Author Topic: Avast free - Startup/ webbrowsing slowdowns  (Read 19737 times)

0 Members and 1 Guest are viewing this topic.

SafeSurf

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #15 on: November 11, 2010, 09:58:14 AM »
If there is a legitimate uninstaller tool for MSE it should be located on Microsoft's website which I've yet to find.
MSE Uninstaller: http://support.microsoft.com/kb/2435760/

What in the world are all of the listed domains? Their legitimacy look questionable. The report file for the scan is attached.
That is quite the report.  Have you tried running this is Safe Mode?  Did you run CCleaner after running this with the Registry cleaner portion then reboot?

My other suggestion is updating and running an MBAM scan and an Avast boot-time scan just to make sure you are clean.


Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #16 on: November 11, 2010, 07:23:42 PM »
"My other suggestion is updating and running an MBAM scan and an Avast boot-time scan just to make sure you are clean."

I performed a full-scan with the most up-to-date versions of Malwarebytes' Antimalware and Super Antispyware. The results were completely clean with the exception of a few Adware Tracking Cookies that Super Antispyware found, which I successfully took care of. I have not run a scan using Avast's boot-time scan recently. I've used that feature once thus far and it took upwards 8 hours to complete. I actually created a thread about it once and didn't find a solution. I will have to create another thread in the near future. However, that scan too was completely clean. I can't see myself getting malware-infected after the last time using Avast's boot-time scan seeing as I run Sandboxie while surfing the internet. Furthermore the MBAM and SA scans were clean, and Avast's real-time protection has not yet alerted me.

"MSE Uninstaller: http://support.microsoft.com/kb/2435760/"

That site doesn't actually contain an uninstall tool, rather it provides directions for manually removing the program (e.g. registry keys). I went ahead and followed the directions, though. The only two things that I could find that are potentially relevant to Microsoft Security Essentials in the registry are:

c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\

"That is quite the report.  Have you tried running this is Safe Mode?  Did you run CCleaner after running this with the Registry cleaner portion then reboot?"

I have tried running CCleaner. I have not yet tried running the Avira RegCleaner in safe mode; I will do so.




Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #17 on: November 12, 2010, 03:56:19 AM »
Ran Avira RegCleaner in safe mode. Faster scan, same exact results. The results are attached.

Again, the domains found in the registry concern me. All of the domain names are associated with rogue anti-virus and adult content. I haven't the slightest idea how these domains found their way into my registry, but I'm thinking it'd be a good idea to delete all of them, yes?

« Last Edit: November 12, 2010, 04:15:12 AM by Sode no Shirayuki »

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #18 on: November 12, 2010, 04:37:59 AM »
I thought this would be helpful. Those might have been added by one of your AV programs. Black list??

http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/02/how-can-i-add-a-site-to-internet-explorer-s-restricted-sites-zone.aspx

*How Can I Add a Site to Internet Explorer’s Restricted Sites Zone?

Zone information for Internet Explorer can be found in the following portions of the registry:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
 
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

*However, I don't know what registry value was placed on them. Hopefully they were set to restricted and don't come back after you delete them. Before you delete them you should go to Internet options/security/restricted sites and click on sites to double-check or open Regedit and look at the the registry value. If they are all set to 4 then they were restricted. If they were set to anything other than restricted (1, 2, or 3) that would be very suspicious.

Assign the registry value the appropriate Internet Explorer security zone. Each Internet Explorer security zone is represented by a number. The Restricted Sites zone is number 4; here’s a list including other zones:

Zone
 Value
Intranet
 1
Trusted Sites
 2
Internet
 3
Restricted Sites
 4
 
Personally, I would reset Internet Explorer (without re-setting personal settings). Internet options\Advanced settings\Reset. And delete those registry entries. This is just my opinion and observation. Please wait for SafeSurf to instruct you.
 
« Last Edit: November 12, 2010, 06:01:41 AM by Charyb »

SafeSurf

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #19 on: November 12, 2010, 08:38:56 AM »
@ Sode no Shirayuki,

Hold off on making changes to your machine right now.  The problem we have is that you still have remnants of other AV in your system and this can create problems, but I do not know about these Avira registries; they may be from a blacklist, but I am not sure.  I therefore want to rule out malware and consult with one of our specialists.  I'd like you first to do the following:

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0

Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs.  Post the MBAM log here and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the OTL logs will be on your desktop > Post). 

