Another messed up system

By Gouge
Nov 24, 2008
Topic Status:
Not open for further replies.
  1. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    Thanks for all your help in sorting this.

    I've attached the log as requested - I couldn't find it before but is was late at night here!

    I know that this has been a long thread so far but I'd like to recap on the progress on initial problems:
    - very slow bootup in normal and safe modes (still the same but possible fix now)
    - slow system generally (now much improved)
    - AVG not adequate and slow (now uninstalled and using AVAST)
    - SB Audigy soundcard not performing well - stuttering and not all functions active. (still malfunctioning)

    I use my PC a lot for music creation and I haven't been able to rely on it for weeks now.
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Gouge

    Ok for now lets consider you clean but do the below when convenient while at work bed or when computer is not needed. Just to be sure!

    Run Kaspersky Online AV Scanner


    Use Internet Explorer.
    Click the Accept button at bottom.

    With IE7 if you have problems with accepting the license, use Zoom tool at bottom and set zoom to a viewable level. After accepted, reset back.

    Attach log back.
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Now lets get on your slow boot and audio issues. These are probably related fix one and both will be fixed.

    Now have you ran thu the DAF and other items in my last post if not do so.


    After that we will go from there.

    Mike
  3. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok Gouge we continue on your other issues!

    I made this a separate post because it is so long and basically on a different matter than Malware.

    I just realized in rereading the entire thread that I never got the log files from post #18 RSIT.

    This info could help with the slow startup and Audio issues.

    So browse to c:\RSIT and post both logs.

    Also another log that will help is...
    --------------------------------------------------------------
    Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
    Close all Apps and Browsers

    Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

    If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

    Enter the OTScanit folder and run OTScanit.exe.

    In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

    Top Left click Run Scan.

    The scan can take some time so allow it time.

    Then finished a log will open,attach back to here.
    --------------------------------------------------------------

    Next use Revo and clear any Old/Useless programs.

    Then use Autoruns go carefully thu the Everything list, scan down the Publisher Column
    look at all except Microsoft.

    Find anything you have had in past but thought was gone, anything like AVG, Grisoft, Norton, Symantec or Zone Alarm etc and remove them.

    Another program similar to AutoRuns but finds some that it don't. It also shows the same in a different way perhaps highlighting something shown in AutoRuns that you missed.

    Download RunScanner http://www.runscanner.net/ get it run in Expert mode and click Scan.

    1St get rid of all red lines Missing files etc by dbl click to select, once selected click the "Item fixer" to
    remove the item.

    Then click Extra stuff and do the same red lines also here. To get back to the Item fixer you must click the
    Malware Hunting Tab again. Again go thu both Malware hunting and Extra stuff looking for things you thought were gone. Google any item that you are not sure of and or ask me.
    --------------------------------------------------------------

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    --------------------------------------------------------------

    ERUNT
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.
    --------------------------------------------------------------

    The issues we cleaned some were found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    --------------------------------------------------------------
    Now that you have a new fresh SR point and ERUNT do the below
    D/L RegScrubVistaXP http://majorgeeks.com/RegScrubVistaXP_d5946.html install and run

    1st click Tweaks and select all but the below count the lines
    Items 2, 10 14,17, 19, 22, 26, 28 don't do this one.
    Item 22 is recommended but you must remember that when using installing you will have to browse to the CD to run a program. Otherwise these are optional.

    Once all Tweaks are done click scan for problems. Then Scan, when done click Select all and then clean.
    --------------------------------------------------------------

    This is enough to keep you busy for an hour.

    So answer this have you had ever Symantec Norton, Mcafee or Zone alarm on this computer?

    Mike
  4. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    I'm getting a bit behind on the actions here!

    Just ran DAF with the following results:

    All ok until it got to Register DLL's. There was an access violation at 00000000 and the scan would not progress, I tried again with the same result, so skipped Register DLL to complete the rest. I then ran it all and it completed with no problems.

    Went to page 2. Process Idle tasks went ok. WMI/WBEM stopped with an access violation 77C0155D module version.dll. Read of address 00000004.

    Rebooted and rerun and the same violation occurred.

