We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this help required
legman
Posts: 2 Newbie
in Techie Stuff
My pc is running very slowly and I am posting details has requested in the hopes that some one can help me.
commit charge total 317236,
commit charge peak 518812,
physical memory total 523760
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:28, on 13/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
WINDOWS2\System32\smss
WINDOWS2\system32\winlogon
WINDOWS2\system32\services
WINDOWS2\system32\lsass
WINDOWS2\system32\svchost
WINDOWS2\System32\svchost
Program Files\Common Files\Symantec Shared\ccSvcHst
Program Files\AVAST Software\Avast\AvastSvc
WINDOWS2\system32\spoolsv
Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
Program Files\Java\jre6\bin\jqs
Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM
WINDOWS2\system32\svchost
WINDOWS2\Explorer
Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2
Program Files\Common Files\Symantec Shared\ccApp
WINDOWS2\system32\RunDll32
Program Files\Common Files\Java\Java Update\jusched
Program Files\AVAST Software\Avast\avastUI
WINDOWS2\system32\ctfmon
Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier
Program Files\Internet Explorer\iexplore
Program Files\Internet Explorer\iexplore
Documents and Settings\User.USER-7E2960FD58\Desktop\HijackThis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [OpwareSE2] "Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2"
O4 - HKLM\..\Run: [ccApp] "Program Files\Common Files\Symantec Shared\ccApp"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "Program Files\Common Files\Java\Java Update\jusched"
O4 - HKLM\..\Run: [avast] "Program Files\AVAST Software\Avast\avastUI" /nogui
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32 WINDOWS2\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon] WINDOWS2\system32\ctfmon
O4 - HKCU\..\Run: [swg] "Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://WINDOWS2\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://PROGRA~1\MICROS~2\OFFICE11\EXCEL/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - WINDOWS2\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} (VM_ActX_2 Control) - downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - WINDOWS2\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - WINDOWS2\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
O23 - Service: avast! Antivirus - AVAST Software - Program Files\AVAST Software\Avast\AvastSvc
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Software Updater (gusvc) - Google - Program Files\Google\Common\Google Updater\GoogleUpdaterService
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - Program Files\Java\jre6\bin\jqs
O23 - Service: LiveUpdate - Symantec Corporation - PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1
Many thanks
commit charge total 317236,
commit charge peak 518812,
physical memory total 523760
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:28, on 13/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
WINDOWS2\System32\smss
WINDOWS2\system32\winlogon
WINDOWS2\system32\services
WINDOWS2\system32\lsass
WINDOWS2\system32\svchost
WINDOWS2\System32\svchost
Program Files\Common Files\Symantec Shared\ccSvcHst
Program Files\AVAST Software\Avast\AvastSvc
WINDOWS2\system32\spoolsv
Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
Program Files\Java\jre6\bin\jqs
Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM
WINDOWS2\system32\svchost
WINDOWS2\Explorer
Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2
Program Files\Common Files\Symantec Shared\ccApp
WINDOWS2\system32\RunDll32
Program Files\Common Files\Java\Java Update\jusched
Program Files\AVAST Software\Avast\avastUI
WINDOWS2\system32\ctfmon
Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier
Program Files\Internet Explorer\iexplore
Program Files\Internet Explorer\iexplore
Documents and Settings\User.USER-7E2960FD58\Desktop\HijackThis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [OpwareSE2] "Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2"
O4 - HKLM\..\Run: [ccApp] "Program Files\Common Files\Symantec Shared\ccApp"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "Program Files\Common Files\Java\Java Update\jusched"
O4 - HKLM\..\Run: [avast] "Program Files\AVAST Software\Avast\avastUI" /nogui
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32 WINDOWS2\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon] WINDOWS2\system32\ctfmon
O4 - HKCU\..\Run: [swg] "Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://WINDOWS2\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://PROGRA~1\MICROS~2\OFFICE11\EXCEL/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - WINDOWS2\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} (VM_ActX_2 Control) - downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - WINDOWS2\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - WINDOWS2\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
O23 - Service: avast! Antivirus - AVAST Software - Program Files\AVAST Software\Avast\AvastSvc
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - Program Files\Common Files\Symantec Shared\ccSvcHst
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Software Updater (gusvc) - Google - Program Files\Google\Common\Google Updater\GoogleUpdaterService
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - Program Files\Java\jre6\bin\jqs
O23 - Service: LiveUpdate - Symantec Corporation - PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1
Many thanks
0
Comments
-
Illegal, cracked copy of Windows?O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)0 -
Sorry about the delay, I have been away. Are you suggesting that I just delete that line? Windows seems to be working OK - abeit rather slowly on startup.0
-
make and model of machine, does it have a genuine windows sticker attached, does it have a factory restore partition, do you have the windows disc?
