Laptop is So Slow

yasmin · Jul 25, 2012

Hi Everyone

Someone please help. Its driving me crazy, my laptop is so slow, when I open Microsoft it takes a while to get into it. Computer freezes and the biggest thing is that when I'm watching videos, it google chrome crashes all the time. Internet also feels slow. But its not the internet cause I had it recently increased by 3 times as much as before.

It could be virus, sometimes windows open randomly but when I do virus scan there is no virus there.

dr.moriarty · Jul 25, 2012

Hello, yasmin

Having a "slow pc" is not always indicative of malware being present.

Please go through our READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) and attach the requested logs for review.

yasmin · Jul 27, 2012

This is the Malwarebytes' Anti-Malware log. I did not know how to attach it.

I'v included all the other logs apart from HitmanPro. Which I could not download sense it says its no longer there.

Malwarebytes' Anti-Malware log:

ComboFix 12-03-04.02 - user 06/03/2012 1:26.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.2037.924 [GMT 0:00]
Running from: c:\users\Guest\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Guest\AppData\Roaming\cacaoweb
c:\users\Guest\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Guest\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Guest\AppData\Roaming\cacaoweb\replicating3F34EB2560343C317D61C824DB6D85E4.cacao
c:\users\Guest\AppData\Roaming\cacaoweb\storage.db
c:\users\user\AppData\Roaming\cacaoweb
c:\users\user\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\user\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\user\AppData\Roaming\cacaoweb\storage.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 01:38 . 2012-03-06 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-06 01:38 . 2012-03-06 01:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-06 01:38 . 2012-03-06 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 01:19 . 2012-03-06 01:19 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21AE8075-0600-4BD2-B7C1-D7DE8F37F298}\MpKsl5478f9c9.sys
2012-03-05 23:44 . 2012-03-05 23:44 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 23:42 . 2012-03-05 23:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-05 22:40 . 2012-02-07 22:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21AE8075-0600-4BD2-B7C1-D7DE8F37F298}\mpengine.dll
2012-02-27 04:51 . 2012-02-29 12:17 -------- d-----w- C:\Hotspot Shield
2012-02-27 04:51 . 2012-02-27 04:51 -------- d-----w- c:\program files\Hotspot_Shield
2012-02-27 04:50 . 2012-02-27 04:52 -------- d-----w- c:\program files\Hotspot Shield(16)
2012-02-16 15:37 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 15:37 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 15:37 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-13 12:48 . 2012-02-13 12:48 -------- d-----w- c:\windows\system32\Adobe
2012-02-10 22:58 . 2012-02-10 22:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB213011-1B7B-475B-ABCA-9C48E494F4F6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:12 . 2011-12-01 00:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 22:03 . 2011-05-31 23:26 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-02-18 15:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 23:01 . 2012-01-04 23:01 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-12-10 15:24 . 2010-07-31 22:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files\AF-HSS\prxtbAF-H.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2011-05-09 08:49 176936 ----a-w- c:\program files\AF-HSS\prxtbAF-H.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files\AF-HSS\prxtbAF-H.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-31 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2011-01-27 1432448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2011-1-20 13623048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1459380575-3642727881-1536588390-1001]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL5478F9C9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-20 11:28]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 22:26]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 22:26]
.
2012-03-05 c:\windows\Tasks\Regclean Pro_MONTHLY.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-04-04 16:47]
.
2012-02-29 c:\windows\Tasks\Regclean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-04-04 16:47]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{BB60219B-6FCF-417E-9E18-329B9B435C51}.job
- c:\windows\system32\msfeedssync.exe [2011-05-30 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2765711
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 01:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-06 01:48:06
ComboFix-quarantined-files.txt 2012-03-06 01:47
.
Pre-Run: 3,816,448,000 bytes free
Post-Run: 51,831,480,320 bytes free
.
- - End Of File - - 031D9324BD0FAC860945FC88BDD03A32

yasmin · Jul 31, 2012

Hi

Any feed back because this slow laptop is killing my patience. Still no change

chaslang · Aug 1, 2012

Please do not post any logs inline with your messages. All logs need to be attachments. Also you did not attach the log from Malwarebytes. You posted and inline ComboFix log which was not requested.

I do not know what you mean about Hitman. The link works just fine.

However your problems may not be malware. It may just be that you are running low on memory
Code:
Total Physical Memory 1.99 GB 
Available Physical Memory 250 MB 
I don't suggest any less than 3 GB with Vista.

I will give you some minor things to do but these will not necessarily help with performance.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=100000018&gct=hp
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

After clicking Fix, exit HJT.

Now uninstall Ask Toolbar

Then reboot and see if that helped at all. I don't thing any significant change would occur.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

C:\MGlogs.zip

Make sure you tell me how things are working now!

yasmin · Aug 2, 2012

Hi I Have attached the log C:\MGlogs.zip

Thank you very much for your help.

Its running much better now, but what can I do future to keep my laptop fast?

This keeps happening and also I think I have hardware issues.

Do you think I should get a new laptop?

chaslang · Aug 3, 2012

yasmin said: ↑

Its running much better now, but what can I do future to keep my laptop fast?
Click to expand...

More memory! Uninstall things you don't need/don't use. Make sure they uninstall completely. Don't install things you don't need to begin with. And don't allow things to load at startup unless you really need them to load at startup.

yasmin said: ↑

This keeps happening and also I think I have hardware issues.

Do you think I should get a new laptop?
Click to expand...

That's up to you and what you can afford. If you know you have hardware problems, then you need to try to fix them if possible. Try our Hardware Forum.

Since you are not having malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

Laptop is So Slow

yasmin Private E-2

dr.moriarty Malware Super Sleuth Staff Member

yasmin Private E-2

Attached Files:

RKreport[1].txt

MGlogs.zip

yasmin Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

yasmin Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member