    I didn't run the RSIT as AVP failed. I'll run that as well.
  5. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Proceed with all the rest for now we will come back to DAF!

    Mike
  6. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    RSIT 1st log attached.

    Also log of 12 adware entries picked up this morning by Spyware Detector.

    2nd RSIT log on next reply, as requested.
  7. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    2nd RSIT log

    Your question - So answer this have you had ever Symantec Norton, Mcafee or Zone alarm on this computer?

    I have had some elements of Symantec and Zone Alarm in the past.
  8. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    I tried several times to download/run the Kaspersky onlone AV scanner, but it would not work.

    I killed AVAST as instructed, but, after accepting, there was no activity or download.

    I even went to the website to run the scanner and it didn't respond.

    I'll continue to work through the other actions.
  9. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok try it one more time but in Safe Mode Networking if it don't work then drop it for now.

    Yes continue with all the rest.

    I have been traveling today and will be very busy tomorrow but will check in.

    Here are some other online scanners. Consider Bitdefender, Etrust and Panda Nanoscan.
    Or all 3 if done while you are in bed or at work etc.

    http://wiki.castlecops.com/Online_antivirus_scans

    We will get it, it don't have to be done in one day, just continue when you can and report back.

    Mike
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please revisit the list of Services disabled. Use the following for reference:
    http://www.ss64.com/ntsyntax/services.html
    http://www.blackviper.com/WinXP/servicecfg.htm

    Services has three Staartup Types: Automatic, Manual and Disabled.
    Some MUST be on Automatic
    Some only need to be on Manual to start when needed.
    Others can be Disabled if they are not needed.

    Services that are set to Automatic start on boot and run in the background.
    Services set to Manual only start if needed.
    Some Services, such as the 'remote' Services, can be a security risk and are best disabled if not in use at the time.

    Checking the Dependency tab when changing the Startup Type is vital. The Services work together and some depend on other Services to run.
  11. mflynn

    mflynn Newcomer, in training Posts: 2,793

    My list stands.

    Turn them all off the only thing you will notice is better performance and startup/shutdown times.

    Net logon Manual not off. I am sure you do not have Domain Controller Server in your home.

    If you are using Switch user then I would stop. So turn off Fast User switching.
    No I meant Net.TCP Port Sharing.

    Universal PnP not needed and can be a security hole.

    Disable all as I posted!

    Mike
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Which is it?
  13. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Well it is up to him!

    If he thinks he needs most of the ones I said to disable then he just as well enable them all.

    he should disable all as I said and he will see that he don't need any of them.

    Mike
     
  14. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    OK, here's the progress so far.

    I've carried out all of the tasks in Post #28 with the exception of OTScanit, which I'll run tonight and post the results tomorrow. I did run AVAST, which found no viruses.

    Lots of rubbish removed using the recommended tools.

    RunScanner log now looks OK to me, (although some of the file names don't mean anything to me). I've attached the last log in case you spot something that shouldn't be there.

    RegScrub found 710 Registry problems - I had to run it 3 times before all problems were fixed.

    I then ran Uniblue RegCleaner (not on your list) which found a further 361 errors! I didn't dare to clean the errors without showing you the log first.

    Regarding the startup items, I disabled all on your list and bootup is much quicker now. (20 secs instead of 70 secs for the XP screen) with no obvious adverse effect.
  15. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Fantastical!

    That boot time is A-OK!

    In use the computer should be somewhat more snappy also.

    I will look at the logs later, only have a moment now!

    I am glad you did not clean with the UniBlue yet.

    There are in my opinion only about 6-8 very good Registry Cleaners some very smart people say all Registry Cleaners are snake oil, on the opposite side are some other smart people who say the reverse but these people of whom I am one (well me not as smart as them):( say they are very valid.

    The right cleaner, used in the correct manner, at the correct time, with the correct guidance.

    So that said you made the right decision not to clean.

    Multiple runs with the same Cleaner until clean is OK BUT!!

    RULE #1 Never Ever run Multiple Registry cleaners back to back without a reboot between.

    Later this evening I will check the logs.

    Mike
  16. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    No, I did a reboot before I ran the other registry scan, but thanks for the advice.

    I ran OTScanit with the settings you gave me. It only took a few minutes to run, as the other default settings missed out most of the files and drivers.

    I reset it to run everything, plus the Additional Scans you said.

    I still only took about an hour to run but the log is over 1Mb and too big to attach.

    Did I use the wrong settings? How should I proceed from here?
  17. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Don't know what happened but the OTScanit takes no where near the time of a mbam or sas scan.

    Perhaps 2-5 minutes.

    Delete the log files reboot run it again send logs.

    Mike
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I discourage the use of Registry Cleaners- espeially three of them!
  19. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    Here's the OTScanit log as requested.
  20. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok no real issues there.

    How is all running if OK let me know an we will begin closein the thread.

    Mike
  21. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    Mike, I hoped to report all OK so that we could get the thread closed, BUT....!!

    I did a timed bootup and all is not well. I kept a log - attached.

    Bottom line is that I can't use my system for about 12 mins after switch-on as the cpu is at 100%. While I appreciate that some of that is the anti-virus and Spyware doing their start-up scans, it still seems too long.

    Once loaded, the system appears to operate OK.

    (Regarding the SB Audigy soundcard and software, I need advice on how to regain full capability - could be an un-install and then installing progressive upgrades. Should I start a new Audio thread for this?)
  22. mflynn

    mflynn Newcomer, in training Posts: 2,793

    When did that happen? Last I heard was 20 secs.

    OK lets do one at a time as the Audio driver problem may be it.

    First download the latest driver.

    Then use Revo to uninstall it.

    Reboot windows will find new hardware cancel it and then install the new downloaded driver.

    Mike
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Since the problems haven't been resolved yet, I'd like to bring this to your attention:

    There are two sites showing the Spyware Detector download.
    The first is spywaredetector.com. My attempt to bring it up brought this first ever Alert from Nod 32, my AV:
    The next listed site is spywaredetector.net and brings up the legitimate program by Max Secure.

    Looking at the Norton Warning, I noticed this:
    1. Win32:Spyware-gen > been found in "C:\Documents and Settings\Anyone\Downloads\Spyware\spywaredetectorb.exe\{app}\SDService.exe" file.
    2. Win32:Trojan-gen {Other}" has been found in "C:\source\Anti-MSOPA_1-3.zip\Anti-MSOPA.exe\Anti-MSOPA.exe" file.
    3. Win32:Trojan-gen in C:\System Volume Information> this is your restore points.

    I don't know where you downloaded your version from, but I thought this was worth noting. You may actually be including malware in what you think is a safe security program.

    Additionally, the logs back in Post #10 showed you running both AVG AND Avast. Did you every decide which you wanted to keep and uninstall the other.

    I have not gone over all the posts but thought the above worth mentioning.
  24. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    Spyware Detector.

    I have a registered version from Spywaredetector.net and get downloads from Maxsecure.com.

    However, the fact that some problems have crept through is a concern. How do I check that the problems have been cleaned?

    The C:/source... folder was an old backup of my C drive that I have now fully deleted, as it was doubling scanning times.

    With so many security products available, it's hard for a simple user like me to know which to choose!

    I decided to uninstall the full AVG suite as I'd lost confidence in its ability to provide protection.
  25. Gouge

    Gouge TechSpot Enthusiast Topic Starter Posts: 128

    Mike,
    The only change was to install an upgrade to Adobe Reader 9. Not on autostart.

    Saw the longer boot time this morning. I'll uninstall with Revo and re-install to see if that was the problem.

    Soundblaster Audigy problem is more complex than a driver update. I installed the latest drivers a couple of weeks ago.

    Main problem is, having uninstalled the software, you have to start from initial installation CD then work through dozens of updates since 2004 for both Audigy 2 ZS and Creative Mediasource. Some upadtes include major upgrades (such as to Mediasource 5) and some rollup previous updates, but its hard to know which. Then there are driver update bundles.

    Problems were compounded by registry entries for versions not being deleted during uninstall, even with Revo, preventing re-installation of some of the early updates.

    I need advice on how to correctly re-install and in what sequence. Creative's help and support on this scores a generous zero!

    (My previous reply to this post appeared to fail, so please delete if duplicated)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.