Laptop running slow

My cousin brought her laptop over complaining that it was really slow, and she asked me to take a look at it. She used it at college, and she told me that the tech support there already formatted it once, so I can only assume that she's gotten herself into something that she shouldn't have touched again.

Boot process on this machine is VERY slow. I blame her McAfee software and her bloated startup programs list, as I did not find any signs of significant malware (a few installers for malware, but no I didn't find any installations). The machine will boot fine, but after signing into XP, the disk activity light stays solidly lit for at least 10 minutes every time, though Task Manager shows no real CPU usage. McAfee also turns itself off, then back on, then off, then back on again, which really seems to annoy XP's AV/firewall monitor.

I followed the READ & RUN ME guide, but I didn't see anything that jumped out at me and said, "I'M BAD!" I'm thinking of replacing her copy of McAfee Enterprise VirusScan 8.5i with AVG Free and ZoneAlarm or Comodo, but I wanted to get through the regular malware checkup first before replacing software. Required log files are attached. Anything suspicious?


PC Specs (brief):
Windows XP Professional SP2
Intel T2300 @ 1.66GHz
1024MB memory
C: 43.6 GB / 55.8 GB
Intel 945GM Express (video)

 

MGlogs file attached here.

 

I did not think it was a malware problem either. As soon as I saw McAfee, I assumed that it was the culprit of eternal startup times and slow system reaction. As for finding a replacement, I've been doing a lot of reading on AVG8, Avast!, AntiVir, and a-squared, but it's a rather complex playing field with a lot of information. Having only used AVG7 from the bunch, and having only seen Avast! on a few computers, I am not experienced enough with all of them to make a sound judgment on my own. Care to offer some feedback on my research?

a-squared does not appear to be a "complete" antivirus software; it seems that it focuses on certain subsets of harmful software (trojans, dialers, and spyware), but I believe that SpyBot covers dialers and spyware quite well (not sure how well SpyBot handles trojans). a-squared Free edition does not appear to have an always-on scanner, only on-demand scanning (SpyBot has TeaTimer, but most have that disabled). In any case, it seems to me that a-squared is not what I want to put on her computer.

AntiVir seems to get less attention than either Avast! or AVG, so I don't know much about it, its footprint (CPU and memory), its ease-of-use, or its detection capabilities. The only post I saw regarding AntiVir's footprint was:

Avast! gets high reviews from the community, though there are some complaints about the added boot time due to the boot time scan. I also hear that its User Interface is not very intuitive and that it can be hard to find specific functions within the program. Other than that, I hear that it is a VERY effective antivirus software. Many claim that it has better detection rates than the AVG series.

AVG gets praise for its very simple User Interface and its ease-of-use factor. However, with the new 8 series, I have heard of lots of problems with an included toolbar, the Link-Scanner, and compatibility issues with other anti-malware products. Regarding AVG's footprint (from April 2007):

My cousin is not a techie, so I want something that won't require her intervention very often. AVG7 was very good at this, but now I hear about AVG8's plethora of problems and I am concerned that it would be more of a burden (though there are/were promises that the problems with AVG8 would be fixed by mid-June in an update). I don't have enough experience with Avast! to know if it will tuck itself out of the way and not affect her system's performance enough to suit her, so I am asking the experts here. Advice?


EDIT: Also, should I remove any of the software from the Read & Run Me process? Should I leave some of it installed but keep it from starting with Windows, or should I leave it to autostart?

 

I got rid of ComboFix and MGTools. Should I continue to allow SAS to boot at startup, or just use it manually when needed?

Given the posted problems with AVG8, for now I will uninstall McAfee and replace it with Avast!. Should I use the McAfee Consumer Product Removal Tool or Add/Remove programs (and then the McAfee tool)?

As for firewalls, I have had problems with Comodo blocking dhcp/dns traffic for no known reason (this is reportedly frequently on their forums, but no solutions have been posted other than manual fixes that only work sometime). I will be installing ZoneAlarm on her computer for now since I am familiar with it, unless you have compelling reasons why I should use a different firewall software.

I had her run a long-needed Windows Update. She says that her computer experiences a huge slowdown (read: locks up for at least ten minutes) when it gets plugged into an Internet connection. I am not sure what would cause this other than lots of software trying to update at once. Anyways, let me know if you have any advice regarding all of this. I will resume software adjustments when I have time.

 

Okay, I have had the laptop disconnected from an Internet connection (and the wireless radio turned off). I removed SAS from startup. I removed McAfee using Add/Remove Programs and then I ran MCPR.exe to ensure a total removal. I installed Avast! AntiVirus and ran the update file manually (using a previously downloaded copy of the latest definitions file). I ran a complete system scan and it came back dirty. Avast's logs are attached to this post.

The machine seems to be running at least somewhat better than before. Firewall software will be installed before reconnecting to the Internet, but I wanted to get these last Avast logs resolved first.

 

I recognized the system restore infections, that's fine. I don't know where she downloaded the MP3 file from, but we will probably just delete it. I don't know what the executables on the desktop are, but I can guess that she was looking for a something to fix her computer when I wasn't available to do it, and she ended up finding bogus files.

There are some entries that did not appear in the exported logs that appeared in the original results of the scan:

All entries were marked with "Unable to scan: T...". I can't provide any more info than that at the moment, since this is based on the screenshot provided to me and since Avast did not log this in its exported logs. I'm trying to get more information from the user onsite (I'm no longer on location with the computer).

Any advice on what to do at the moment?

 

Gah, the time period for editing the previous post has passed.

Anyway, I've received updated information on the scan entries listed above. Screenshots are attached to this post.

 

Ugh, Avast's scan results exports are not nearly as detailed as I think they should be. As far as I can tell, if an error is not indicated in the report, that means that action was taken, though it does not indicate WHAT action was taken. Since I have access to the screenshot of the original scan results, I knew that those files had already been moved to Avast's chest (quarantine), but the scan reports that I uploaded here did not explicitly state that. Sorry about that.

Given that the files are already in the chest, and nothing was detected in Program Files concerning them, I don't think that there are any installations associated with them (I would hope that McAfee wasn't TOTALLY useless while it was installed and alerted the user that they were bad files to run). The user has stated that she does not know what those files are.

I must reiterate that this user is NOT computer literate more than understanding how to run Microsoft Word, Internet Explorer, and Firefox. She didn't even understand what her Recycle Bin was until I explained it two weeks ago. Getting detailed information on what is on her computer is likely not going to happen beyond speculation.

Attached is a screenshot of the original scan and results.

 

I can make the suggestion to her, but I doubt that she would be interested in participating in fixing her own computer. She has not been using her computer as I have instructed her to keep it disconnected from the Internet until further notice. Since this is most of her activity on the computer, she just hasn't touched it. Thus, she has not reported any new or lingering issues. I'm told from what little interaction she's had with it that it "seems to be at least a little better". However, I was waiting on final suggestions from you before determining if the system was clean enough to reconnect to the Internet (infected files deleted/quarantined, firewall installed and manually updated, any other checks).

 

Is McAfee SiteAdvisor something like AVG8's new SafeSearch feature? Is it more reliable? I will try PCTools Firewall and see how she fares with it. Hopefully there are no hidden issues remaining.

Thanks for your help!