Another messed up system

[Gouge]

Thanks for all your help in sorting this.

I've attached the log as requested - I couldn't find it before but is was late at night here!

I know that this has been a long thread so far but I'd like to recap on the progress on initial problems:
- very slow bootup in normal and safe modes (still the same but possible fix now)
- slow system generally (now much improved)
- AVG not adequate and slow (now uninstalled and using AVAST)
- SB Audigy soundcard not performing well - stuttering and not all functions active. (still malfunctioning)

I use my PC a lot for music creation and I haven't been able to rely on it for weeks now.

 

[mflynn]

Hi Gouge

Ok for now lets consider you clean but do the below when convenient while at work bed or when computer is not needed. Just to be sure!

Run Kaspersky Online AV Scanner


Use Internet Explorer.
Click the Accept button at bottom.

With IE7 if you have problems with accepting the license, use Zoom tool at bottom and set zoom to a viewable level. After accepted, reset back.

Attach log back.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Now lets get on your slow boot and audio issues. These are probably related fix one and both will be fixed.

Now have you ran thu the DAF and other items in my last post if not do so.


After that we will go from there.

Mike

 

[mflynn]

Ok Gouge we continue on your other issues!

I made this a separate post because it is so long and basically on a different matter than Malware.

I just realized in rereading the entire thread that I never got the log files from post #18 RSIT.

This info could help with the slow startup and Audio issues.

So browse to c:\RSIT and post both logs.

Also another log that will help is...
--------------------------------------------------------------
Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
Close all Apps and Browsers

Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open,attach back to here.
--------------------------------------------------------------

Next use Revo and clear any Old/Useless programs.

Then use Autoruns go carefully thu the Everything list, scan down the Publisher Column
look at all except Microsoft.

Find anything you have had in past but thought was gone, anything like AVG, Grisoft, Norton, Symantec or Zone Alarm etc and remove them.

Another program similar to AutoRuns but finds some that it don't. It also shows the same in a different way perhaps highlighting something shown in AutoRuns that you missed.

Download RunScanner http://www.runscanner.net/ get it run in Expert mode and click Scan.

1St get rid of all red lines Missing files etc by dbl click to select, once selected click the "Item fixer" to
remove the item.

Then click Extra stuff and do the same red lines also here. To get back to the Item fixer you must click the
Malware Hunting Tab again. Again go thu both Malware hunting and Extra stuff looking for things you thought were gone. Google any item that you are not sure of and or ask me.
--------------------------------------------------------------

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
--------------------------------------------------------------

ERUNT
Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

ERUNT http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.
--------------------------------------------------------------

The issues we cleaned some were found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
--------------------------------------------------------------
Now that you have a new fresh SR point and ERUNT do the below
D/L RegScrubVistaXP http://majorgeeks.com/RegScrubVistaXP_d5946.html install and run

1st click Tweaks and select all but the below count the lines
Items 2, 10 14,17, 19, 22, 26, 28 don't do this one.
Item 22 is recommended but you must remember that when using installing you will have to browse to the CD to run a program. Otherwise these are optional.

Once all Tweaks are done click scan for problems. Then Scan, when done click Select all and then clean.
--------------------------------------------------------------

This is enough to keep you busy for an hour.

So answer this have you had ever Symantec Norton, Mcafee or Zone alarm on this computer?

Mike

 

[Gouge]

I'm getting a bit behind on the actions here!

Just ran DAF with the following results:

All ok until it got to Register DLL's. There was an access violation at 00000000 and the scan would not progress, I tried again with the same result, so skipped Register DLL to complete the rest. I then ran it all and it completed with no problems.

Went to page 2. Process Idle tasks went ok. WMI/WBEM stopped with an access violation 77C0155D module version.dll. Read of address 00000004.

Rebooted and rerun and the same violation occurred.

I didn't run the RSIT as AVP failed. I'll run that as well.

 

[mflynn]

Proceed with all the rest for now we will come back to DAF!

Mike

 

[Gouge]

RSIT 1st log attached.

Also log of 12 adware entries picked up this morning by Spyware Detector.

2nd RSIT log on next reply, as requested.

 

[Gouge]

2nd RSIT log

Your question - So answer this have you had ever Symantec Norton, Mcafee or Zone alarm on this computer?

I have had some elements of Symantec and Zone Alarm in the past.

 

[Gouge]

I tried several times to download/run the Kaspersky onlone AV scanner, but it would not work.

I killed AVAST as instructed, but, after accepting, there was no activity or download.

I even went to the website to run the scanner and it didn't respond.

I'll continue to work through the other actions.

 

[mflynn]

Ok try it one more time but in Safe Mode Networking if it don't work then drop it for now.

Yes continue with all the rest.

I have been traveling today and will be very busy tomorrow but will check in.

Here are some other online scanners. Consider Bitdefender, Etrust and Panda Nanoscan.
Or all 3 if done while you are in bed or at work etc.

http://wiki.castlecops.com/Online_antivirus_scans

We will get it, it don't have to be done in one day, just continue when you can and report back.

Mike

 

[Bobbye]

Please revisit the list of Services disabled. Use the following for reference:
http://www.ss64.com/ntsyntax/services.html
http://www.blackviper.com/WinXP/servicecfg.htm

then just as well enable them all)

Services has three Staartup Types: Automatic, Manual and Disabled.
Some MUST be on Automatic
Some only need to be on Manual to start when needed.
Others can be Disabled if they are not needed.

Services that are set to Automatic start on boot and run in the background.
Services set to Manual only start if needed.
Some Services, such as the 'remote' Services, can be a security risk and are best disabled if not in use at the time.

Checking the Dependency tab when changing the Startup Type is vital. The Services work together and some depend on other Services to run.

Distributed Link Tracking Client-A
Distributed Transaction Coordinator-M
DNS Client-A-
Fast User switching- M if multiple users. Disable if only one user.
Health Key and Certificate Management Service-D-> per Black Viper: "New for XP in Service Pack 3.I am unaware of any applications that use this feature."
Indexing service-M
Messenger-D-Sole purpose is for the Administrator of a network to communicate with the other systems on the network. NO other legitimate use. But often used unethically to display malware. *******
Net logon-M-
Net.TCP Port Sharing-?? Do you mean TCP/IP NetBIOS Helper Service?
NetMeeting Remote Desktop Sharing-D-per Black Viper: "This service may create a big open door for the unwanted." Workstation no longer listed as dependency in SP3. Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet.
IPsec services-A
QoS RSVP-M
Remote Registry-D- not available on XP Home. Enables remote users to modify registry settings on this computer.
Uninterruptible power supply-M
Universal Plug and play-M
Web Client-D
Windows media player Network Sharing-??

 

[mflynn]

My list stands.

Turn them all off the only thing you will notice is better performance and startup/shutdown times.

Net logon Manual not off. I am sure you do not have Domain Controller Server in your home.

If you are using Switch user then I would stop. So turn off Fast User switching.

Net.TCP Port Sharing-?? Do you mean TCP/IP NetBIOS Helper Service?

No I meant Net.TCP Port Sharing.

Universal PnP not needed and can be a security hole.

Disable all as I posted!

Mike

 

[Bobbye]

So if you need most of them (or just think you do because you don't) then just as well enable them all)!

Disable all as I posted!

Which is it?

 

[mflynn]

Well it is up to him!

If he thinks he needs most of the ones I said to disable then he just as well enable them all.

Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!

Which is it?

he should disable all as I said and he will see that he don't need any of them.

Mike

 

[Gouge]

OK, here's the progress so far.

I've carried out all of the tasks in Post #28 with the exception of OTScanit, which I'll run tonight and post the results tomorrow. I did run AVAST, which found no viruses.

Lots of rubbish removed using the recommended tools.

RunScanner log now looks OK to me, (although some of the file names don't mean anything to me). I've attached the last log in case you spot something that shouldn't be there.

RegScrub found 710 Registry problems - I had to run it 3 times before all problems were fixed.

I then ran Uniblue RegCleaner (not on your list) which found a further 361 errors! I didn't dare to clean the errors without showing you the log first.

Regarding the startup items, I disabled all on your list and bootup is much quicker now. (20 secs instead of 70 secs for the XP screen) with no obvious adverse effect.

 

[mflynn]

Fantastical!

That boot time is A-OK!

In use the computer should be somewhat more snappy also.

I will look at the logs later, only have a moment now!

I am glad you did not clean with the UniBlue yet.

There are in my opinion only about 6-8 very good Registry Cleaners some very smart people say all Registry Cleaners are snake oil, on the opposite side are some other smart people who say the reverse but these people of whom I am one (well me not as smart as them) say they are very valid.

The right cleaner, used in the correct manner, at the correct time, with the correct guidance.

So that said you made the right decision not to clean.

Multiple runs with the same Cleaner until clean is OK BUT!!

RULE #1 Never Ever run Multiple Registry cleaners back to back without a reboot between.

Later this evening I will check the logs.

Mike

 

[Gouge]

No, I did a reboot before I ran the other registry scan, but thanks for the advice.

I ran OTScanit with the settings you gave me. It only took a few minutes to run, as the other default settings missed out most of the files and drivers.

I reset it to run everything, plus the Additional Scans you said.

I still only took about an hour to run but the log is over 1Mb and too big to attach.

Did I use the wrong settings? How should I proceed from here?

 

[mflynn]

Don't know what happened but the OTScanit takes no where near the time of a mbam or sas scan.

Perhaps 2-5 minutes.

Delete the log files reboot run it again send logs.

Mike

 

[Bobbye]

I discourage the use of Registry Cleaners- espeially three of them!

 

[Gouge]

Here's the OTScanit log as requested.

 

[mflynn]

Ok no real issues there.

How is all running if OK let me know an we will begin closein the thread.

Mike

 

[Gouge]

Mike, I hoped to report all OK so that we could get the thread closed, BUT....!!

I did a timed bootup and all is not well. I kept a log - attached.

Bottom line is that I can't use my system for about 12 mins after switch-on as the cpu is at 100%. While I appreciate that some of that is the anti-virus and Spyware doing their start-up scans, it still seems too long.

Once loaded, the system appears to operate OK.

(Regarding the SB Audigy soundcard and software, I need advice on how to regain full capability - could be an un-install and then installing progressive upgrades. Should I start a new Audio thread for this?)

 

[mflynn]

When did that happen? Last I heard was 20 secs.

OK lets do one at a time as the Audio driver problem may be it.

First download the latest driver.

Then use Revo to uninstall it.

Reboot windows will find new hardware cancel it and then install the new downloaded driver.

Mike

 

[Bobbye]

Since the problems haven't been resolved yet, I'd like to bring this to your attention:

There are two sites showing the Spyware Detector download.
The first is spywaredetector.com. My attempt to bring it up brought this first ever Alert from Nod 32, my AV:

Web page:
http://www.spywaredetector.com/

Description:
Access to the web page was blocked by ESET NOD32 Antivirus.
The web page is on the list of websites with potentially dangerous content.

The next listed site is spywaredetector.net and brings up the legitimate program by Max Secure.

Looking at the Norton Warning, I noticed this:
1. Win32:Spyware-gen > been found in "C:\Documents and Settings\Anyone\Downloads\Spyware\spywaredetectorb.exe\{app}\SDService.exe" file.
2. Win32:Trojan-gen {Other}" has been found in "C:\source\Anti-MSOPA_1-3.zip\Anti-MSOPA.exe\Anti-MSOPA.exe" file.
3. Win32:Trojan-gen in C:\System Volume Information> this is your restore points.

I don't know where you downloaded your version from, but I thought this was worth noting. You may actually be including malware in what you think is a safe security program.

Additionally, the logs back in Post #10 showed you running both AVG AND Avast. Did you every decide which you wanted to keep and uninstall the other.

I have not gone over all the posts but thought the above worth mentioning.

 

[Gouge]

Spyware Detector.

I have a registered version from Spywaredetector.net and get downloads from Maxsecure.com.

However, the fact that some problems have crept through is a concern. How do I check that the problems have been cleaned?

The C:/source... folder was an old backup of my C drive that I have now fully deleted, as it was doubling scanning times.

With so many security products available, it's hard for a simple user like me to know which to choose!

I decided to uninstall the full AVG suite as I'd lost confidence in its ability to provide protection.

 

[Gouge]

Mike,
The only change was to install an upgrade to Adobe Reader 9. Not on autostart.

Saw the longer boot time this morning. I'll uninstall with Revo and re-install to see if that was the problem.

Soundblaster Audigy problem is more complex than a driver update. I installed the latest drivers a couple of weeks ago.

Main problem is, having uninstalled the software, you have to start from initial installation CD then work through dozens of updates since 2004 for both Audigy 2 ZS and Creative Mediasource. Some upadtes include major upgrades (such as to Mediasource 5) and some rollup previous updates, but its hard to know which. Then there are driver update bundles.

Problems were compounded by registry entries for versions not being deleted during uninstall, even with Revo, preventing re-installation of some of the early updates.

I need advice on how to correctly re-install and in what sequence. Creative's help and support on this scores a generous zero!

(My previous reply to this post appeared to fail, so please delete if duplicated)