Win\UBCD4WinBuilder.iso Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C



  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi patty,

I'm sorry I haven't gotten back to you before now. I've been doing some more research and I had something come up preventing me from going on line.
I will have the next post for you just as soon as my instructor signs off on it.

godawgs
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi again,

Wouldn't you know it, my instructor was replying to me at the same time I was posting the last message to you.


The items that the ESET scan found were false positives. The files belonged to the UBCD4Win tools programs installed on the computer. This set of tools hasn't been been updated in several years. If you still use it you will need to uninstall the program and then reinstall it. If you want to uninstall it, or reinstall it, and need directions let me know.
I don't see anything else in the scans and ESET came up clean except for the false positives it found. As for the slowness of the computer, all computers slow down as programs are installed and updates are applied, especially Windows updates. We have deleted the TEMP files and you already defragg the machine. The only thing we haven't done is check the hard disk for problems. I want you to run a new custom scan that will list the programs that start up with the computer. Each program that starts up takes system resources and slows the system. If you want to discuss them you can post the log and we will discuss them. After this round all we'll have left is cleaning up.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
msconfig

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console.<---Important
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).


Step-2.

Run Disc checker

NOTE: Before running the disk checker to repair a volume, you must do the following:
  • Be prepared to let the process complete.
    • If you check either or both of the boxes on the Check Disk window...
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors
    ...on a large volume (for example, 70 GB) or on a volume with a very large number of files (in the millions), Chkdsk can take a long time to complete. The volume is not available during this time because Chkdsk does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the disk checking process is complete.
  • The disk checker does not include parameters that let you cancel the process.
  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes in the Check Disk (OS) window
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so
Posted Image


Step-3.

Things For Your Next Post:
1. The OTL.txt log if you want to discuss the programs that start up with the computer.
2. Tell me how the Disk Check went.
  • 0

#22
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs

I ran the OTL on misconfig and did a disk check. The disk check went well nothing found wrong and here is the log from the OTL scan. I don't have that many things on start up so don't think that is what is causing slow boot but maybe you can see something there that I can do. Any suggestions would be appreciated. Thank you Patty

OTL logfile created on: 3/18/2012 8:01:09 PM - Run 5
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.74% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.71 Gb Total Space | 39.04 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
Drive D: | 5.80 Gb Total Space | 2.95 Gb Free Space | 50.78% Space Free | Partition Type: FAT32

Computer Name: PATTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig - Services: "YahooAUService"
MsConfig - Services: "idsvc"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MsMpSvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

========== Custom Scans ==========


< >

< End of report >



Edited by Pat_54, 18 March 2012 - 08:31 PM.

  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

I don't know what happened. Those are the services that start up with windows. What I wanted you to see was the program that start up.

Do this:

Click Start>>Run
In the Run window type msconfig and press OK
The System Configuration window will open
Click the StartUp tab
This will list the programs that start from the registry run keys, the user's Start folder and other places.

Question: Is this computer a desktop or a laptop. If it's a desktop how is it connected to the internet? Is it a cable connected to a DSL Modem or does it have a wireless card in it and connects wirelessly w/out a cable? Do you have it connected to a Router?
  • 0

#24
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs

I only have five items listed and checked in start up tab in misconfig. One is microsoft security essentials, one super antispyware, two synaptics one syntpenh,the other syntplpr, the other is bluetooth thats all thats listed and checked.
This is why I say I have minimal starting with boot thats why I said this thing should zip right up I know it use to. This is a laptop running on wireless connection it's a Gateway NX860XL Intel core 2CPU T7200 @2.00 GHz with 2.00GB ram. I have never had a problem with my connection. I have DSL with a desktop and a LINKSYS router. Hope this information helps if not please let me know. I was wondering if by some chance is maybe the registry messed up or junked up with all the loading and uninstalling of programs and thats what is causing the slowness here. I'm not getting any errors but thought this might be a problem.
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

I don't see any evidence that the registry is messed up. You would be getting other errors and things would not run, this could include Windows, if it were.
I am conferring with colleagues at GeeksToGo concerning the slowness problem and I'll be back with you.
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi patty,

I have been consulting with my colleagues and we really can't see anything on the system causing a slowdown. For these types of situations they recommend trying a different defragger. It's called MyDefrag and it reorganizes everything on disk and optimizes it instead of just defragmenting it. It places the MFT and the directories at 30% into the data on the disk, and create zones from the beginning of the disk with files used when booting, files used by the most used programs, regular files, and space hogs (less important files that take up a lot of space).

I recommend that you start with the System Monthly script to get the best defragmenting and optimization results. After that, if you notice a performance speed up, you can use the System Weekly Script to defrag the hard disk weekly.