I will review your logs, but I am also going to refer you to our Certified Malware expert, named Essexboy after you post your logs; I am not saying that you have malware, but I want to rule it out and the these logs will give us a better picture.  He will give you further instructions, however he comes on the forum late UK time.  He will respond to you in this thread, so remember to check this thread daily.  I will continue to provide assistance in the meantime, then remain in the background while he works with you.  If he finds no malware, I will continue working with you. 

Please do not make any further changes to your machine once you have provided the logs.

Let me know if you have any questions.  Thank you.

Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #20 on: November 12, 2010, 05:11:58 PM »
I ran a MBAM and SA scan 1 or 2 days ago, so I'm just going to post the logs for those for now. If you want me to run an additional scan with MBAM, I'll do so. Log files are attached.

Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #21 on: November 12, 2010, 05:14:16 PM »
.
« Last Edit: November 14, 2010, 06:01:17 AM by Sode no Shirayuki »

SafeSurf

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #22 on: November 13, 2010, 10:18:36 AM »
Your OTL text came through in the incorrect format.  Can you re-attach it to the post again in a different format.  Use the same format you used for the OTL Extras text file.  Thank you.  I will contact Essexboy to be alerted for your posted log.  Thank you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #23 on: November 13, 2010, 12:06:03 PM »
If you could do that please as it is them main analysis log

Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #24 on: November 14, 2010, 05:32:10 AM »
.
« Last Edit: November 14, 2010, 05:58:06 AM by Sode no Shirayuki »

Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #25 on: November 14, 2010, 05:37:11 AM »
OTL logs attached.
« Last Edit: November 14, 2010, 06:01:33 AM by Sode no Shirayuki »

SafeSurf

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #26 on: November 14, 2010, 08:35:17 AM »
Thank you Sode no Shirayuki for the OTL logs; it is now in the correct format.  Essexboy will also review the logs when he comes on the forum.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #27 on: November 14, 2010, 12:11:35 PM »
No indication of other AV drivers/services currently running

Just online armour

Sode no Shirayuki

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #28 on: November 15, 2010, 01:23:15 AM »
I followed Charyb's advice and checked Internet Explorer's settings. After checking Internet Explorer's settings I've come to the conclusion that the domains listed in my computer's registry are domains being restricted by Internet Explorer. I matched some of the domains from the logs to the sites listed in Internet Explorer's internet options.

So... in regards to the startup/ webbrowsing slowdowns, where do we go from here?

Should I delete the following entries?

c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\

Would you recommend attempting to use the Avast uninstall tool to uninstall Avast and install a fresh copy? Perhaps deactivating some startup programs and taking a look at my running processes to see if there any I can remove?
« Last Edit: November 15, 2010, 01:25:27 AM by Sode no Shirayuki »

SafeSurf

  • Guest
Re: Avast free - Startup/ webbrowsing slowdowns
« Reply #29 on: November 15, 2010, 09:00:25 AM »
@ Essexboy,  Do you see anything else in the OP's OTL logs that need your attention?  Are remnants of MSE off the OP's machine now (see reported registry keys earlier in post)?  Thank you.

@ Sode no Shirayuki,

I need to hear back from Essexboy before I can give you further suggestions other than the following:

1. Look at your Start up items and "Disable" (not delete) items that are not essential.

2. Do not uninstall/install Avast at this time.

3. Do you have Avast and OA as trusted exclusions?  If not, here is how and this may speed your browsing:

To exclude OA in Avast:
- Open the Avast GUI > Settings > Exclusions > Add > click on the pop-up window and find C:\Program Files\Online Armor* and click on the BOX to the left of the words (this excludes all subfolders as well).

To exclude Avast in OA:
- Open the OA GUI > Options > Exclusions > Add > click on the pop-up window and find C:\Program Files\Awil Software\ (for Avast).

Also, open the OA GUI > Programs > untick "Hide Trusted" under Programs so that you can see everything > look to make sure everything from Avast (or other browsers) is not "blocked" (red) or "ask" (yellow).  If it is, right-click the item and change it to "Trust."  Reboot.

I followed Charyb's advice and checked Internet Explorer's settings. After checking Internet Explorer's settings I've come to the conclusion that the domains listed in my computer's registry are domains being restricted by Internet Explorer. I matched some of the domains from the logs to the sites listed in Internet Explorer's internet options.
Did this help resolve your problem?

Should I delete the following entries?
- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\
- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\
No indication of other AV drivers/services currently running
Essexboy is reporting that MSE is not running, so I would leave it alone until I hear back from him.