Another messed up system

After installing XP SP3 and AVG 8, my pc slowed right down. I unsuccessfully uninstalled SP3 and had to re-install XP SP2 from the original disc. It's taken me weeks to get most of my applications back, but my pc is still slow. CPU spikes create havoc with my Audigy 2 ZS soundcard.

I uninstalled a number of old applications to release space and re-installed the soundcard software. I appears that the registry doesn't get fully changed when I uninstall programs because the installer quit saying that the software was already installed.

I also ran Spyware Detector and Malwarebytes, which picked up and deleted several "nasties" that AVG failed to find.

I've run Hijackthis and attached the log.

Can you help please?

Hi Gouge

You should have come here first because SP3 was not your real issue. There is an issue with AVG after installing SP3. But AVG should have been uninstalled and reinstalled. In addition Avg's Link scanner is a slowdown.

I want you to uninstall AVG when I tell you and using the Revo Advanced uninstaller but not now.

We want to clean your system of Malware first.

Open MBAM and click logs. Attache me back all logs 1 at a time.
While in MBAM UPDATE again even if you already did earlier today.
then Click settings and confirm all are Checked.

Then run another mbam (but post the other logs first) then post me the new mbam log.

After that Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

Skip no steps (do not install another virus scanner as you already have one).

Of course you can skip the MalwareBytes as you have already done that!

Most importantly update MalwareBytes and SuperAntiSptware!

Before you scan with SuperAntiSpyWare do the below:

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and attach their logs.

Your HJT log is reasonably clear no need to post another as I will request one when needed after we are clean.

Mike

Yes you are right. With hindsight, life would be much easier!

Anyway, thanks for offering to help. I only ran MBAM once on the advice of a friend, so I've attached the log.

I've also attached the recent export log from Spyware Detector, in case it might also help.

I'm now running a full scan using an updated MBAM. I'll send that when completed.

Thanks again.

I'm in the process of running MBAM full scan but it seems to be so slow.

It has been running for 90 mins and has scanned 56200 objects.

In Task Manager I notice that on mbam.exe there have been over 2,400,000 page faults! Is this the problem?

In the past, when I ran MS diskscan I had to leave it overnight to complete.

I don't know about the page faults that sounds like other and perhaps hardware problems.

MBAM is very thorough and can take a while based on Processor speed HD speed size of drive and how full/number of files.

It also could be your Spyware detector and or AVG interfering, did you turn them off. If not do so without exiting MBAM.

This week I had one person that it took 6 hours to run.

We need to get thu it and SAS then we will look at the system.

Mike

False Alarm!!

I've found that Page Faults is badly named. Not a fault at all but just the system loading pages to RAM.

Not a problem after all - I'll carry on scanning fr as long as it takes.

Ohhh nooo

Page faults are not mundane this is not good. Could be a RAM issue. You are lucky as if they were severe enough you would likely be blue screening

Is the scan showing activity and you are sure it is progressing?

Mike

Yes, the scan is progressing slowly. I've also disabled AVG8 and Spyware Detector.

It could be quite a while before I have the logs from the 8-step process so please don't think I've abandoned the thread!

BTW I found the "Page Fault" response through a Google search. There were many entries saying it was not a fault.

I'll play safe and take your advice.

Thanks Mike

don't get side-tracked re page-faults. The scanning is ripping tons of files into memory, examining them and moving on.
If done right, the working set ought to be huge and page-faults to be expected. Your I/O bandwidth will be the limiting issue
and fragmentation of the pagefile a real nuisance BUT IGNORE all of this for now.

OK, I followed the 8-step process and I've attached the logs.

Although I have full AVG8 Suite installed, I have no faith in its anility to provide me with adequate protection, so I ran AVAST and SuperAntiSpyware instead. Sure enough they appear to have found items that AVG had missed.

Please advise me on how to proceed now.

Hi Gouge

Good job!

Run HJT Scan only Select and remove the below
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (file missing)
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)

Having more than one online active Virus Scanner is not good they fight each other sometimes giving less protection.

If you don't trust AVG then uninstall it. But recently it has been difficult to uninstall.

Use Revo http://www.revouninstaller.com/ and later for all other unistalls

Install update the run chose AVG8 select the bottom Advance uninstall it will then run the normal uninstall that would be run from Add/Remove programs. Click next and it will present leftover registry items that the uninstall process missed select all delete then click next it will then present Files and Folders also left by the uninstall select all delete.

Reboot

Then ...
AVG after uninstall cleanup tool http://www.techspot.com/vb/post689349-14.html

Now you should be clean of AVG.

Now due to the fact there were mbam and sas logs we did not see and also your SpywareDetector we need to run perhaps a couple more cleaners to be sure.

So..

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

I think that I need more info here, Mike!
I downloaded ComboFix onto my desktop, double-clicked the icon, clicked "run" and all I got was a blue ComboFix screen with a flashing cursor! No text prompts - nothing. There was no obvious cpu activity, even though Task Manager showed the process was running.

I tried both download sites with the same results.

When I tried to close the process, nothing happened, everything had frozen up and I had to reboot each time.

Am I doing something wrong here?

BTW AVG uninstalled ok and I have AVAST running.

Ok we still have issues unless you have had Combofix before?

We may have something that recognizes Combofix and has been programed to disable or prevent run. Or just a corrupted combofix install.

Go to Start-Run and type or paste the following combofix /u

Then do this.

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/R...ools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike

Cleared double post by me

Mike

The link didn't work, but I managed to download SDFix from another site and run it.

Report attached.

(For info, when I reboot, it takes 70 secs for the Windows XP splash screen to load, i.e from POST until the XP screen clears and starts to load the desktop. I'm sure that it takes far longer than when the system was operatiing normally.)

Ok do this when go to bed or work as it takes a long while. Very deep scan,

Download and extract/install http://www.majorgeeks.com/Kaspersky_AVP_Tool_d4515.html

Boot to Safe Mode to run. Will take hours but worth it.

Mike

I managed to get ComboFix to work!!

I've attached the log.

I'll run the AVP Tool this evening and leave it running overnight as suggested.

OK great found and removed some more. Run Combofix once more to see it come up clean.Attach log.

Then do the below after the AVP Tool.

Download RSIT
http://images.malwareremoval.com/random/RSIT.exe

Run it, when finished it will open a log Maximized on the screen, attach the contents of this log back here then close that log.

Then the 2nd log is Minimized so Max it and attach it also.
The logs will contain a HighJackThis log also so no need to poste a seperate one..

Mike

OK, will do.

Forgot to attach the HJT log on last reply.

Also ran Spyware Detector which found more infections. They must have crept in when I had the defences down to run ComboFix.

See attachments

Major problems!!!!!!!

I downloaded AVP and installed it. Explorer said there was a problem with the installation!!??

Howevere, I went to safe mode and tried to run it and it failed to run. However, when I went back to normal mode, AVP kept trying to start and failed.

The system slowed down and I had trouble in uninstalling AVP. There might still be some traces so I'll run CCleaner again. Then I'll attempt another download and install.

BTW I've also had problems accessing your website, even from a different PC. I gave up trying to submit the latest ComboFix log. It looked clean anyway.