Please check out these logs

Hi there,

I'm trying to help out my sis who keeps whining that her laptop is slow, which it is. I think it's at least partly due to Toshiba bloatware and Avast's real-time scanning. 80 running processes seems like a lot to me, I usually try to keep mine down to around 37 or so. I thought I'd do some scanning just to be sure there's nothing funky going on.

She also has Windows Defender running which probably doesn't help. Should I get rid of it?

I have attached logs for everything except SAS and MB. I've done several scans with each but they found nothing of interest. I don't know how to interpret these other logs, so if someone could take a quick look I would appreciate it. If you need anything else let me know. Thanks a lot.

 

Hi and welcome to Major Geeks!
________________________________________

Please follow standard procedure and attach the logs from both SAS and MBAM whether they find anything or not.

 

Hi, and thanks a lot for your reply. After I posted I was afraid you were going to say that. I'm not sure when I'll see my sister again so it might be a while before I can post the other two logs. I'll try to do it soon if possible. In the meantime, do you recommend getting rid of Windows Defender? Is it necessary if Avast is installed?

Thanks again.

 

From Programs and Features (via Control Panel), please uninstall the following:

• Java(TM) 6 Update 26
• Java(TM) 6 Update 3
  Note: Did you or your sister try to uninstall Norton 360?

If you want to do a complete removal of Norton 360, also remove this from Programs and Features and then download and run Norton Removal Tool to get rid of any remaining traces.
Then, reboot your computer and proceed with the below set of instructions:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but DO NOT CLICK FIX until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below quote box into Notepad:

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message.(How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

*** Let me know how the PC is running after you have completed these steps! ***​

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow? If yes, also answer the below sub-questions
  • What type of connection to the internet do you use ( DSL, Cable, FIOS,etc)?
  • What browser are you using? Have tried more than one?
• Is downloading slow?
• Is running any/every application?
• Is it also slow in safe boot mode?
• Also are any processes showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

 

When you see your sister again please also attach the SAS and MBAM logs.
I do not recommend uninstalling Windows Defender. I would recommend disabling it and only keeping Avast! installed and active.

 

Hello again,

Thank you very much for your response and guidance. I will try to do this some time this week, but it may not be until the weekend. Thanks for your time, I appreciate it!

 

Hi, me again.

I finally got a chance to get back to this.

I uninstalled the Java instances you listed, and ran the Norton removal tool. I didn't realize there were remnants of it left.

Ran analyse.exe and fixed the item you mentioned.
Ran combofix per your instructions (it rebooted after a while and wrote its log after it came back up, is that normal?)

I also ran TDSSKiller, mbrcheck and MGC Getlogs.bat, and have attached the last MB and SAS logs.

The laptop is very slow booting, it seems like an eternity to me. If it was mine I would have slashed my wrists by now. Even when the desktop is up the drive thrashes for a long time afterwards and that affects the responsiveness of the computer. It seems ok when browsing and downloading. The connection is a 5Mb cable connection. Different processes use a fair bit of CPU time during the boot process, svchost.exe and CCC.exe are the ones I remember.

 

I hit the max of 4 attachments on the last post, so here's the SAS and MB logs. Let me know what you think when you get a chance. Thanks a lot.

 

Yes, this is normal.

Your latest logs are clean.
The computer being slow is most likely a software issue at this point.

I can give you a small registry tweak that should hopefully speed up the boot process so you're not loading so many applications at once on start-up.
Note: This is purely optional and is not related to malware.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If your computer is still slow after doing the above step, you may want to consider uninstalling some applications from Add/Remove that you do not make use of.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I will do all that when I see my sister again. I appreciate the help from you and Chaslang in another thread. What is the best way to make a contribution to the site?

 

It's not a problem, come back and see us! See the below links:

Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook