Qestions after the Cleaning and Removal process

I am NOT a computer person but I am desperately trying to address a dramatic slow down in my desktop computer. Please be patient with my ignorance as I try to provide you with the information you requested.

First some background, I don't know if this event had anything to do with the current situation, but last week, while online, I had a window open up that stated that I had been infected and it automatically started to do some sort of scan. I clicked the red X in the corner of that window and shut the entire browser down because I did not recognize the scan. I thought that I had rectified the problem quickly enough to avoid any serious trouble, but days later I began to notice that my computer was starting to slowing down.

Next, my husband and I did our usual internal cleaning using the CCleaner. There did not seem to be any serious issues that we could recognize but over the next few days the computer became worse. I started to research online for help and found a site that said that computers that slow down can be overheating and need to have the vents and fans cleared of dust. My husband and I then took the housing off of the computer and cleaned the internal dust in hopes that it might help.

When problems remained I searched your sight and began the steps from your READ & RUN ME FIRST Malware Removal Guide. I went step by step. In fact I still have the DeFogger disabling my CD Emulation since I did not see instruction as to when to enable that, again.

None of the scans seemed to find any issues. However, I did run into a problem when I got to the step utilizing combofix.exe. Combofix gave me a warning that I still had an active real time scanner from AVIRA Antivir running...but I don't have that program. (We may have used it in the past - but not for serveral years!) My husband and I tried to search the computer to delete anything related to that program but all we could find were three files that would not be deleted. Still, we don't understand how a scanner could be running if we don't have the program. Could this be part of our problem? We know that we should not have two virus scanners running on the same computer but we don't know how to address this problem.

Also, while looking for the AVIRA program we realized that we do have a lot of other items running in the task manager screen that we don't recognize. Could someone help us to determine which items need to run and which don't? Is that a question for a different forum category? Please advise.

An lastly, since none of the spyware/malware scans found any issues but we are still having tremendous difficulty we don't know what to do next. I am not even sure what to attach from the SUPERAntiSpyware or Malwarebytes' Anti-Malware since I do not see any logs for those program scans. I have followed the instructions to attach the logs I do have from the other scans. Please help me to identify the other information that you may require in order to assist me in this matter.

Thank you!

 

I apologize for the oversight...here is the log you requested! Thank you!

 

We're still experiencing a sluggish computer with long delays in loading programs and connecting to the internet.

Could you help to determine whether we have things running in the background that are unnecessary? We have tried looking at the listing in our task manager window but we don't know what most of the item descriptions stand for and are at a loss as to what might be eliminated.

Also, we only have 512MB of Ram and are running XP service pack 3. My husband believes that he could upgrade the memory to 1G, but I have only 21% of room left on my C drive (which is only 15.6 GB) and we are wondering whether extra memory would help in a case such as this.

We do have a D and E drive, both of which are much bigger at 77.4 GB and 93.1 GB repectively, but we don't know how to fully utilize these to lighten the load on the C drive. We do direct any programs and other downloads that allow us to specify location to the D drive, but all programs that are system related still go automatically to C. Could this heavy load on C be part of our problem?

We would be grateful for any insight or suggestions that you could offer!

 

Tim, I thought of one more question...

Did you see anything that would explain the warning message that Combofix gave me during the cleaning process? It said that there were two virus scanners running on my computer. I knew about the Avast, but Combofix also stated that it detected that Avira Antivir personal something-or-other (sorry I am doing this from memory) was also running a real time scanner. Combfix wanted me to close it down but I could not figure out how to do so since I could not find it, except for those three files I mentioned before.

Could I really have to virus scanners at work? If not, how would Combofix make such a surprising error?

I am sorry for being such a simpleton...I really appreciate your help!

 

Good Evening, Tim

I attempted to follow your newest instructions, however I ran into a problem I wanted you to know about before I proceeded. I had progessed through all of the steps up until I was to wait for the prompts from ComboFix when, after accepting the disclaimer, I received this:

Warning!!

ComboFix has detected the following real time scanner(s) to be active:

Antivirus: Avira AntiVir PersonalEdition

Antivirus and intrusioin prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.


Because I do not have Avira (as mentioned before) and know of no way to disable it, I did not want to click the OK button. Since that was the only button, I chose to click the red X in the corner of the window instead, at which point I received this:

Warning!!

Antivirus: Avira AntiVir PersonalEdition

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.


Again, I tried to click the red X in the corner of the window to stop the process from moving forward, to no avail, however a dark blue box opened and ComboFix notified me that an update was available. I remembered that you had instructed me to allow ComboFix to update so I did click OK at this point and quickly received a message that ComboFix had updated and will restart now.

Once ComboFix had restarted I was again given the disclaimer and along with it the option of accepting it by selecting YES or I could exit if I were to choose NO. I chose NO so that I could get out of the program and ask you how to handle the Avira situation.

This is nearly identical to what I experienced during the cleaning procedure, with the exception of the fact that, since I had just downloaded the ComboFix, there were no updates to allow me to get a second chance at the disclaimer and at exiting the program, as I did this time. During the cleaning process ComboFix simply gave me the message that it was going to move forward, despite the fact that I could not find nor stop the Avira program.

I did not want to take the chance of going through the ComboFix procedure, again, without first checking with you as to how to handle the mysterious Avira real time scanner. I do not want ComboFix to cause any damage, but I am not sure what you would want from me in this scenario.

Please advise!

 

Thank you for the clarification, Tim! I have done as you ask.

FYI: I did have an error when first trying to to run ComboFix because it didn't think I was running Windows XP any longer. I did not know how to correct that error so I deleted ComboFix and downloaded it again, began the process over, and then was able to complete all of the instructions you had given to me.

Below please find the logs you requested.

 

Tim,

Most aggravating is dealing with an extremely slow start up. Most of the system freezes have ended, but I literally have to wait well more than fifteen minutes before the computer will actually respond to my requests. Also, connecting to Outlook Express or Internet Explorer is excruciatingly slow.

For example, this morning, about ten minutes into waiting for the computer to “warm up” I clicked on the IE icon to see if it was ready to work but it would not respond beyond turning a different shade of color. After waiting another 5 minutes and seeing that it had returned to its normal color, I clicked on it again and still had to wait 7 more minutes for the window to slowly open and finally display my Google browser page.

During this whole time the computer makes noises like tiny machine gun fire or crackling, but I am not sure what it is so busy doing. Please understand that I am not expecting my computer to ever be lightening fast, but it has never been this slow before and I would like to get it back to its normal speed.

The only big changes I can think of in the last week were (1) the strange window that opened saying that my computer was infected and started its own scan - that I immediately shut down. (2) the various malware scanning programs I downloaded during the Major Geeks’ cleaning process - that I used to confirm that I had not become infected by the mysterious scan, and (3) downloading Avast! Virus scanning freeware from your site - that I had not used in the past.

Could the Avast! Program be responsible for such a dramatic slow down? I have noticed that it does work automatically, as it audibly announces that my definitions have been updated from time to time. In fact, I noted that it did that just after my long start up, this morning.

Did you see any trace of the Avira Antivir PersonalEdition? Could this real time scanner be conflicting with the Avast! automated updater or its own real time scanner? I know that there should only be one virus scanner per computer, but I am not sure what I have happening inside my own machine based on continual warning messages from ComboFix.

Also, I should mention that my computer does get a little faster as the day goes on, after the start up. Is there a way to find out what is necessary during start up and what is not?

And lastly, what issues could speed up opening programs and connecting to IE and Outlook Express? I have ordered the additional memory and am hopeful that it will provide some relief for my system, but I would still like to address whatever is causing the problems that began plaguing me in this last week, because those may not be based on memory.

 

I apologize for the delay...

I followed your instructions yesterday, wrote my response, and attached the log, but apparently it did not post because it is not showing today.

Out of habit, I mistakenly downloaded the program to my desktop and ran the process from there, after which I re-read your instructions and realized my error. I downloaded the program for a second time and then repeated the process from my C drive.

I will attempt to attach that second log, again.

Also, I wanted to mention that I still have the CD Emulation programs disabled, as per the cleaning procedures. I really have no idea what these programs are, but I am wondering if I should enable them by using the DeFogger at this time, or later?

Thank you for your continued guidance!

 

Hello, again, Tim~

I am sorry about this latest delay; we have had bad electrical storms for serveral day and I have had to be off of the internet. While I was waiting to get back on the www I did install more RAM and now have 1GB. Sadly, it did not seem to make a big difference in speeding up the computer. I will take your advice and post a question on the software forum for some additional input.

I have followed all of your instructions to finish our work together, however I wanted to let you know that I did still get the Warnings!! about the Avira AntiVir real time scanner while going through the steps to uninstall the Combofix. Is that problem also an issue that I should address on the software forum? If not, where would I get help for this error? It concerns me that there may be a real time scanner running that I cannot see or control.

Please advise before we offically end this thread.

Thanks so very much for all of your help and your patience!

 

Hello, Tim~

The messages are the exact same as they have been the last two times I described them. They have never changed, despite all of the instructions that I have followed. ComboFix gives this message first:

Warning!!

ComboFix has detected the following real time scanner(s) to be active:

Antivirus: Avira AntiVir PersonalEdition

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'!


I have never been able to find a way to disable Avira because I don't have Avira, as mentioned before. I have Avast! which I did disable when instructed. As already mentioned, I have tried every possible way that I know of to find and disable Avira, to no avail. That is why I was asking for your cousel because I do not know what further steps can be taken from my end. Combofix, by the way, will not let me out of the process and I end up with this following second message:

Warning!!

Antivirus: Avira AntiVir PersonalEdition

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.


When I raised this issue with you before you told me to disregard the warnings, to keep going forward, and that by following the instructions you had givien that this problem should be addressed and corrected. You stated, "Part of the fix is to remove that message about Avira." and that is why I am making sure not to end our thread without making certain that you realize that my computer continues to create these warnings in ComboFix and whatever you thought was going to correct this issue has not been successful.

I realize that you have not seen any malware and I am thankful for that, however I am still very concerned by the warnings from ComboFix. I don't know how to remove Avira since I cannot see it (with the exception of those three old files I told you about before that cannot be removed) and I don't know how I could possibly have a real time scanner active that I cannot see...but appearently ComboFix thinks I do and I don't know how it could make something like that up! I am very willing to accept that I am at fault and not CombFix, but I don't know what to do about it.

I would love help to resolve this matter but if this is something that would be better addressed on a different forum, please simply let me know which one you think would be best to find the appropriate guidance.

Thanks for EVERYTHING, Tim!

 

Thanks, Tim ~

I have run the CCleaner and the MGtools, as you directed.

Here is the requested log...

 

Hi, Tim ~

To answer your question, I believe that I am letting MGtools complete. It disappears all on its own. I just assume that it is done at that point...am I missing some other steps?

Also, I have not yet followed your latest instructions because, after pre-reading them, I noticed that you mentioned the Avast! program in the step that preceeds the remove step and this confused me. Do I need to remove Avast! in order to properly address the issue with Avira?

Please advise.

Thanks so much!

 

Hello, again, Tim and also welcome to the conversation chaslang!

Let me address each of your questions in order...




First of all, Tim, you are NOT a goober (whatever that is), you are WONDERFUL and beyond patient with all of your help and guidance. I am really indebted to you!

To answer your question about the ComboFix, it does just disappear. There is no prompt telling me to hit any keys nor any error message, that is why I thought it was done processing.

Your next question was whether I had removed "those two items". I can only assume you are referring to your instructions to "find and delete" the two items that referrenced Alwil software. I did not do anything except read your latest instructions and contact you for clarification. Because I did not recognize what Alwil stood for and did not know whether it was part of the fix for Avira or possibly connected to Avast! I was not confident to move forward. I chose, instead, to wait to hear from you and have not done anything else until I could determine which instructions were really meant by you and which were given in error.

As to you question about CCleaner, I regularly run that program on both the cleaner and registry settings.





And now to chaslang, I am sorry for the confusion about Avira. To clarify, I am not saying that I have Avira...ComboFix is!

As I have been trying to follow Tim's instructions to address a strange and drastic slow down that my computer recently went through. We found that ComboFix would produce foreboding warnings about a real time scanner identified as Avira AntiVir PersonalEdition running and potentially causing problems on my computer.

This was a surprise to me, as you will see in my notes concerning this matter if you read back through the earlier messages in this thread. Tim was simply trying to help me fix this problem, but apparently got Avira and Avast! confused in the last set of instructions he provided. I was trying to sort out the details of that issue when you jumped in to help.

You mentioned seeing Webroot SpySweeper on "previous logs". I am not sure when those logs were from because I don't think I have had Webroot on my computer for more than a year, and maybe even longer than that. To my knowledge it should not be running any longer, but I also thought that Avira should not be running and I am confused as to why ComboFix seems to think that it is...all of this leaves my quite unsure of what is going on behind the scenes!

It is encouraging that you indicated seeing Avast! and Comodo because those are the two programs that I purposely downloaded from Major Geeks for my virus and firewall protections, respecitively. Those are the two names that I would have expected, but it still concerns me that ComboFix detects an additional real time scanner.

You mentioned that I could disregard messages about Avira when uninstalling ComboFix but I get the warnings not only when uninstalling but all through the process of trying to use ComboFix. The warnings are quite disturbing because they state clearly that damage may be done to my computer, hense my continued work with Tim.

And lastly, I did not make C drive nor do I know how to format or partition anything. I bought the computer with the current arrangement. I have simply turned it on and used it...nothing more.

I was aware that the C drive seemed really small compared to the space available on the D and E drives and have tried to store anything I was given the choice to specify location onto my D drive in order to keep as much of C drive available as possible, but over the 8 + years I have been using this computer C continues to fill and I don't know what else I can do.

My husband thinks that we may have to give up and by a new computer with a bigger C drive to accomodate the large sized programs that seem to require C for their location. Do you think that a new computer purchase is the solution?




I would appreciate any and all advice from each of you!

 

I am sincerely grateful to you Tim, and chaslang as well!

I will use the information I received from both of you and post questions in the software forum for additional guidance, as you suggest.

I appreciate all of your time, cousel, and expertise.

Major Geeks is a wonderful resource and knowledgeable people, like yourselves, are what make it such a treasure!

THANK YOU!!!