Please help. Can't run scans.

Hi. I have tried to follow the Malware Removal Guide but I can't get past Step 5. Everytime I try to run Spybot it shuts down my computer. I've tried uninstalling and reinstalling and running it in both safe and normal mode. It shuts down my computer midway through scanning. I did manage to run counterspy once though it took a couple of hours at least. Then I tried running Bitdefender. Same problem as Spybot. I can't even get Panda ActiveScan going because when I click on Local Disks there's an error message/icon at the bottom of the webpage and it won't go.

I have no idea what to do and I'm not very good with computers. I don't know if this helps but I have Windows XP SP2 and I've had my computer for about 3 years now.

Can anyone help me please? It would be very much appreciated.

 

Hi iwannabefree!
Welcome to Major Geeks! Sorry for the troubles you're having with the scans. Please post the Counterspy log and those from ShowNew (newfiles.txt), GetRunKeys (runkeys.txt) and HijackThis (hijackthis.log). That will be four logs. Also, please tell us what symptoms you're having that led you to follow the instructions in the READ & RUN ME. Does your computer show signs of malware? (popups, multiple windows appearing, a red desktop, ads for antimalware programs, sudden crashes, browser windows redirecting, anything like this?) Be sure to install HijackThis according to the instructions in the READ & RUN ME. It has to be in its own folder under Program Files and the .exe program (hijackthis.exe) has to be renamed to analyse.exe. Also, if you have further difficulties with the instructions, please tell us that too.
Thanks.
abri

 

Hi Abri.
Thanks for your advice. I have uploaded the logs as requested.
My computer has been running really slowly for some time now and it shuts down randomly. Recently, I have not been able to run Spybot at all as it shuts down my computer in the middle of scanning. I have taken up 40G of the avail 80G and I am reduced to running one application at a time because my computer is soooo slow. Is it normal for a computer to run at 70+% of it's CPU usage thingee when only one program (eg. Spybot) is going?? :confused

To be honest, I followed the instructions because someone else (who knows way more about this sort of stuff than I do) suggested I might have a virus after describing the above symptoms. I am hoping you can help me to discover if my computer is chronically ill or if it's just crapping out on me because it's old and I need to buy a new one.

 

Also, here is my HijackThis log as requested.

 

Hi iwannabefree!

The slowness and crashes you're describing are not related to any obvious malware issues. I would like for you to do a few things to see if there is any improvement at all. The dump*.tmp files that are being produced and have been appearing since at least January indicate that you may have been having crashes for awhile. Is that true? Three years old is not old for a computer running XPSP2.

The time you described for running the Counterspy scan is normal. The crashes you've been experiencing with Spybot are not normal. There are a number of reasons why systems crash. It's possible that your system is overheating, that you have a bad sector somewhere on your harddisk, that there's a software incompatibility that occurred and you may not have noticed it right when it started. You have some pretty demanding software, but it could be something as simple as overheating due to dust in your fans. It could also be a rootkit virus, but except for the screensaver that Counterspy picked up as adware, your computer isn't showing signs of malware.

I see you have Zone Alarm Security Suite in your uninstalls list. I don't see that it's running. Have you uninstalled it? If not, please do. Then go here: http://www.majorgeeks.com/downloads29.html and scroll down to AVG free. Download the installation program. If it asks you to overwrite the old installation program, say yes. Then disconnect from the internet completely and uninstall your old AVG-free via add/remove programs. Reboot your computer and then reinstall AVG free. Reconnect to the internet and allow it to update. Set it to scan manually, but leave the update schedule at the default setting.

We are finished with CounterSpy now. Please go to add/remove programs and uninstall:

- Sunbelt CounterSpy
- tmnt-screensaver <--- your choice to remove, but it may be inactive now anyway

Then delete the below folders which may be left behind by the uninstall:

C:\Documents and Settings\Nocollette\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Now, please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


After you have completed the above, I would like for you to go to Alternate Scans and scroll about halfway down the page to the list of rootkit scans and run one or two of them. I recommend the BitDefender, GMER or Sophos.

Please post any results you get and also, please run a fresh ShowNew log (newfiles.txt) and attach that as well. I will ask someone else to look at this as well to make sure I'm not overlooking something. Oh, one last thing, you have some odd things sitting directly under C:\ If the doc, txt and xml files are ones your recognize, please make a folder somewhere like Documents and Settings and move them there. Also, the Blah folder. If you don't recognize it, look at its properties and see if anything's in it. The hiberfile, pagefile and bootini need to stay there where they are and I'm not sure where the thumbs.db usually goes, but it can stay there.

- rootkit scan results
- newfiles.txt

abri

 

Hi iwannabefree!
just a note to add to my last post. Before you do anything else, please be sure the antivirus problem is cleared up. HijackThis shows that ZoneAlarm is still active. After you've done the instructions in my previous post, please add a fresh HijackThis scan to the ShowNew scan so I can make sure that Zone Alarm Security Suite has been completely deactivated..
Thanks.
abri

 

Hi abri.
You're right. My computer has been crashing for a while. I've just been really lazy at getting it sorted.

