trying to speed up father in laws comp

jrossjord

http://www.pastebin.ca/2431008

closed

seagate dashboard, need it? if not uninstall or disable from startup

Go into the connection settings of all your browsers, and remove the proxy entry (IE Tools, internet options, connections/firefox tools, advanced, network, settings etc), the entry below is usually a sign or remnants of an infection causing browser redirection. Note proxy settings for browsers other than IE don't show up in hijackthis logs, so check them manually

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

This is a list of (or remnants of) security software you have already - uninstall them (after installing Avast) in Control Panel (add/remove programs or programs/features) to keep your PC running smoothly, too much overlapping or bloated security or useless tuning software can have a drastic effect on performance - always leave one resident scanner running (eg avast/avira etc)

---- avg

---

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)

---- outpost

---

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)

__________________________________________________

Unless you need them running all the time, use the startup tab in msconfig (start, run, msconfig )to disable these items from running at startup (they can always be run manually if needed). When you reboot after doing this, you will get a prompt about selective startup - tick Don't show this message or launch the system configuration utility when windows starts,and click ok

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


Disable ctfmon - control panel, regional and language options,languages, details, advanced, tick the Turn off advanced text services, ok

Using Hijackthis, tick and fix these entries
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.etechb.co.uk/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103315274046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367273922406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: pcCMService - Unknown owner - C:\Program Files\Common Files\Motive\pcCMService.exe (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox/chrome plugins that you don't need. This is a list of the IE BHO's evident in the log, (firefox/chrome plugins don't show up in hijackthis). To disable IE addons, see IE, tools, manage addons

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

__________________________________________________

Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). (important:use the "download direct download" link on pcwintech.com, not one from a 3rd party hosting site, the correct filename starts with cleanmem_xxxxx_setup.exe) - if you go to a 3rd party site, you could end up installing a completely different piece of software. Although the site is a little confusing, Cleanmem is free, the paid for version is not needed!

__________________________________________________

Disable error reporting (but leave notify me when critical errors occur ticked), in control panel, system, advanced error reporting

start, run, services.msc - disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)

SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking




__________________________________________________


__________________________________________________

Disable error reporting (but leave notify me when critical errors occur ticked), in control panel, system, advanced error reporting



O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system 32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
AVG10 Is out of date, you may wish to update or uninstall it

O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)

closed

mse's editing bug is causing mayhem, adding and removing things from my post on it's own

Could you do a search and replace on your hijackthis log in notepad, and replace all the m32 's with m33

you should then be able to post the log properly on mse

closed

01.
Logfile of Trend Micro HijackThis v2.0.4

02.
Scan saved at 14:16:05, on 12/08/2013

03.
Platform: Windows XP SP3 (WinNT 5.01.2600)

04.
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

05.
Boot mode: Normal

06.


07.
Running processes:

08.
C:\WINDOWS\system 32\smss.exe

09.
C:\WINDOWS\system 32\winlogon.exe

10.
C:\WINDOWS\system 32\services.exe

11.
C:\WINDOWS\system 32\lsass.exe

12.
C:\WINDOWS\system 32\svchost.exe

13.
C:\WINDOWS\system 32\svchost.exe

14.
C:\Program Files\Ahead\InCD\InCDsrv.exe

15.
C:\WINDOWS\system 32\svchost.exe

16.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17.
C:\WINDOWS\system 32\spoolsv.exe

18.
C:\WINDOWS\system 32\svchost.exe

19.
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

20.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

21.
C:\WINDOWS\system 32\svchost.exe

22.
C:\WINDOWS\system 32\svchost.exe

23.
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

24.
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

25.
C:\WINDOWS\system 32\svchost.exe

26.
C:\WINDOWS\Explorer.EXE

27.
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

28.
C:\Program Files\iTunes\iTunesHelper.exe

29.
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

30.
C:\Program Files\Logitech\QuickCam\Quickcam.exe

31.
C:\Program Files\AVAST Software\Avast\avastUI.exe

32.
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

33.
C:\Program Files\Logitech\SetPoint\SetPoint.exe

34.
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

35.
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

36.
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

37.
C:\Program Files\iPod\bin\iPodService.exe

38.
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

39.
C:\Program Files\Internet Explorer\IEXPLORE.EXE

40.
C:\Program Files\Internet Explorer\IEXPLORE.EXE

41.
C:\WINDOWS\system 32\ctfmon.exe

42.
C:\Documents and Settings\Victor\Desktop\HijackThis.exe

43.


44.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

45.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

46.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news

47.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

48.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

49.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

50.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

51.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

52.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568

53.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

54.
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

55.
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

56.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

57.
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

58.
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

59.
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

60.
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

61.
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

62.
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

63.
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

64.
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

65.
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

66.
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

67.
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

68.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

69.
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

70.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system 32\ctfmon.exe

71.
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

72.
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

73.
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

74.
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?

75.
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)

76.
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

77.
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

78.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

79.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

80.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

81.
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab

82.
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.etechb.co.uk/CACHE/stc/1/binaries/vpnweb.cab

83.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103315274046

84.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367273922406

85.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

86.
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

87.
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)

88.
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

89.
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

90.
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system 32\browseui.dll

91.
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system 32\browseui.dll

92.
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system 32\Macromed\Flash\FlashPlayerUpdateService.exe

93.
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

94.
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)

95.
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

96.
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

97.
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

98.
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

99.
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

100.
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

101.
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

102.
O23 - Service: pcCMService - Unknown owner - C:\Program Files\Common Files\Motive\pcCMService.exe (file missing)

103.
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

104.
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

105.
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

106.
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

107.


108.
--

109.
End of file - 9449 bytes

NiftyDigits

jrossjord wrote: »

Shuttle X??

Huh? What?

If all else fails you have the option of a clean install. But following closed's instruction should do the trick.

jrossjord

Have tried to fix all the things you've said. Am going to be a bit stuck now as going home tomorrow - think I've done what I can and the comp is still slow to boot - father in law probably won't bother to try anything else, will just go out and buy new comp! So anyone in N Ireland look out for a bargain second hand comp!

closed

post a fresh hijackthis log and commit charge

you can still look at it remotely, avast has remote control built in

if you have the disk, a reinstall of windows will cure it.