Ccleaner icon turns to a black "C" on startup then freezes!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mfhadmin2, Jan 15, 2010.

  1. mfhadmin2

    mfhadmin2 Private E-2

    I've had my laptop on the forum's Basic Computer Maintenance program, including using Ccleaner & purchased editions of SAS & MBAM for about 3-4 months; these are updated regularly & run occasionally, with MBAM singularly being the real-time protector. When at home, I use a Sierra Wireless in a USB port to access the internet. It's been problem-free until last night when it froze. I don't know what caused it, but Wednesday I ran Ccleaner as I usually do about once a day. This time, the icon in the notification tray area turned into an ugly black "C" and the computer froze.

    At that point, I couldn't get it to do anything; none of my commands were recognized. When I rebooted, I saw a dialogue balloon in the tray of the notification area stating: "Could not reconnect all network drives. Click here to open My Computer & see the status of your network drives." The only way I could gain control was to reboot in Safe Mode.

    I took the laptop to work yesterday & tried it out. It worked fine there (for a while anyway), long enough for me to download the tools recommended in READ AND RUN ME. I don't know why it didn't freeze while at work, but I was glad to be able to download ComboFix, RootRepeal and MGtools before it started freezing again. The only difference from the work & home enviornment is when at work, I access the internet without the Sierra Wireless & simply connect to my company's wireless network.

    I followed the steps in READ AND RUN ME FIRST. I wasn't able to use MSConfig to setup for Normal Startup Mode, so I used safe boot. Before beginning any scans I viewed Task Manager to make sure McAfee, SAS, or MBAM was not running anything.

    SAS:
    Nothing found; log attached.
    MBAM:
    Nothing found; log attached.
    ComboFix:
    Multiple problems; log attached.
    Upon lauching, received message that McAfee processes were running! I checked Task Manager again before proceeding; it showed nothing from McAfee. I looked thoroughly (because I'm still suffering from a problem on my home PC where ComboFix couldn't execute properly due to a hidden McAfee process). I found some McAfee processes running under Administrative Tools, so I deselected the boxes (see attached screenshot).
    I then let ComboFix proceed, but it still warned me McAfee processes were active. I checked once again & found nothing, so I let ComboFix proceed.

    I received the message that my laptop didn't have the Microsoft Windows recovery console installed. I had tried to use Safe Mode with Networking, but wasn't able to use the Sierra Wireless (said no wireless device found), so I was in the Safe Mode WITHOUT networking. I wasn't sure which option to choose, but I picked "Yes Let ComboFix download/install it" so I chose "No." I believe I made the wrong choice.

    Scanning began, & after completing step 6A of the AutoScan, I saw a pop-up message that "PEV encountered an error and had to close." I was operating in safe mode without networking.
    Autoscan completed, and it showed a message that it was "Rebooting Windows; please wait." When it rebooted, of course it opened in regular mode. I was afraid to touch anything because the instructions stated not to do anything to the computer until ComboFix was finished.
    The screen showed it was preparing the log report, but it never produced one. I saw the same balloon dialogue box about the disconnected drives.

    After waiting about 45 minutes, and still no log, I did a cold restart using the power button, and entered the Safe Mode with Networking Setup. Per the instructions, I then continued with the next step
    When all finished, I searched for C:\ComboFix.txt and found one, which I've attached, but contains no useful information.

    RootRepeal:
    Findings; log attached.
    Made certain no McAfee, SAS or MBAM processes were running by checking Task Manager.
    The scan found some items, but said 4 were hidden. I had followed the procedure in Step 4 re: displaying hidden files. The log is attached.

    MGtools:
    Log attached (made sure McAfee was not running by checking Task Manager before launching MGTools.exe).

    I'm still having the same problem; can't operate unless in Safe Mode.

    What are these two odd files I found at "C:\Qoobox\Quarantine\Registry_backups"?
    Legacy_SFX.reg.dat and tcpip.reg

    What am I doing wrong with McAfee settings that is preventing ComboFix from being able to work as it should? I took extra steps to find anything with McAfee process label on it!

    Thanks in advance for your help, & I hope I've followed instructions as I should.

    The ComboFix log & screen-shots will be attached in the post to follow.
     

    Attached Files:

  2. mfhadmin2

    mfhadmin2 Private E-2

    ComboFix log & screen-shots attached here. I know the screen-shots aren't the best. It's all I can do for now.

    Thanks!
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your system. What is the status of booting to normal mode now? What you mentioned, was that it initially tries to connect to your work domain. Is this computer part of a domain at work? Have you disabled that drive when you leave work? Tell me exactly what happens, as I suspect this is a software issue as opposed to a malware one.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Is this a different computer than the one you are working on with Chaslang Here?
     
  5. mfhadmin2

    mfhadmin2 Private E-2

    Yes this is a different computer. i am answering from a tiny PDA so i hope I answer everything completely.
    the laptop was logged into the work domain again yesterday (wireless). it took a couple of tries but it finally connected & everything worked fine. Actually I took it home still running (did not disconnect any drives or anything!)

    when i got home, the sierra wireless worked! i didnt access the work domain, just the internet . But once i shut it down at home, it hasnt booted successfully since. ive tried several times today.
    i cant even jump in & run HiJjackThis quickly enough to give me access. That trick worked on my home computer problem.
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This sounds like a software issue or your internet / domain settings. As to why it would boot successfully and run, and then not again, does not sound malware related.
     
  7. mfhadmin2

    mfhadmin2 Private E-2

    OK, thanks: I will post to the software category. I appreciate the quick review!
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
  9. mfhadmin2

    mfhadmin2 Private E-2

    I've not been able to gain access of control on my laptop as of yet, so I can't perform the final Malware steps you gave. I'll do that when I can get access again. Hopefully I'll be able to from my wireless network at work!

    Please allow me to ask another question about this problem before I move it to the software forum. I don't mean to second-guess your expertise: I admit I haven't a clue about this stuff--I only try to follow the instructions! But I had so many problems with ComboFix conflicting with McAfee, in this process (see below):
    Since the ComboFix part of the Malware process froze, never going to completion, my ComboFix log didn't contain anything meaningful.

    Without a successful scan & logs, do you think there's even a chance it could still be a Malware problem? If no, could you please transfer this this post to the software forum for me? That would be much appreciated--so the problem history is preserved.

    I appreciate the help very much, & truly hope I haven't offended you with my challenge to your diagnosis by exclusion. :grouphug
     
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds