Slow laptop - hijackthis log inc.

Svenena

I've had my laptop for nearly 6 years, and it seems to have slowed down a lot in the past few months. I'm going to work though the steps in the guide provided (thanks to closer and all other contributors), but am starting by posting the requested data.

I should say that having read through the guide, most of it is meaningless to me, so I will probably have to ask for help at some stage. To start with, how to I get a back up of everything? Don't want to risk losing it all (although I obviously have the most important files backed up - more worried about messing up the OS or something).

Thanks in advance! :beer:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:52, on 26/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\sol.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name Surname\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
\Documents and Settings\Name Surname\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www1.firstdirect.com/1/2/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620

Series" /O16 "IP_192.168.0.151" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe"

/hide
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Name Surname\Local

Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program

Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus

digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246994

306686
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?12471

69144833
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) -

https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) -

https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program

Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks -

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 9535 bytes


Commit charge total: 739180
Commit charge peak: 868288
Physical memory total: 1030576

There seem to be a lot of O4s, which I gather from other posts are things that start up when I turn on the comp? Not sure how to stop the ones I don't need though!

Visiondvd

You dont really need anything in the startup folder for windows.
go to run
type in
msconfig
go to startup
apply disable all
scroll through what you think you may want to start up and enable them.
hit ok and restart .

TakeThis

Also, edit your name out of your Hijack This log.

Svenena

Gosh, thanks - I hadn't spotted my name was in there (multiple times, d'oh). All removed now.

I'm not sure what loads of the things in the start up folder are:
igfytray
hkcmd
communications_helper
[there's one not showing a name or command, just blank?]
GrooveMonitor
jusched
adobeARM
QTTask
ctfmon

What are all these?

closed

download and run startuplite

download avast free, uninstall avg, install avast

disable ctfmon - control panel, regional and language options,languages, details, advanced, tick the Turn off advanced text services, ok

IE, tools, internet options, advanced, disable script debugging

TakeThis

Make and model number of your laptop? How much RAM is installed?

Time to add a new RAM module perhaps.

Svenena

It's a Toshiba Satellite Pro L10. Only has 1GB RAM, which according to crucial.com is the max (if I've understood that correctly).

I use Chrome rather than IE, so do I still need to do that IE stuff, or is there an equivalent I need to do to Chrome?

I'll change AVG to Avast tonight, and do the other stuff. I ran Malwarebytes last night and it found (and cleaned) one infected file. How thorough is malwarebytes? Is it worth trying the others suggested as well?

Since I unticked some of the things in the startup folder, I'm getting a message whenever I turn on the laptop, related to it. Can't remember what it says though... I'll check when I'm home this evening.

Thanks for your help so far!

Svenena

Okay, I've now done steps 1-6 of the guide, skipped 7 as I don't use IE (should I do something equivalent to Chrome?), done 8, gonna do 9 later, done 11. So I want to do step 10 now, and then 12 next.

I assume we're talking about add/remove programs here? I've looked in here a couple of times, and been really unsure about what a lot of these are and whether I can get rid of them. If I list those I'm unsure of below, I'd be grateful if you could advise what they are/whether I need them:

Adobe Flash Player 10 Active X
Adobe Flash Player 10 Plug in
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Conexant AC-Link Audio
Juniper Installer Service
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Client
Juniper Terminal Services Client
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL update [various alphanumerics follow this]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable [again followed by alphanumerics]
Microsoft Visual C++ 2008 Redistributable [different ones]
Microsoft Visual C++ 2008 Redistributable [and more]
MSXML 4.0 SP2 (KB954420)
MSXML 4.0 SP2 (KB973688)
SoftV92 Data Fax Modem with Smart CP
WinRAR Archiver

closed

do step 7 as well, then reboot, check and post commit charge and a fresh hijackthis log

TakeThis

Svenena wrote: »

It's a Toshiba Satellite Pro L10. Only has 1GB RAM, which according to crucial.com is the max (if I've understood that correctly).

I use Chrome rather than IE, so do I still need to do that IE stuff, or is there an equivalent I need to do to Chrome?

I'll change AVG to Avast tonight, and do the other stuff. I ran Malwarebytes last night and it found (and cleaned) one infected file. How thorough is malwarebytes? Is it worth trying the others suggested as well?

Since I unticked some of the things in the startup folder, I'm getting a message whenever I turn on the laptop, related to it. Can't remember what it says though... I'll check when I'm home this evening.

Thanks for your help so far!

Yes you are. You have the best man on the job.