 |  |  |  |  |  |  |  |
Slow browsing and slow PC
 |
Hi. this pc is slow to start up, shut down and generally a slow performer.
Toshiba Satellite A200 512Mb Vista basic
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41 a.m., on 30/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Brooke\Documents\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Brooke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9XNBCKV\Windows-KB890830-V1.39[1].exe
c:\e6a87d931c3865bc2ea1510e54451f\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotDeletingA7968] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC732] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2881] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9649] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1345] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5556] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2589] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5972] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6630] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8832] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7040] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4394] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5942] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9856] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AutoCleanMemory] "C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe" /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4011] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7610] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4446] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD405] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5304] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7586] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4175] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4018] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8816] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9026] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9380] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9063] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2236] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12146 bytes
Toshiba Satellite A200 512Mb Vista basic
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41 a.m., on 30/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Brooke\Documents\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Brooke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9XNBCKV\Windows-KB890830-V1.39[1].exe
c:\e6a87d931c3865bc2ea1510e54451f\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotDeletingA7968] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC732] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2881] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9649] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1345] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5556] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2589] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5972] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6630] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8832] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7040] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4394] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5942] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9856] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AutoCleanMemory] "C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe" /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4011] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7610] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4446] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD405] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAau.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5304] command /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7586] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4175] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4018] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8816] command /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9026] cmd /c del "C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9380] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9063] command /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2236] cmd /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12146 bytes
•
•
Join Date: Oct 2007
Posts: 1,300
Reputation: 
Solved Threads: 69
Hi there buzzebee and welcome to Daniweb! What I find interesting is that you have a notebook that runs vista with only 512mb RAM, I am not saying that this is a poor machine but vista works a lot better with at least a gig ram. This may not be the problem though!has the machine always been slow ?
Last edited by majestic0110; Mar 29th, 2008 at 5:38 pm.
Computers are man's attempt at designing a cat: It does whatever it wants, whenever it wants, and rarely ever at the right time.
Hi, thanks for the response. I agree 512Mb is a bit light, but it is really only use for internet browsing, email and listening to music. However it used to go very well when new.
Any ideas?
Any ideas?
•
•
Join Date: Feb 2004
Posts: 10,494
Reputation: 
Solved Threads: 805
Can you please do the following.
===============
You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done
.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
===============
Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.
===============
Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's:
1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:
mrtstub.exe*
2) Then if any are found in the 'prefetch' folder, delete them.
Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
c:\e6a87d931c3865bc2ea1510e54451f\mrtstub.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Scan with HijackThis and then place a check next to all the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
c:\e6a87d931c3865bc2ea1510e54451f
C:\Program Files\ShoppingReport
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
===============
You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done
.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
===============
Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.
- Open Windows Defender
- Click Tools
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection (recommended)
- After you uncheck this, click on the Save button
- Close Windows Defender
===============
Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's:
1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:
mrtstub.exe*
2) Then if any are found in the 'prefetch' folder, delete them.
Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
c:\e6a87d931c3865bc2ea1510e54451f\mrtstub.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Scan with HijackThis and then place a check next to all the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
c:\e6a87d931c3865bc2ea1510e54451f
C:\Program Files\ShoppingReport
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo AV/Firewall Spywareblaster
Opera AVAST anti-virus Comodo AV/Firewall Spywareblaster
|
Similar Threads
- IE slow browsing on XP Pro (SP2) (Web Browsers)
- Slow directory listing (Networking Hardware Configuration)
- internet explorer very slow but Just got mozilla and back to good seep. (Windows NT / 2000 / XP)
- Internet Explorer Running SLOW (Web Browsers)
- Solution for slow internet browsing (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Win 32 trojan, please help!!!
- Next Thread: ccleaner list - can someone help??
Views: 1536 | Replies: 3
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
access adobe alert analysis apple array attack avg banks bar botnet botnets c++ center child-protection children chip-and-pin code combofix commercial connect control crypto ddos dialler disk domains dumbass email europe exploit explorer fake firefox fraud google government hack hacking halloween hijack hosting hosts ibm ie8 internet iphone kneber links logfiles login malware mcafee mega-d mozilla msn news norton panel pc phishing police pop porn pro problem redirect regedit report research rogueantivirus rootkit rsa safety samhain search security sites software spam spyware survey symantec system trojan unwanted update virus viruses vista volume vulnerability warning win windows windowsxp worm xp_antispyware_2010 yahoo zeus
