1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SUPERantispyware keeps re-booting

Discussion in 'Virus & Other Malware Removal' started by justjeff, Feb 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. justjeff

    justjeff Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    When I run SUPERantispyware it keeps restarting my computer. I put it on the custom scan mode and found out that it is when it is scan my memory that it does this.
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, During a restart can you tap the F8 key and get the startup menu to show- if so, move the line down to Safe Mode with the up or down arrow key, press Enter when the Safe Mode line is white........You will see your boot choice, usually just one operating system, perhaps Windows XP Home Edition or whatever you have....

    Make sure that is highlighted and press Enter again.

    At logon box, choose your usual account name and log on.

    At the Desktop, say OK to the Safe Mode dialog box.....

    Now, see if you can get SUPER open, and set it not to scan at bootup, I am not sure exactly how to guide you to the setting but it should be Options or Program Settings, Preferences, something like that. Uncheck or check a box so it does not start when Windows does, as well as a bootup scan if you see that option, it's there someplace.

    Next, try starting the program up from it's shortcut or the Programs list and see if it runs decently. You cannot update it in Safe Mode, but you can in Safe Mode with Networking and of course, in Normal mode Windows...

    Whether you can start up in "with Networking" or not, I don't know, you should try it and get the Updates installed if you have not yet.



    Try restarting once you set the program not to start up automatically.

    Here is a link to some programs that must be sometimes temporarily turned off, SUPER is not listed, but some of these might conflict with SUPER, so to run a scan you may have to use Safe Mode, or turn off any of these you have also running.

    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

    If that does not help post back. I will try to find the exact settings directions in the meantime so check back.
     
  3. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Also do this: When or if you get started up, either mode of Windows...


    go to Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  4. justjeff

    justjeff Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    Since you have done all you have done all ready, I did the hi-jack like you asked. Not sure if you understood my orginal question. I don't have a problem, that I know of, the scan was'nt working right so was wondering if that was because I do have a problem or is the scanner having the problem. So here is the hi-jack and before I try the other things I will wait for your next reply.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:54:52 AM, on 2/7/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\faleh32.exe
    C:\WINDOWS\regsrvr32.exe
    C:\Program Files\Comodo\LaunchPad\CLPTray.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\WINDOWS\System32\mstskmgr.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.netzero.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp?r=al&cf=sp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: GlobalsearchHook - {1217CC80-9AC7-48E2-A7D9-596CCF8E077E} - C:\PROGRA~1\XXXTOO~1\GLOBAL~1.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: XXX.O2.CZ toolbar - {3A522579-39C4-42EE-A155-84E90B1070D0} - C:\PROGRA~1\XXXTOO~1\GLOBAL~1.DLL
    O4 - HKLM\..\Run: [Microsoft Update me 32] faleh32.exe
    O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\regsrvr32.exe
    O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
    O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\regsrvr32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update me 32] faleh32.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\regsrvr32.exe
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Compaq Service Drivers] winsvc.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flash.blackjackballroom.com/blackjackballroom/FlashAX2.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You sure do have a problem, a pretty bad infection there. I'm going to need the answers to my questions before posting anything.

    Did you try starting it in Safe Mode ?

    Here are the steps to do so, and please answer the question as well as several others down below:

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
    Try again if you didn't the Advanced Options for startup menu it can be just a timing thing.



    And: I was asking you to try and start the computer into Safe Mode, as sometimes, if a program has a problem and is rebooting all the time, safe mode will allow the computer to start up as a lot of things do not run in safe mode, so you can attempt to fix things. If SUPER was the problem, you may have been able to set it NOT TO START when you next re-started, thereby allowing you to run the computer in Normal Mode...to sort things out, and to confirm that it was actually SUPER that had the problem....however:

    It seems that the trojans etc are the main problem, and you need to get them fixed:

    Since I have not seen these before it will be a few minutes and I will post what I can find for you.

    I do not think SUPER will be able to fix all the infections you have, but it may help to scan in Safe Mode with any type of antispyware or antivirus program you have, if you can get them updated to the latest detection files...

    Tell me if you are using this computer now- I don't think so, but just tell me since some time has passed.

    We will need to download some programs, and you have to get them onto the infected computer, a CD burner would be fine, let me know if you can transfer files to a CD and then copy files to the other computer.

    You will need a few CDs probably, and of course a CD burner, CD burning program (Nero, or other) and know how to create a data CD> very simple. Let me know about all that.

    I don't think you would want to hook this computer up at a friend's house (or your own) where they use a broadband connection through a gateway or router so more than one computer can be on the Internet at one time--you could plug it in, while all others are not[/b], to get it online after we run some tools on it while it is not connected physically to the Net. Having it plugged in to someone's Net connection all alone, is OK to do, just so you don't mistakenly infect someone else's computer.

    If you only have this computer and are using another to post here, let me know about the possibility of burning some files onto a CD and bringing them to the infected computer.
     
  6. justjeff

    justjeff Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    While I go and try all you said to do just want to let you know a couple of things.
    Yes I am using this same computor and it works fine, it starts just fine runs just fine everything is ok.
    only when i run super does it re-boot, in other words if i start up and dont run a scan im ok.
    And I have other computors and am able to burn cd's, in case this one suddelly self explodes as you have me thinking it might any second.
    So I should un hook this one and use another one? there is only one on this network at the moment.
    This is a computor I got a 2nd hand store couple of months ago.
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Antimalware programs can be completely disabled by some trojans, virii, etc and you can be prevented from going online to security sites to scan online by malware, so that is probably what is going on with
    SUPERa, it's a very good program from what I have seen, not a slouch so don't give up on that.
    Might be it was damaged or even infected by malware, or just corrupted, we never know right off the bat.

    Your'e lucky Hijackthis can run as quite often that will not even start up and we have to play games getting it to scan and save a log.

    If the bad computer is able to be online, you won't need to burn any CDs. The fixing might go just fine, but often some of the junk will not be easy to get rid of, unless you unplug the Network cable if you have highspeed service like cable, or DSL, as these trojans download more in the background, and may be sending data like game keys, passwords, personal information like bank account etc . If it is not running with others on a router so there isn't much chance of any others with important data getting infected, go for it. You can just unplug the network cable from the back of the computer (Ethernet port) after you get some downloads, install programs we need to, and get the latest updates for them and then scan.

    We often run these scans in Safe Mode anyway....no Internet available there so when in Safe Mode, you dont have to worry as to anything new coming in. For the long online antimalware scans, you may be able to boot up in Safe Mode with Networking . Since the Internet connection is "Always On" with this type of service, it pays to unplug network cable when you can....

    Post what type of Intenet connection you have, cable, DSL, dialup? I see NetZero but what kind is it?


    We're never sure just what the situation is, so we do try to make users aware of ins and outs with this stuff....

    First let's do this: Need to see what is installed, so I can tell what to get:

    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here
     
  8. justjeff

    justjeff Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    I have DSL and still find it hard to believe it is so messed up it works so well but am in the process of hooking one of my other machines up just have to get em out and hooking it up. the reason I use this one is because it worked faster than the one I was using.

    7 Sultans Online Casino
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8
    Adobe Shockwave Player
    Apple Software Update
    Captain Cooks Casino
    Comodo AntiVirus 1.1
    EnglishHarbourCasino
    Hijackthis 1.99.1
    HijackThis 1.99.1
    J2SE Runtime Environment 5.0 Update 10
    Lexmark Supplies Monitor
    Lexmark Z25-Z35
    LimeWire 4.12.6
    Logitech QuickCam Software
    Logitech® Camera Driver
    Macromedia Flash Player
    Microsoft Office 2000 SR-1 Professional
    Mozilla Firefox (2.0.0.1)
    NetZero Internet
    NewzToolz v1.0.1
    QuickTime
    Remove on Reboot Shell Extension
    Royal Vegas Online Casino
    Samsung YP-N30
    Schmap Player 1.1
    SCRABBLE
    Shockwave
    SUPERAntiSpyware Free Edition
    SuperMegaSpoof 2.0
    Unlocker 1.8.5
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    WordBiz version 1.8
    XXX ToolBar for Internet Explorer 1.0
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar
     
  9. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Uninstall this, from Control Panel, Add/Remove Programs where else...?):rolleyes:

    XXX ToolBar for Internet Explorer 1.0 <<the uninstall is not enough, but it may help reduce it to lowest terms.

