New Win 7 machine suddenly running slow

cnsjones · #1 March 28th, 2012, 01:14 PM

Upon someon's suggestion, I ran malwarebytes last evening, and went to bed leaving it running. Came back this am - no report.
Machine was "on" did not "go to sleep"

Shut down and restarted, took about twice as long to start up, has been very fast.

Suspect something "bit" machine. Please help me check this out, I was really getting to enjoy Win 7(Pro) and the new faster machine. Intel I7 64 bit 2.93 GHz 4 MB
Thanks

Fuller

Aaflac · #2 March 28th, 2012, 04:26 PM

Hello again!

Please open Malwarebytes' Anti-Malware, and click the Logs tab.

Is there a report there from your last run?

If so, please post it in your reply.

cnsjones · #3 March 28th, 2012, 06:16 PM

Hi, Here 'tis: (Does not look like much?? why the continuing starting IP protection?
--------------------------------------------

2012/03/28 00:09:37 -0400 ANTEC SonnyJ MESSAGE Executing scheduled update: Daily
2012/03/28 00:09:53 -0400 ANTEC SonnyJ MESSAGE Starting database refresh
2012/03/28 00:09:53 -0400 ANTEC SonnyJ MESSAGE Scheduled update executed successfully: database updated from version v2012.03.26.08 to version v2012.03.27.08
2012/03/28 00:09:53 -0400 ANTEC SonnyJ MESSAGE Stopping IP protection
2012/03/28 00:10:32 -0400 ANTEC SonnyJ MESSAGE IP Protection stopped
2012/03/28 00:10:41 -0400 ANTEC SonnyJ MESSAGE Database refreshed successfully
2012/03/28 00:10:41 -0400 ANTEC SonnyJ MESSAGE Starting IP protection
2012/03/28 00:10:42 -0400 ANTEC SonnyJ MESSAGE IP Protection started successfully
2012/03/28 03:24:57 -0400 ANTEC SonnyJ MESSAGE Starting protection
2012/03/28 03:24:59 -0400 ANTEC SonnyJ MESSAGE Protection started successfully
2012/03/28 03:25:02 -0400 ANTEC SonnyJ MESSAGE Starting IP protection
2012/03/28 03:25:03 -0400 ANTEC SonnyJ MESSAGE IP Protection started successfully
2012/03/28 07:48:32 -0400 ANTEC SonnyJ MESSAGE Starting protection
2012/03/28 07:48:34 -0400 ANTEC SonnyJ MESSAGE Protection started successfully
2012/03/28 07:48:37 -0400 ANTEC SonnyJ MESSAGE Starting IP protection
2012/03/28 07:48:37 -0400 ANTEC SonnyJ MESSAGE IP Protection started successfully
2012/03/28 07:56:59 -0400 ANTEC SonnyJ MESSAGE Starting protection
2012/03/28 07:57:01 -0400 ANTEC SonnyJ MESSAGE Protection started successfully
2012/03/28 07:57:04 -0400 ANTEC SonnyJ MESSAGE Starting IP protection
2012/03/28 07:57:04 -0400 ANTEC SonnyJ MESSAGE IP Protection started successfully

Aaflac · #4 March 29th, 2012, 03:20 AM

That is not the type of log expected...

Is there a log identifying malware, if present?

Quote:

why the continuing starting IP protection?

It looks like IP protection may be stopping automatically when MBAM tries to update, and then reloads automatically after the update attempt. Other IP protection entries are probably related to checking for updates and not finding any.

cnsjones · #5 March 29th, 2012, 03:26 AM

What if anything should I do?

Let me look back at the log again.

cnsjones · #6 March 29th, 2012, 03:29 AM

performing another scan

cnsjones · #7 March 29th, 2012, 03:31 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SonnyJ :: ANTEC [administrator]

Protection: Enabled

3/28/2012 10:28:33 PM
mbam-log-2012-03-28 (22-28-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211988
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Aaflac · #8 March 29th, 2012, 03:37 AM

Have you rebooted a time or two to see if the behavior changes on the computer?

Also, please run the following diagnostics to see what is currently going on with the system:

Step 1:
Download DDS from one of these locations:
Link 1
Link 2

Save it to the Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

Vista/Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Save the reports to your Desktop, and post both reports in your reply.

Step 2:
Also download aswMBR

Save it to the Desktop.

Vista/Windows 7: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to:
Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.

The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!

Exit the program, and post the new aswMBR log in your reply.

Note that a file named MBR.dat is also created on the Desktop.

Please submit MBR.dat for analysis to VirusTotal:
http://www.virustotal.com/

When you get to the website, use the Browse button to navigate to the location of MBR.dat
Click on the file, then, click the Open button.
The file is now displayed in the Submit Box.

Scroll down and click Send File, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: 'Reanalyze file now'

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

cnsjones · #9 March 29th, 2012, 03:46 AM

Sorry Aaflac, but tired now and must go to bed, recovering from ear infection. Will do these tasks tomorrow. and yes I rebooted several times since last we spoke, and other than losing my wireless connection to my printer (now have it back) , things are seemingly a little better. The machine booted from hitting restart to Internet connection established in just under 2 minutes. More stuff on it now than at first of course, so that probably accounts for the additional time, dont you think.

Anyhoo, good night,m and I will do the chores tomorrow am if possible.

Fuller

cnsjones · #10 March 29th, 2012, 01:57 PM

Aaflac, Things seem to be back to normal now. I prefer not to do the tasks you provided at this point. If I have further problems, I will return and ask for you again.
Thanks, I do appreciate your help.

So let's close this thread.

Fuller

Aaflac · #11 March 29th, 2012, 05:06 PM

That's fine.

You do not really have to ask for me. Any Advisor on this Malware forum will help you just as well.

On the problem initially posted...

Something may have hung up in memory when you left MBAM run overnight. Also, if your AV program was not temporarily disabled, the interaction between both programs could have caused a conflict, and created the problem.

Hope you are feeling well soon.