Help laptop very slow

Viruses and worms
1

My laptop has been running really slow and especially when going on the internet (I have wifi) so I have no idea why. I sanned the laptop with HJT to see but I don’t understand so can someone please look at the log and see if there is anything wrong with my laptop and how can I fix my sloweness issue with laptop and inernet. Thank you very much!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:44, on 02/03/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM..\Run: [Wbutton] “C:\Program Files\Launch Manager\Wbutton.exe”
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\RunOnce: [ICLaunch000] C:\Users\marie\AppData\Local\Temp_inst1.exe /B1 /DEL
O4 - HKLM..\RunOnce: [ICLaunch001] C:\Users\marie\AppData\Local\Temp_inst2.exe /B1 /DEL
O4 - HKLM..\RunOnce: [ICLaunch002] C:\Users\marie\AppData\Local\Temp_inst1.exe /B1 /DEL
O4 - HKLM..\RunOnce: [BrowserBallot] browserchoice.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra ‘Tools’ menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe


End of file - 6193 bytes

2

OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. It includes all the scan locations of HijackThis and more. It’s not only a more comprehensive scan tool, but also offers more powerful removal features.

Download OTL to your Desktop

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32*.dll /lockedfiles
c:\windows\system32\drivers*.sys /lockedfiles
%systemroot%*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply as an attachment.

3

An analysis of your HJT log shows the following problems :

We couldn’t detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own firewall.

MSIE: Internet Explorer v7.00 (7.00.6000.16982)
IE is now at version 8.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Unnecessary (deactivated) entry that can be fixed.
Related to Windows Live Messenger.
http://www.spyandseek.com/Search.php?search_for=5C255C8A-E604-49b4-9D64-90988571CECB&search=SAS-Search

O4 - HKLM..\RunOnce: [ICLaunch000] C:\Users\marie\AppData\Local\Temp_inst1.exe /B1 /DEL
O4 - HKLM..\RunOnce: [ICLaunch001] C:\Users\marie\AppData\Local\Temp_inst2.exe /B1 /DEL
O4 - HKLM..\RunOnce: [ICLaunch002] C:\Users\marie\AppData\Local\Temp_inst1.exe /B1 /DEL
Possibly related to malware but please wait for a second opinion.
http://www.prevx.com/filenames/1902761907331404648-X1/INST1[n].EXE.html

[b]O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab[/b]
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If you know this site, it should be OK to keep.

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
Unnecessary (deactivated) entry that can be fixed.

Overview of running tasks :

taskeng.exe
System task
Task Scheduler Engine

Dwm.exe
System task
Desktop Window Manager

Explorer.EXE
System task
Microsoft Windows Explorer

MSASCui.exe
Anti Add/Spyware software
Microsoft Windows Defender Antispyware

RtHDVCpl.exe
System task
High definition audio codec driver from Realtek Semiconductor

LaunchAp.exe
Backgroundtask
Part of Acer Launch Manager

HotkeyApp.exe
Backgroundtask
Part of Acer Launch Manager

OSD.exe
Backgroundtask
By Netropa for HP and other brands.

OSDCtrl.exe
Backgroundtask
OSD MFC Application

WButton.exe
Backgroundtask
Acer WButton(2k) (Wireless Button)

ashDisp.exe
Virusscan
Avast AntiVirus

unsecapp.exe
System task
Microsoft Windows Management Instrumentation

taskeng.exe
System task
Task Scheduler Engine

ieuser.exe
Backgroundtask
Internet Explorer

FlashUtil10e.exe
Backgroundtask
Flash Player Helper

HijackThis.exe
Application
Merijn Hijackthis

SearchFilterHost.exe
System task
Microsoft® Windows® Operating System

4

L’arc, here is the two copies of the OTL logs.
Thank you!!

5

CharleyO, I am using Windows Vista Firewall. The Overview of running task you provided is that what running on my laptop? I will update the IE. Thanks

6

Vista firewall is OK but will not show up in HJT.

That was what was running on your laptop when your ran HJT. I can not say what is running now. :wink:

7

Hello, can someone please look at the 4th post on this thread where I have to OTL logs to be checked? Thank you all for your help!!!
Regards, Romina

8

Someone will examine your OTL logs. Right now they are all asleep.

9

Thanks Jtaylor83!!!

10

Hi the logs look good - so lets have a bit of TLC first and then run MBAM

SPRING CLEAN

Download TFC to your desktop

[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter

THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

11

Hello essexboy, thank you for your reply. Just wanted to let you know I tried usinc the TFC and it frozed a couple of times, so I stopped trying, now I am using the FlushFlash but I have a lquestion in regards to which of the three choices should I choose. Thanks

12

If you do not use Adobe to create web sites or PDF’s then select all

13

Hello again,

I did everything you told me to do exept the TFC because of the freezing issue, so here is the log for MBAM, sorry its in French but my husband can’t read english so I hope you understand it… :slight_smile: Thank you again!!

Regards,
Romina

Malwarebytes’ Anti-Malware 1.44
Version de la base de données: 3827
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

05/03/2010 23:53:12
mbam-log-2010-03-05 (23-53-12).txt

Type de recherche: Examen rapide
Eléments examinés: 113162
Temps écoulé: 7 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

14

I speak schoolboy French - ;D

Has that made any difference to the speed ?

15

i think there is a conflict happened to your pc,… Make avast be the only one to protect your pc… Bcoz if u are using another security, there will be a conflict happened to your pc…

For me i have only two security installed here in my pc the malwarebytes and avast but malwarebytes is for removing only and the avast is for security I have use…

:slight_smile:

To make your pc back to normal, unchecked the startup of the some useless software,…

you can find that in here: goto > start > run > type: msconfig then click the startup bar and uncheck the useless startup software u want…

16

Hello emantoyaks,

I also have Malwarebytes for removing and Avast, espcially that my laptop is already 3 years old I really don’t want to clog it with extra software it does not need. Thank you!

17

Go to PROFILE then Modify Profile then Forum Profile Information then Signature: and put information about your system just like my signature so that the helpers can offer perinent advice.

In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesing your Yahoo email address.

Google translate:
Aller au profil, alors Modification du profil puis Informations du profil utilisateur puis Signature: et mettre des informations sur votre système, comme ma signature ainsi que les aidants peuvent offrir perinent conseils.

Dans Paramètres relatifs au compte Sélectionner l’adresse électronique Hide from public pour éviter que les escrocs et les spammeurs harvesing votre adresse e-mail Yahoo.

@ emantoyaks

Do NOT use msconfig as a start up manager as it is a diagnostic tool.