    Was wondering and forgot to ask> did you try uninstalling SUPERantispyware and getting a new download and reinstalling?

    Should try that. Next:

    Many of the casino type things contain malware, but I don't have much experience with these, probably you know more which are OK....what I would do, is use Google to find out.
    Type in the Google search line:
    7 Sultans Online Casino (and skip a space and type spyware)
    7 Sultans Online Casino spyware <<like this, and search.

    Look at the results for each of the casino apps and base your decision to keep or discard by what Google results show. If the results show a lot of Hijackthis logs, where in the thread those programs are advised to be uninstalled I would do the same.
    If you see results that indicate the casino program is safe, you can be the judge, several of the are, but I don't see those listed in your log.... I honestly don't do the casino games so I can't tell you which way to go.

    Some of the scans we will do will tell us definitely anyway...

    Next: You must copy and paste the steps below into a Notepad text file, to save to your desktop so you have it to look at in Safe Mode....or, you can print it out.. as long as you have the directions.

    Download Cleanup from here

    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET

    (We will run CleanUp in Safe Mode, later....just get the AVG Antispyware download and get it updated next.)


    Next: Let's try AVG Antispyware.

    Basically, follow the steps exactly, install, update it, boot to safe mode, we run CleanUP....

    Scan with AVG, don't save the log until it is done as it says below....and, make sure you have it set to Quarantine all items it finds.

    In case this won't start and run a scan or reboots the machine,
    try just doing the Panda online scan first.


    AVG ANTISPYWARE
    Please read through all this reply before you begin. Note that you do the install and updating part first, then boot to Safe Mode to scan!
    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
      • Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
      • Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
      (Only if the built in Update thing will not work, it usually does.)
      Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.
    4. Close all other open windows.
      Settings to scan with AVG Anti-Spyware: :
      1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
      • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
      • Under "How to Scan?" check all (default).
      • Under "Possibly unwanted software" check all (default).
      • Under "What to Scan?" make sure "Scan every file" is selected (default).
      • Under "Reports" select "Automatically generate report after every scan" and
        UNcheck "Only if threats were found".
      2. Click the "Scan" tab to return to scanning options.
      3.If you were scanning now, you would Click "Complete System Scan" to start.
      4. When the scan finished you'd be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

      IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

      5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format like>: Report-Scan-20070126-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
      6. The steps below this pertain to the actual Scan, which is done after you start up in Safe Mode.
    _ _ _ _ _
    .
    1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      Next: Run Cleanup:
      • Click on the "Cleanup" button and let it run.
      • Once its done, close the program.

      You will get a message about logging off...Yes, do that, but remember to boot back into Safe Mode
      or you will have to restart again to get there.


      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    8. .Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.


    _ _ _ _
    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Post both logs when you are done, and then, make a new Hijackthis log from Normal Mode afterward and post that. I will be unavailable Thursday from 1:30 PM until about 5 PM
     
  10. justjeff

    justjeff Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    Well this should keep me busy for awhile, and while I am a firm believer of don't fix it if it aint broken...
    wouldnt f-disking the hard drive and re-installing the OS get rid of all the crap also?
     
  11. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi Jeff

    If you are reinstalling XP you don't need to use FDISK at all, boot right from whatever type of XP CD you have, a Recovery disk or regular XP Reinstallation CD, and the process runs from there, there is an option to format the drive, all partitions, delete partitions and build new, all from Setup screen.

    There is a Repair option but that will not help you when malware is the main issue, it doesn't do anything about that, just reinstalls XP over itself. What you mean of course, is a clean install or, Full System Recovery.
    That's the only type that will remove any and all files/malware/errors totally.

    Of course but what do you learn that way- this is the best way to go first, but I don't mind if you want to nuke and rebuild.

    The post looks long and complicated, but it's just the info we have to include...it's just installing one real program and scanning.

    There usually will be some Hijackthis work afterward, and some online scans at Panda.... it is time consuming and can drag on, if one of us isn't around. Do what is best for you!

    Got the XP Product Key, and is the PC the type that has Recovery CDs or uses a Recovery partition?
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540616

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice