Avast free - Startup/ webbrowsing slowdowns

[essexboy]

I told a porkie pie, they were not running but may interfere

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - [2009/08/22 03:18:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
  DRV - [2009/08/22 03:18:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
  [2010/05/22 08:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
  
  :Files
  ipconfig /flushdns /c
  c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\
  c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[Sode no Shirayuki]

3. Do you have Avast and OA as trusted exclusions?  If not, here is how and this may speed your browsing:

To exclude OA in Avast:
- Open the Avast GUI > Settings > Exclusions > Add > click on the pop-up window and find C:\Program Files\Online Armor* and click on the BOX to the left of the words (this excludes all subfolders as well).

To exclude Avast in OA:
- Open the OA GUI > Options > Exclusions > Add > click on the pop-up window and find C:\Program Files\Awil Software\ (for Avast).

Also, open the OA GUI > Programs > untick "Hide Trusted" under Programs so that you can see everything > look to make sure everything from Avast (or other browsers) is not "blocked" (red) or "ask" (yellow).  If it is, right-click the item and change it to "Trust."  Reboot.

I have both Avast and Online Armor set to exclude each other. The only program listed under 'Programs' relative to Avast is a driver: aswRdr.sys - I have set the driver to 'Trust' as you suggested.

Quote from: Sode no Shirayuki on November 14, 2010, 11:23:15 PM
I followed Charyb's advice and checked Internet Explorer's settings. After checking Internet Explorer's settings I've come to the conclusion that the domains listed in my computer's registry are domains being restricted by Internet Explorer. I matched some of the domains from the logs to the sites listed in Internet Explorer's internet options.
Did this help resolve your problem?

I originally thought the registry entries to be a potential problem, because they were foreign to me. Since I've become to understand the purpose of their presence in the registry I have no longer seen their presence as a potential problem. I've left them alone.

The logs for the OTL scans are attached. I posted the logs for both 'Run Fix' and 'Quick Scan'.

p.s. Sorry about the late replies. I've been caught up in school work.

[SafeSurf]

Thank you for the logs.  Essexboy will review them when he returns to the forum.  At some point after he is done with your malware removal, I noticed in your logs that you have the "AskToolbar" installed on your machine, which is adware.  You probably got this from the FoxIt pdf install; usually a custom install can avoid this.  Although it is difficult to remove this toolbar, it is advisable and it can be done.  We'll get your machine sparkling clean when we're done. 

[essexboy]

Looks OK to I now 

[somesome11]

All of the domain names are associated with rogue anti-virus and adult content. I haven't the slightest idea how these domains found their way into my registry

Sorry I had a little difficulty following this thread, but if you're finding registry entries that don't seem legit, isn't that showing a possibility of a virus? I would run the boot-time scan just to be safe personally, even if it did take 8 hours.

[essexboy]

IE8 has a built in list of bad websites - similar to the various host managers, these are entered in the registry

[SafeSurf]

@ Essexboy,

I'll let you continue with your magic tools, removal, and spring clean up.  Then if needed, I can help the OP with any other remaining issues if you want.  Thanks.

[essexboy]

Just the tools to remove

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[Sode no Shirayuki]

Just the tools to remove

Run OTL

    * Under the Custom Scans/Fixes box at the bottom, paste in the following

      Quote
      :Commands
      [resethosts]
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [CLEARALLRESTOREPOINTS]
      [Reboot]

    * Then click the Run Fix button at the top
    * Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Do not show hidden files and folders.
    * Click Yes to confirm.
    * Click OK.

Done.

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

    * SpywareBlaster to help prevent spyware from installing in the first place.
      Malwarebytes.  Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

I have SpywareBlaster and Malwarebytes. I downloaded Puran Disc Defragmenter; I also have Auslogics Disk Defragmenter. Would you recommend Puran over Auslogics? My Firewall and Antivirus are Online Armor and Avast respectively.

To keep your operating system up to date visit

    * Microsoft Windows Update

I occasionally check for Windows Updates. I checked for Windows Updates while typing this response; there are none.

[SafeSurf]

@ Sode no Shirayuki,

You do not need both defrag tools, however the Puran defrag also allows for a boot-time defrag, is light in the system, and efficient on all OS's.  I have used both and believe Puran does a much better job; I know others will have their opinion.  Essexboy does recommend Puran.

You should have no problem with OA and Avast; see my Signature as I use both as well.

Once Essexboy is done with you (he will want you to leave your machine to run for at least a day or two before doing anything else), please check that all your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/.  This will scan your system to see if you have any outdated or obsolete software and give you the vendor's director download patch making it easy for you to fix.  Many of us here scan our systems weekly since software changes so quickly.  You will also find news of updates to software in our Avast Support section of the forum as well.

@ Essexboy,  During your malware removal and cleanup, was the Ask_Toolbar removed or not?  If not, I will provide the OP with the tools to remove.  Thank you.

[Sode no Shirayuki]

Hm, I use secunia PSI myself. In 'Simple' mode there are no threats; however, in 'Advanced' mode there are threats.

There's something I just noticed that concerns me. For the first time, I decided to use secunia PSI in 'Advanced' mode and it displayed Norton Antivirus as a high-level threat. I opened the location of the file and I found many files related to Symantec; many of them related to Norton Antivirus. The location is: C:\SWSetup\InetSec06\US\NAV\External\NORTON

Will these files be a problem to Avast?

[SafeSurf]

I opened the location of the file and I found many files related to Symantec; many of them related to Norton Antivirus. The location is: C:\SWSetup\InetSec06\US\NAV\External\NORTON.  Will these files be a problem to Avast?

Did you run OTL that Essexboy (see his last post) wanted you to run first?  He puts tools on your machine to remove malware, but needs to then remove those tools to have your machine work properly again.

Here is the Symantec/Norton uninstaller tool http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
then reboot your machine.  Or you can wait for him to return before you run this and get his OK first.

[SafeSurf]

I just read Post #30, and he was aware of you having remnants of Symantec/Norton on your machine, but I'm not sure if he removed all of it with his cleaning.  It looks like more will have to be cleaned out.

@ Essexboy, The OP still has remnants of Symantec/Norton on his/her machine (see their last post).  Do you want them to run the Symantec/Norton Uninstaller Tool or use one of your tools?

[essexboy]

The uninstaller would be better young sir 

All I did was kill the running drivers

[SafeSurf]

@ Sode no Shirayuki,

Run the Symantec/Norton uninstaller tool http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
then reboot to get rid of remnants of Symantec/Norton on your machine.  Thank you.

Then Essexboy can continue with you.  Thank you.