The best way of cleaning up a slow or badly infected machine is to backup all your data to an external drive, and do a factory restore using the factory restore partition (see manual or manufacturers website) or Windows disc. The alternative is to do it manually as follows (the list may look daunting, but should take less than an hour of effort (apart from virus scans)) :-
__________________________________________________
uninstall yahoo and symantec and google software unless you need them. uninstall any old printer/scanner/phone software that may be on.
Unless you need them running all the time, use the startup tab in msconfig (start, run, msconfig )to disable these items from running at startup (they can always be run manually if needed). When you reboot after doing this, you will get a prompt about selective startup - tick Don't show this message or launch the system configuration utility when windows starts,and click ok
O4 - HKCU\..\Run: [swg] "Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier"
O4 - HKLM\..\Run: [OpwareSE2] "Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2"
O4 - HKLM\..\Run: [ccApp] "Program Files\Common Files\Symantec Shared\ccApp"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "Program Files\Common Files\Java\Java Update\jusched"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32 WINDOWS2\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon] WINDOWS2\system32\ctfmon
O4 - HKCU\..\Run: [swg] "Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'Default user')
This is a general guide on cleaning up infections and speeding up pc's https://forums.moneysavingexpert.com/discussion/2436849
Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim
Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe
Disable ctfmon - control panel, regional and language options,languages, details, advanced, tick the Turn off advanced text services, ok
Click the java icon in control panel, advanced, misc - untick java quick starter, and untick place icon in task bar
Click the java icon in control panel, updates, untick check for updates
__________________________________________________
Using Hijackthis, tick and fix these entries
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} (VM_ActX_2 Control) - downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON] WINDOWS2\system32\CTFMON (User 'Default user')
__________________________________________________
Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log, (firefox plugins don't show up in hijackthis). To disable IE addons, see IE, tools, manage addons
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - WINDOWS2\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - WINDOWS2\Network Diagnostic\xpnetdiag
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Program Files\Messenger\msmsgs
__________________________________________________
delete the googleupdate task from c:\windows\tasks and disable any google update services using services.msc
_________________________________________________
Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). (important:use the "download direct download" link on pcwintech.com, not one from a 3rd party hosting site, the correct filename starts with cleanmem_xxxxx_setup.exe) - if you go to a 3rd party site, you could end up installing a completely different piece of software. Although the site is a little confusing, Cleanmem is free, the paid for version is not needed! If your machine is still slow after doing everything listed, post your commit charge and installed physical ram details from task manager performance
__________________________________________________
start, run, services.msc - disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)
SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client
Also disable these services if you don't use them by running services.msc (or uninstall the underlying software)
Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - Program Files\Symantec\LiveUpdate\ALUSchedulerSvc
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - Program Files\Google\Update\GoogleUpdate
O23 - Service: Google Software Updater (gusvc) - Google - Program Files\Google\Common\Google Updater\GoogleUpdaterService
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - Program Files\Java\jre6\bin\jqs
When you've done all that, reboot, note the commit charge before opening any applications, and post it along with a fresh hijackthis log and any logs of infections
If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. You may get prompted asking if you want to run the free 14 day trial during install, I suggest you decline this offer, as it will slow things down. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/
If it's still slow after doing all that, check the price of a ram upgrade to 1GB www.crucial.com/uk!!
> . !!!! ----> .0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards