Severly slow w/a chance of Hard Freeze

Welcome to Major Geeks!

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow?
• Is downloading slow?
• Is running any application?
• Is it also slow in safe boot mode?
• Also are any process showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

Your logs did not show any major malware and mostly just a lot of unnecessary junk was removed including some non-recommended games that may be what your daughter installed.

 

This is not a process. This is a measure of the idle time of your PC which means it is doing nothing 98 to 99 % at that instance of time.

You did not address my question about whether you have problems in safe boot mode. Right now it looks like your problems are not due to malware. I will give you a few things to do below which are not malware. We will be testing to see if anything changes after uninstalling various programs and tweaking a few other items.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0140151223865158) (0140151223865158mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\0140151223865158mcinst.exe (file missing)

After clicking Fix, exit HJT.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Do you use MusicMatch Jukebox? If not then add it to the list of things to uninstall below since it is a waste of resources having it always running.

Uninstall ALL of the below and reboot afterwards. If any of them tell you to reboot to complete the uninstall, then reboot immediately and continue on after the reboot.
a-squared Free 4.0
Advanced SystemCare 3
Ask Toolbar
AVG Free 9.0
Smart Defrag 1.20


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

We will manually remove anything that remains.

Let's reinstall and then uninstall. Download and install the below.

a-squared Free edition

Then uninstall it.

If you don't get any freeze ups in safe mode then it is likely that some program or driver that loads in normal boot mode but not in safe mode could be causing your problem.

First we need to finish removing a few items to see if we can locate the cause of your freezing. It may be necessary for you to work this in the Software Forum though since as I said, it is most likely not malware related.

Now run Glary Utilities that you have installed and undo any settings you have made to disable various startups.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

After clicking Fix, exit HJT.

Now we are going to try the beta version of ComboFix which is named KittyFix.exe

Download KittyFix from http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe and save it to your Desktop but do not run it.

Note: This is a beta version of combofix and might be unstable but tests done so far have proved it works well

Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer.

• Now Exit/Close/Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Close any open browsers and any other programs you might have running.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as KittyFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the KittyFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of KittyFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.


Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Owner\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Your log from MGtools was obtained in safe boot mode. You need to always get logs from normal boot mode unless we ask you to run in safe boot mode. Since we already know you don't have freeze problems in safe boot mode, but you do in normal boot mode, the problem is just something you are loading in normal mode. It could be a driver for your hardware or a piece of software. Please attach a new log from MGtools from normal boot mode. You may as well download and use the new version again since it just updated again today.

 

Okay we have done more than we should be in this forum. Even what I did in my last message was not related to malware. Your problems are related to what you are loading in normal bootmode and slow internet may just be your ISP or the junk you installed from them. My last suggestions will be below. Anything else you will have to work in the Software Forum or with your ISP for internet speed issues with browsing.


First I would suggest that you uninstall all of the below from your ISP since the have been notorious to cause people problems.

• Comcast Access
• Comcast Desktop Software (v1.2.0.9)
• Desktop Doctor

The below services are run due to the above software and everyone I know who has them running has had problems or complained about them:
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

Uninstall them reboot, and make sure all of the below are gone from your HijackThis log that you can see by running MGtools and looking at the hijackthis.log in the MGtools folder.

I also suggest uninstalling Google Toolbar and the service that goes along with it and its ever running autoupdater.