Run MyDefrag

  • Download MyDefrag from here.
  • Run the downloaded program and follow the instructions to install on your computer
  • Check the Create scheduled tasks for automatic optimization option in the install if you want MyDefrag to automatically defrag at 5 am
  • Run MyDefrag from its Start Menu entry
  • Select the System Disk Monthly option in the Select a script section
  • Check the disk(s) you want to defrag (C: is probably your main disk)
  • Click the Run button
  • Let the program run unhindered until it finishes. This may take a few hours to complete so I recommend that you run it overnight.
Once that is complete, try the system out for while and let me know if that helped resolve some of the performance issues you were experiencing. Let me know if you have any questions.
  • 0

#27
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs

I downloaded the my defrag and did as you asked. It took a while to complete but let it run over night. Now in the processes of using the computer and doing shutdowns and boot up. Right now I see no difference but I'll try for another day and see what happens. I know one thing I have the most Ram the computer can handle maybe I need to look into another larger hard drive. I figured this was big enough but maybe need to increase it. I have deleted unused programs to free up space and figured I didn't have that much on this one and when looking at computer specs looks like I have enough free space, do you think this could be slowing my boot time? Thank you Patty
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

I'm pulling my hair out trying to understand what's going on here. Let's check the Real Time Protection of SuperAntiSpyware.
Please double click the SuperAntiSpyware icon in the system tray (it looks like a yellow bug).
Click the Preferences button. The SuperAntiSpyware Control Panel will open.
Click the Real-Time Protection tab.
There should be a check mark in the box next to Enable real-time protection.

Under the First Chance Prevention section, if there is a check mark in the box next to Enable First Chance Prevention click the box to remove the check mark, reboot the system and you should notice difference in boot up speed.

If there aren't any boxes checked under First Chance Prevention, then uncheck the box beside Enable real-time protection and reboot the machine and see what that does.
  • 0

#29
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Godawgs

I only have the free edition of superantispyware. Those options are only available in the professional edition. So neither box is checked and don't feel like the lone ranger here I think this is when you pull out the hammer right.:bashhead: :killcomp:
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Patty,

I know I sound like a broken record. And I'm sure it sounds like I'm a little crazy. And I know that you don't see SuperAntiSpyware running, but based on your OTL and ComboFix logs, SuperAntiSpyware is running somewhere. This is the last bullet we can find to shoot at this problem short of a complete reformat and reinstall of Windows.

From the Otl logs you have 2 SuperAntiSpyware processes running:

PRC - [2012/02/03 13:56:18 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe


4 Modules runing:

MOD - [2012/02/26 10:02:02 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/26 10:02:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/29 12:14:34 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/29 12:14:34 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll


and SuperAntiSpyware is loading from this registry key:

[HKU\S-1-5-21-4230808171-790681429-768623690-500..\Software\Microsoft\Windows\CurrentVersion\Run]

O4 - HKU\S-1-5-21-4230808171-790681429-768623690-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)


From the ComboFix log, under the Reg Loading Points section, you have SuperAntiSpyware loading from the [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] key:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 3905920]


So SAS is loading and running somewhwere at startup. We need to find out where it's starting and stop it. Then I want to completely uninstall SAS and see if that will solve the start up problems. On my computers SAS is listed in the Uninstall List of programs as SuperAntiSpyware Free Edition. In your Uninstall List of programs it is listed only as SuperAntiSpyware. I don't know what the difference is.


Step-1.

Check for SuperAntiSpyware

  • I want you to log into each user account and see if the little yellow and brown bug is in th system tray.
  • If it is, doubleclick on it to open SAS.
  • If it isn't, open SAS thru the Start Menu.
  • Click the Prefrences button on the Main Menu. The SAS Control Center window will open.
  • Click the General and Startup tab.
  • Under Start-Up Options see if there is a check mark in the box beside Start SuperAntiSpyware when Windows starts
  • If there is click the box to remove the check mark and click Close
  • Click Close again to close the Main Menu
  • Reboot and login as the next user and repeat numbers 1-9 until all user accounts have been checked.


Step-2.

Completely Uninstall SuperAntiSpyware

After you have made sure that SAS isn't starting from any user account, download the SuperAntiSpyware Uninstaller.
  • Close all other running applications and windows before attempting to uninstall SUPERAntiSpyware.
  • Doubleclick the SASUNINST.exe file to run it.
  • Follow the instructions given by the Uninstaller Assistant.
  • After the uninstaller runs immediately reboot the system.

After the computer reboots, check and make sure that SuperAntiSpyware is gone.

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s) if present:

SuperAntiSpyware

3. Click on each program to highlight it and click Change/Remove.
4. After the program(s) have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) in red (if present):

C:\Program Files\SuperAntiSpyware

2. Close Windows Explorer.


Step-3.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the box beside Scan All Users<---Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry box, click the radio button beside Use Safelist<---Important
  • In the Files Created Within box, click the radio button beside None<---Important
  • In the Files Modified Within box, click the radio button beside None<---Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.


Step-4.

Things For Your Next Post:
1. The Otl.txt log
2. The Extras.txt log
3. Let me know how the system is running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP