Hijack this log - Can anyone help quicken up very slow laptop?

closed

I'm getting deja vu.

If you want to speed it up, at least try the suggestions, if it doesn't work, you can put them back on.

RussJK

Lady_K wrote: »

Also under it is something that says malwareremovalbot by antispyware llc which says also that it was used on 22 may 2009.

That's regarded as a rogue application.

Lady_K

closed wrote: »

I'm getting deja vu.

If you want to speed it up, at least try the suggestions, if it doesn't work, you can put them back on.

Sorry for some reason part of your post earlier did not show up in full to me, I have uninstalled za, sas and sorted java and removed all the 16's. I should have done everything suggested.

I am just going to unintal the malwarebytes and malwareremovalbot thing because I'm a bit confused by the add remove programs info on it, I will then reinstal and post hijack this log

closed

and spybot

could you reboot, then post a fresh log, along with commit charge, and how it is running now

Lady_K

I only use spybot to immunize and without tea timer should I still uninstal it?

Lady_K

I removed malwarebytes but havent reinstalled yet
removed spybot too

I also removed the malwareremovaltool, hoping its all gone but there were about 7 entries when searching files for it that would not allow me to delete before I rebooted.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:16:22, on 21/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
--
End of file - 3695 bytes

closed

commit charge after a reboot?

do you need this C:\Program Files\Windows Live\Messenger\msnmsgr.exe running?

Is it still slow?

uninstall the brother printer software

If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. You may get prompted asking if you want to run the free 14 day trial during install, I suggest you decline this offer, as it will slow things down. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/

__________________________________________________

Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim

_________________________________________________

Using Hijackthis, tick and fix these entries


O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

__________________________________________________
_________________________________________________

Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). In windows explorer, go to c:\windows\tasks, click on the clean system memory task, schedule, advanced, and change it from every 30 minutes to every 5 minutes, then ok, ok. Find c:\program files\cleanmem\mini_monitor, run it and right click the icon (near the clock) to set it to automatically run at startup, show percentage to keep an eye on your ram use. If your machine is still slow after doing everything listed, post your commit charge and installed physical ram details from task manager performance

In internet explorer, click on tools, internet options, advanced, disable script debugging to stop this running

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

__________________________________________________

start, run, services.msc, disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)

SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client


_________________________________________________

When you've done all that, post a fresh hijackthis log and any logs of infections

Lady_K

Cleanmem totals

directly after reboot

mem used 181.36mb
mem total 958.98mb
commit total 135.36mb

now after signing into win messenger and coming on here

mem used 166.08mb
mem total 958.98mb
commit charge 265.25mb

No infections in malwarebytes full scan

Forgot to say also that I did defrag the system yesterday afternoon with the monthly system defrag program that Russ suggested, it took 5.5 hours to complete

Brother software was uninstalled about 2 yrs ago with add remove plus I ran a find files search. That file does come up in find files as win32 but it will not let me delete it. I checked again in services.mcs and I had only changed it to manual rather than disable so should be ok now

I did disable the items in service apart from the last one, the 'distributed link tracking agent' I just want to be sure that disabling it wont effect my tracking when using cashback sites to buy things, I can always go back and disable it later if I find it doesnt.

Start up is massively improved, prior to the changes I said it was taking just short of 5 mins from when the wallpaper showed to the icons appearing, now they appear about 1 min 20 secs after so thats a big improvement for an older laptop

Ran hijackthis after typing the above

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:13:28, on 21/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [CleanMem Mini Monitor] C:\Program Files\CleanMem\Mini_Monitor.exe /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
--
End of file - 3541 bytes

GunJack

one thing - your avast is still on version 5, you should really have updated to version 6. Go here to update to latest version:-

http://www.filehippo.com/download_avast_antivirus/

you can disable the webrep element from the user interface, unless you really like green volume-type bars on your browser


You could also use CCleaner > tools > Startup to disable the windows Live elements from running on bootup

Lady_K

I have Avast 601203 and always update as soon as it alerts me, if it says Avast 5 not sure why or if it has some of the old Avast on

I also don't have webrep at least its sayin plugin not installed in Avast and there are no weprep signs in my browsers, I didnt want it so hope its not there

I checked in ccleaner tools startup and everything is set to no at start up apart from Avast and the Cleanmem. The only thing related to windows live showing in there is msnmsgr and that says no too. I have the messenger options not to start when windows begins. So not sure why if anything is showing in the log for those things