Avast free - Startup/ webbrowsing slowdowns

Avast Free Antivirus / Premium Security
21

I ran a MBAM and SA scan 1 or 2 days ago, so I’m just going to post the logs for those for now. If you want me to run an additional scan with MBAM, I’ll do so. Log files are attached.

22

.

23

Your OTL text came through in the incorrect format. Can you re-attach it to the post again in a different format. Use the same format you used for the OTL Extras text file. Thank you. I will contact Essexboy to be alerted for your posted log. Thank you.

24

If you could do that please as it is them main analysis log

25

.

26

OTL logs attached.

27

Thank you Sode no Shirayuki for the OTL logs; it is now in the correct format. Essexboy will also review the logs when he comes on the forum.

28

No indication of other AV drivers/services currently running

Just online armour

29

I followed Charyb’s advice and checked Internet Explorer’s settings. After checking Internet Explorer’s settings I’ve come to the conclusion that the domains listed in my computer’s registry are domains being restricted by Internet Explorer. I matched some of the domains from the logs to the sites listed in Internet Explorer’s internet options.

So… in regards to the startup/ webbrowsing slowdowns, where do we go from here?

Should I delete the following entries?

c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\

Would you recommend attempting to use the Avast uninstall tool to uninstall Avast and install a fresh copy? Perhaps deactivating some startup programs and taking a look at my running processes to see if there any I can remove?

30

@ Essexboy, Do you see anything else in the OP’s OTL logs that need your attention? Are remnants of MSE off the OP’s machine now (see reported registry keys earlier in post)? Thank you.

@ Sode no Shirayuki,

I need to hear back from Essexboy before I can give you further suggestions other than the following:

  1. Look at your Start up items and “Disable” (not delete) items that are not essential.

  2. Do not uninstall/install Avast at this time.

  3. Do you have Avast and OA as trusted exclusions? If not, here is how and this may speed your browsing:

To exclude OA in Avast:

  • Open the Avast GUI > Settings > Exclusions > Add > click on the pop-up window and find C:\Program Files\Online Armor* and click on the BOX to the left of the words (this excludes all subfolders as well).

To exclude Avast in OA:

  • Open the OA GUI > Options > Exclusions > Add > click on the pop-up window and find C:\Program Files\Awil Software\ (for Avast).

Also, open the OA GUI > Programs > untick “Hide Trusted” under Programs so that you can see everything > look to make sure everything from Avast (or other browsers) is not “blocked” (red) or “ask” (yellow). If it is, right-click the item and change it to “Trust.” Reboot.

Did this help resolve your problem?

Essexboy is reporting that MSE is not running, so I would leave it alone until I hear back from him.

31

I told a porkie pie, they were not running but may interfere

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL DRV - [2009/08/22 03:18:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/08/22 03:18:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) [2010/05/22 08:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

:Files
ipconfig /flushdns /c
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

32
3. Do you have Avast and OA as trusted exclusions? If not, here is how and this may speed your browsing:

To exclude OA in Avast:

  • Open the Avast GUI > Settings > Exclusions > Add > click on the pop-up window and find C:\Program Files\Online Armor* and click on the BOX to the left of the words (this excludes all subfolders as well).

To exclude Avast in OA:

  • Open the OA GUI > Options > Exclusions > Add > click on the pop-up window and find C:\Program Files\Awil Software\ (for Avast).

Also, open the OA GUI > Programs > untick “Hide Trusted” under Programs so that you can see everything > look to make sure everything from Avast (or other browsers) is not “blocked” (red) or “ask” (yellow). If it is, right-click the item and change it to “Trust.” Reboot.

I have both Avast and Online Armor set to exclude each other. The only program listed under ‘Programs’ relative to Avast is a driver: aswRdr.sys - I have set the driver to ‘Trust’ as you suggested.

Quote from: Sode no Shirayuki on November 14, 2010, 11:23:15 PM I followed Charyb's advice and checked Internet Explorer's settings. After checking Internet Explorer's settings I've come to the conclusion that the domains listed in my computer's registry are domains being restricted by Internet Explorer. I matched some of the domains from the logs to the sites listed in Internet Explorer's internet options. Did this help resolve your problem?

I originally thought the registry entries to be a potential problem, because they were foreign to me. Since I’ve become to understand the purpose of their presence in the registry I have no longer seen their presence as a potential problem. I’ve left them alone.

The logs for the OTL scans are attached. I posted the logs for both ‘Run Fix’ and ‘Quick Scan’.

p.s. Sorry about the late replies. I’ve been caught up in school work.

33

Thank you for the logs. Essexboy will review them when he returns to the forum. At some point after he is done with your malware removal, I noticed in your logs that you have the “AskToolbar” installed on your machine, which is adware. You probably got this from the FoxIt pdf install; usually a custom install can avoid this. Although it is difficult to remove this toolbar, it is advisable and it can be done. We’ll get your machine sparkling clean when we’re done. :smiley:

34

Looks OK to I now ;D

35
All of the domain names are associated with rogue anti-virus and adult content. I haven't the slightest idea how these domains found their way into my registry
Sorry I had a little difficulty following this thread, but if you're finding registry entries that don't seem legit, isn't that showing a possibility of a virus? I would run the boot-time scan just to be safe personally, even if it did take 8 hours.
36

IE8 has a built in list of bad websites - similar to the various host managers, these are entered in the registry

37

@ Essexboy,

I’ll let you continue with your magic tools, removal, and spring clean up. Then if needed, I can help the OP with any other remaining issues if you want. Thanks.

38

Just the tools to remove

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

39
Just the tools to remove

Run OTL

* Under the Custom Scans/Fixes box at the bottom, paste in the following

  Quote
  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

* Then click the Run Fix button at the top
* Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do not show hidden files and folders.
* Click Yes to confirm.
* Click OK.</blockquote>

Done.

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

* SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

I have SpywareBlaster and Malwarebytes. I downloaded Puran Disc Defragmenter; I also have Auslogics Disk Defragmenter. Would you recommend Puran over Auslogics? My Firewall and Antivirus are Online Armor and Avast respectively.

To keep your operating system up to date visit 
* Microsoft Windows Update</blockquote>

I occasionally check for Windows Updates. I checked for Windows Updates while typing this response; there are none.

40

@ Sode no Shirayuki,

You do not need both defrag tools, however the Puran defrag also allows for a boot-time defrag, is light in the system, and efficient on all OS’s. I have used both and believe Puran does a much better job; I know others will have their opinion. Essexboy does recommend Puran.

You should have no problem with OA and Avast; see my Signature as I use both as well.

Once Essexboy is done with you (he will want you to leave your machine to run for at least a day or two before doing anything else), please check that all your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/. This will scan your system to see if you have any outdated or obsolete software and give you the vendor’s director download patch making it easy for you to fix. Many of us here scan our systems weekly since software changes so quickly. You will also find news of updates to software in our Avast Support section of the forum as well.

@ Essexboy, During your malware removal and cleanup, was the Ask_Toolbar removed or not? If not, I will provide the OP with the tools to remove. Thank you.