I have followed your instructions. BitDefender came up clean and I have attached the GMER text file, newfiles.txt and hijackthis log as requested.

If you don't think it's malware then do you have an idea of what could be going on? Or is there some way I can find out? It seems odd to me that AVG, Ad-Aware and CWShredder run but Spybot shuts down my computer everytime. And why is my computer so slow that I can only run one program at a time? I'm very confused :confused

Thanks for your all help, by the way. I appreciate it a lot

 

Hi iwannabefree,
I don't think the problems you're having a malware problems, however, the Spybot problem is unusual and I would like to ask you to try something to see if it does anything. Please go to add/remove programs and uninstall Spybot. Then go to http://www.oldapps.com/
Look under Security tools and find Spybot. Choose Version 1.4. Install that to the default location, update it and run it. See if it will run without your computer crashing.

There are many reasons for a computer to become unresponsive. The dump*.tmp files showing in your newfiles.txt log probably occurred in response to some of the crashes. Intermittent and irregular crashes can be related to overheating which can be related to an inadequate cooling system which can be related to fans getting worn out or to an accumulation of dust. Extreme slowness can be the result of a faulty sector in your harddrive. There are diagnostic tools for both hardware and software to test this, and this is something the people in the software and hardware forums can help you with. While you're still here, please try running the internal scan of your harddrive, which you get to by opening Windows Explorer and right-clicking on the drive you want to check (C:}. Click on Properties Then choose Tools and under Error-Checking click on Check Now.

Please let me know if the older version of Spybot still causes your computer to crash and what the disk check tells you.

abri

 

Hi abri,

I ran the disk check as per your instructions but it didn't tell me anything.

Spybot still crashes my computer. I've run it in both normal and safe mode and I still get the same result. Any advice/ideas?

 

Hi iwannabee!
Be with you in a moment ....did you install Panda on your computer?

 

Hi iwannabee!

Please go to add/remove programs and see if you can find Panda Activescan. If so, uninstall it. If not, please tell me. It looks like you've got two antivirus programs on your computer at once, which will lead to all kinds of problems.

Let me know how this goes.
abri


(Thanks to TimW for this!)

 

Hi iwannabee!
Sorry, we got mixed up there between the program and the helping program. And now, one last attempt:

Please uninstall AdAware and Spybot both. Then install the trial version of AVG Anti-Spyware 7.5 and run it according to the instructions. This should remove most things that Spybot would have found along with some others. After you finish that, please go to the Alternate Scans one more time and look for the Sophos Rootkit scan and run that. Then please run Silent Runners as well and then post the logs from all three:

Why Spybot, BitDefender and Panda are all causing your computer to crash can have to do with problems in the registry See if this scan finds anything the others may have missed. You may have to do a clean install of Windows to get your operating system working correctly again.

Thanks.
abri

 

Hi abri,

I have followed your instructions, erm except for the PandaScan one. I just uninstalled it. Hope that doesn't mess up the scans.

Um, what do you mean by clean install of Windows? It sounds drastic.

I have also attached my scans.

Cheers,
iwannabefree

 

Hi iwannabeefree

I can't see anything that looks like malware causing the problems on your computer. Because you got three new DUMP7946.tmp files in October (all with different numbers), these indicate that your problems are related to either the registry (which could be helped by a clean install) or they are indications that your harddrive is failing. They are a type of file which is generated when there are underlying problems in your system and they don't usually appear in response to malware.

It's an advantage for you that you have the time to do a clean install with some warning. To do this, you would need to back up all your data you want to save, that is, all your photos, documents, music, e-mails, bookmarks/favorites, and anything on your computer that is yours and doesn't belong to a program. Additionally, if you have software that requires an activation key, you would need to find out how to reinstall this, whether with cd you already have or by downloading it again from the internet. You do not have to keep programs like Spybot or AVG or Adobe Reader, because you can download these new. If you play games, you may have data from your games which needs to be stored and you need to find out how to do this. Depending on your e-mail client, it is sometimes possible to export your e-mails and possibly your address list to an online e-mail address like Yahoo and then reimport them after you're finished.

At this point, if you have more than one primary partition, you can reformat the partition on which your operating system is located (usually C) and reinstall Windows and reinstall any programs you lose through the reinstall. If you only have one primary partition, you will have to reformat the whole harddisk and if you wanted, you could put in a second primary partition at this time which is useful, because it allows you to have a second operating system for emergencies and to keep your data and other programs in a separate place so you can reformat without losing everything.

These are things the Software Forum can better help you with and I recommend posting a new thread there and telling them what you've learned here. If they request more information, you can refer them to this thread.

Sorry that there is not an easy solution to this problem. I believe that you need to take the time to resolve this problem, because if your harddrive is failing, it could simply fail one day. If it's problems in the registry, it will more likely simply be a continued aggravation and not a sudden loss.

abri