1

Hello, my friend’s computer is being super slow. I have access to the computer, and I’m hoping to clean everything up for him. Logs attached.

2

Hi I can see McAfee, Norton and Avast running… No wonder it is slow. You need to uninstall two of those and then run the relevant removal tools

Once done could you re-run FRST and attach fresh logs please

https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

https://service.mcafee.com/FAQDocument.aspx?id=TS101331

http://www.avast.com/en-gb/uninstall-utility

3
Hi I can see McAfee, Norton and Avast running.. No wonder it is slow.
that indicate that he dont know what he is doing, so should probably also remove Comodo and stick with windows firewall ..... less complicated ;)
4

Talked to him, he said he didn’t remember installing any other Anti-Viruses except the Comodo Firewall and Avast. I think McAfee came with the computer, and he doesn’t know where Norton came from. I’ll attach logs in a minute, it’s prompting a restart.

5

Logs as requested.

6

Mainly orphans, could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BHO-x32: No Name -> {B8E07826-0971-4f16-B133-047B88034E89} -> No File FF Extension: IPFlood - C:\Users\pekro_000\AppData\Roaming\Mozilla\Firefox\Profiles\5snw16ny.default\Extensions\ipfuck@p4ul.info.xpi [2015-03-14] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.0.0.52\coFFFw FF Extension: No Name - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.0.0.52\coFFFw\ [Not Found] CHR Extension: (Norton™ Family) - C:\Users\pekro_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2014-08-02] CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\Extensions\Chrome.crx [Not Found] S2 NSM; "C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\NF.exe" /s "NSM" /m "C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\diMaster.dll" /prefetch:1 S2 TampMon; "C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\TampMon.exe" [X] R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0302010.01A\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation) 2015-04-12 16:22 - 2015-04-12 16:22 - 04770280 _____ (McAfee, Inc.) C:\Users\pekro_000\Downloads\MCPR.exe 2015-04-12 16:22 - 2015-04-12 16:22 - 00896048 _____ () C:\Users\pekro_000\Downloads\Norton_Removal_Tool.exe 2015-03-19 17:55 - 2015-03-19 17:55 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} 2015-04-04 09:49 - 2014-08-01 12:19 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Family 2015-04-04 09:44 - 2014-08-01 12:17 - 00000000 ____D () C:\Windows\system32\Drivers\NSMx64 2015-04-04 09:44 - 2014-08-01 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family Task: {3E613E74-BD43-4B63-9CC0-35FD10B88203} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\SymErr.exe Task: {7F199C47-40FA-4647-9C07-CBCFE47663CD} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.2.1.26\SymErr.exe C:\ProgramData\Norton C:\Program Files (x86)\Norton Family C:\Users\pekro_000\jagex_cl_runescape_LIVE.dat C:\Users\pekro_000\random.dat Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

7

Thank you very much. He said the performance on his computer is greatly improved. But, as you were fixing his computer I started to experience lag just opening KillSwitch by Comodo. Also, I’ve noticed visible lag(Mouse lagging, music skipping) while just running HitmanPro, which has never lagged my computer in the past, considering I have a close to high-end gaming computer. I’ll attach logs, and I apologize for having you read many logs. Have a good day. ;D

8

Both hitmanpro and killswitch are processor intensive

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: S0 jvgxuu; No ImagePath S0 mjvhhu; No ImagePath 2015-04-11 09:40 - 2015-03-15 23:44 - 00153408 _____ () C:\WINDOWS\system32\Drivers\zvijcv.sys 2015-04-04 22:53 - 2015-03-15 23:44 - 00153408 _____ () C:\WINDOWS\system32\Drivers\ovanvq.sys Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

9

Thank you very much! Like I said before, I really do appreciate what you guys do on here. ;D KillSwitch booted up in no time, and the HitmanPro scan is back to finishing in 5 minutes(The last scan I did took 3 hours…) Have a great day.

10

Any further problems ?