System Slowed to Crawl After Running MBAM

[KayakAngler]

Hi,

I've been getting warning messages about svchost.exe from my regular anti-virus software, but it's been unable to fix it. So I ran MBAM and problems were found (see log below). I set a system restore point in XP, and then had MBAM fix the problems. I rebooted, only to find my PC was running super slow. According to Task Manager, my CPU never got above 5% usage. FYI, Task Manager showed several instances of svchost.exe running as processes, which has been the norm. Thanks in advance for assistance!

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.30

Database version: 1373

Windows 5.1.2600 Service Pack 2

11/7/2008 9:11:06 PM

mbam-log-2008-11-07 (21-11-06).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 130834

Time elapsed: 1 hour(s), 21 minute(s), 10 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[JeanInMontana]

Hii KayakAngler and welcome to Malwarebytes.

Please read and follow the instructions here then post a log here . Someone will be happy to help you.

[KayakAngler]

JeanInMontana, thanks for your reply. I appreciate your help so much! Just downloaded SpyBot, but I have a few questions about the instructions I thought I'd run by you. But first, here's a recap of my understanding of the instructions, just to make sure we're on the same page:

RECAP

1. Run XP System Restore or not, based upon your reply to my question #1 below.

2. Update and scan with Spybot Search & Destroy, use the immunize feature, but do not enable TeaTimers.

3. Update and scan again with Malwarebyte's Anti-Malware, this time performing a Quick Scan; click on Remove Selected.

4. Scan with ESET's online scanner. (A few day's ago I tried several online scanners, not Panda, and the only one that worked for me was ESET).

5. Run HighjackThis.

6. Post 3 logs: i) MBAM; ii) ESET; iii) HijackThis

QUESTIONS

1. Before following the instructions, should I use XP's System Restore to try getting back to pre-MBAM status? As it is now, my system is so slow that I'd have to do any and everything in Safe mode.

2. The instructions say to run MBAM in Quick Scan mode. Why not Deep mode? I ran my first MBAM scan in Deep mode, and I'm just curious about this.

Thanks again!