Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default Hijack this log...computer running very slow

    Computer runs very slow and I followed the instructions for How to Start Removing Viruses and Spyware from your Computer.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:04:07 PM, on 6/29/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1289795596390
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O24 - Desktop Component 0: (no name) - http://www.google.com/images/nav_logo102.png

    --
    End of file - 6687 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi

    Is that the only issue you have is a slow computer, no pop ups, fake scanners, Google redirects, anything like that? When you say slow do you mean the computer or the Internet or both, a slow computer can be defined: example when you try to open say Mycomputer, it's takes more time to open it then usual etc.

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE
    Last edited by zep516; 06-29-2012 at 05:41 PM.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    The computer seems to run slow doing anything. No pop ups or fake scans.

    Here is the dds scan:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 10:33:28 on 2012-06-30
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.265 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289795596390
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{96708615-81B4-4317-88A9-62C9029429FD} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tbw70dw4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/news/news?cmpid=RRWMNews
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCYYYYYYCUUS&ptnrS=ZCYYYYYYCUUS&ptb=Xp8Eum1GY0C7eMivi.P1bA&ind=2012041518&n=77ed512e&psa=&st=kwd&searchfor=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\owner\local settings\application data\robloxversions\version-221a4807685c44e7\NPRobloxProxy.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-06-30 14:21:41 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-30 14:21:40 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-29 18:10:42 -------- d-----w- c:\program files\Trend Micro
    2012-06-29 17:20:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
    2012-06-29 17:20:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
    2012-06-29 16:49:07 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2012-06-29 16:48:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-06-29 16:48:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-29 16:48:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-29 16:06:16 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
    2012-06-29 16:03:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-29 16:03:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-06-29 15:41:45 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61de6fca-700d-4523-b31f-63fd7417326b}\mpengine.dll
    2012-06-26 00:28:20 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-06-16 00:19:26 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-01 00:53:59 -------- d-----w- C:\spoolerlogs
    .
    ==================== Find3M ====================
    .
    2012-06-26 02:58:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-26 02:58:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 10:35:18.50 ===============

  5. #4
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    here is the attach.txt
    Attached Files

  6. #5
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    It also keeps saying virtual memory is too low

  7. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Ok. Let me post the attachment here, so we can see it better, I'll look it over for you and get back to you.

    Thanks...

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/14/2010 11:11:36 PM
    System Uptime: 6/30/2012 10:15:51 AM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0WF887
    Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 59.636 GiB free.
    D: is Removable
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP97: 4/1/2012 8:56:43 PM - Software Distribution Service 3.0
    RP98: 4/2/2012 4:19:34 PM - Software Distribution Service 3.0
    RP99: 4/2/2012 8:56:43 PM - Software Distribution Service 3.0
    RP100: 4/3/2012 4:19:41 PM - Software Distribution Service 3.0
    RP101: 4/3/2012 8:55:51 PM - Software Distribution Service 3.0
    RP102: 4/4/2012 4:19:34 PM - Software Distribution Service 3.0
    RP103: 4/4/2012 8:57:17 PM - Software Distribution Service 3.0
    RP104: 4/5/2012 4:18:41 PM - Software Distribution Service 3.0
    RP105: 4/5/2012 8:57:27 PM - Software Distribution Service 3.0
    RP106: 4/6/2012 4:31:47 PM - Software Distribution Service 3.0
    RP107: 4/6/2012 9:00:26 PM - Software Distribution Service 3.0
    RP108: 4/7/2012 4:21:20 PM - Software Distribution Service 3.0
    RP109: 4/7/2012 8:57:52 PM - Software Distribution Service 3.0
    RP110: 4/8/2012 4:19:58 PM - Software Distribution Service 3.0
    RP111: 4/8/2012 8:58:40 PM - Software Distribution Service 3.0
    RP112: 4/9/2012 3:34:19 PM - Software Distribution Service 3.0
    RP113: 4/9/2012 9:16:28 PM - Software Distribution Service 3.0
    RP114: 4/10/2012 3:35:38 PM - Software Distribution Service 3.0
    RP115: 4/10/2012 9:14:47 PM - Software Distribution Service 3.0
    RP116: 4/11/2012 3:00:37 AM - Software Distribution Service 3.0
    RP117: 4/12/2012 11:24:12 AM - Software Distribution Service 3.0
    RP118: 4/13/2012 12:09:23 PM - Software Distribution Service 3.0
    RP119: 4/14/2012 11:57:26 AM - Software Distribution Service 3.0
    RP120: 4/15/2012 11:56:22 AM - Software Distribution Service 3.0
    RP121: 4/16/2012 11:56:06 AM - Software Distribution Service 3.0
    RP122: 4/17/2012 11:56:16 AM - Software Distribution Service 3.0
    RP123: 4/18/2012 11:56:40 AM - Software Distribution Service 3.0
    RP124: 4/19/2012 11:56:03 AM - Software Distribution Service 3.0
    RP125: 4/20/2012 11:57:06 AM - Software Distribution Service 3.0
    RP126: 4/21/2012 12:37:33 PM - System Checkpoint
    RP127: 4/21/2012 3:35:23 PM - Software Distribution Service 3.0
    RP128: 4/21/2012 8:40:26 PM - Software Distribution Service 3.0
    RP129: 4/22/2012 3:33:57 PM - Software Distribution Service 3.0
    RP130: 4/22/2012 8:38:51 PM - Software Distribution Service 3.0
    RP131: 4/23/2012 3:45:20 PM - Software Distribution Service 3.0
    RP132: 4/24/2012 4:10:37 PM - Software Distribution Service 3.0
    RP133: 4/25/2012 3:27:24 PM - Software Distribution Service 3.0
    RP134: 4/26/2012 6:17:42 PM - Software Distribution Service 3.0
    RP135: 4/27/2012 3:56:59 PM - Software Distribution Service 3.0
    RP136: 4/28/2012 3:28:28 PM - Software Distribution Service 3.0
    RP137: 4/29/2012 3:29:42 PM - Software Distribution Service 3.0
    RP138: 4/30/2012 3:31:12 PM - Software Distribution Service 3.0
    RP139: 5/1/2012 8:05:53 AM - Software Distribution Service 3.0
    RP140: 5/1/2012 4:25:19 PM - Software Distribution Service 3.0
    RP141: 5/2/2012 8:19:53 AM - Software Distribution Service 3.0
    RP142: 5/2/2012 4:26:05 PM - Software Distribution Service 3.0
    RP143: 5/3/2012 4:25:39 PM - Software Distribution Service 3.0
    RP144: 5/4/2012 8:19:48 AM - Software Distribution Service 3.0
    RP145: 5/4/2012 4:26:08 PM - Software Distribution Service 3.0
    RP146: 5/5/2012 3:36:42 PM - Software Distribution Service 3.0
    RP147: 5/6/2012 9:02:59 AM - Software Distribution Service 3.0
    RP148: 5/6/2012 3:36:09 PM - Software Distribution Service 3.0
    RP149: 5/7/2012 9:04:09 AM - Software Distribution Service 3.0
    RP150: 5/7/2012 3:36:08 PM - Software Distribution Service 3.0
    RP151: 5/8/2012 3:47:42 PM - Software Distribution Service 3.0
    RP152: 5/8/2012 9:20:58 PM - Software Distribution Service 3.0
    RP153: 5/9/2012 3:58:04 PM - Software Distribution Service 3.0
    RP154: 5/9/2012 9:20:56 PM - Software Distribution Service 3.0
    RP155: 5/10/2012 3:48:12 PM - Software Distribution Service 3.0
    RP156: 5/11/2012 3:48:37 PM - Software Distribution Service 3.0
    RP157: 5/11/2012 9:21:22 PM - Software Distribution Service 3.0
    RP158: 5/12/2012 3:00:28 AM - Software Distribution Service 3.0
    RP159: 5/12/2012 4:28:00 PM - Software Distribution Service 3.0
    RP160: 5/13/2012 4:23:47 AM - Software Distribution Service 3.0
    RP161: 5/13/2012 4:27:22 PM - Software Distribution Service 3.0
    RP162: 5/14/2012 4:23:56 AM - Software Distribution Service 3.0
    RP163: 5/14/2012 4:27:28 PM - Software Distribution Service 3.0
    RP164: 5/15/2012 4:24:00 AM - Software Distribution Service 3.0
    RP165: 5/15/2012 4:25:57 PM - Software Distribution Service 3.0
    RP166: 5/16/2012 4:26:41 AM - Software Distribution Service 3.0
    RP167: 5/16/2012 4:26:57 PM - Software Distribution Service 3.0
    RP168: 5/17/2012 4:23:39 AM - Software Distribution Service 3.0
    RP169: 5/17/2012 4:27:24 PM - Software Distribution Service 3.0
    RP170: 5/18/2012 4:24:22 AM - Software Distribution Service 3.0
    RP171: 5/18/2012 4:26:39 PM - Software Distribution Service 3.0
    RP172: 5/19/2012 4:24:24 AM - Software Distribution Service 3.0
    RP173: 5/19/2012 4:25:57 PM - Software Distribution Service 3.0
    RP174: 5/20/2012 4:25:19 AM - Software Distribution Service 3.0
    RP175: 5/20/2012 4:27:34 PM - Software Distribution Service 3.0
    RP176: 5/21/2012 4:25:09 AM - Software Distribution Service 3.0
    RP177: 5/21/2012 4:26:40 PM - Software Distribution Service 3.0
    RP178: 5/24/2012 7:25:22 AM - Software Distribution Service 3.0
    RP179: 5/24/2012 7:35:54 AM - Software Distribution Service 3.0
    RP180: 5/25/2012 7:52:54 AM - System Checkpoint
    RP181: 5/25/2012 4:03:22 PM - Software Distribution Service 3.0
    RP182: 5/25/2012 6:57:12 PM - Software Distribution Service 3.0
    RP183: 5/26/2012 6:57:36 PM - Software Distribution Service 3.0
    RP184: 5/27/2012 7:43:17 PM - Software Distribution Service 3.0
    RP185: 5/28/2012 11:49:45 AM - Software Distribution Service 3.0
    RP186: 5/29/2012 10:22:19 AM - Software Distribution Service 3.0
    RP187: 5/30/2012 10:22:26 AM - Software Distribution Service 3.0
    RP188: 5/31/2012 5:35:44 PM - Software Distribution Service 3.0
    RP189: 6/1/2012 4:15:35 PM - Software Distribution Service 3.0
    RP190: 6/2/2012 4:16:07 PM - Software Distribution Service 3.0
    RP191: 6/3/2012 4:15:46 PM - Software Distribution Service 3.0
    RP192: 6/4/2012 3:00:25 AM - Software Distribution Service 3.0
    RP193: 6/4/2012 4:30:54 PM - Software Distribution Service 3.0
    RP194: 6/5/2012 3:30:31 AM - Software Distribution Service 3.0
    RP195: 6/5/2012 3:55:16 PM - Software Distribution Service 3.0
    RP196: 6/6/2012 2:35:41 PM - Software Distribution Service 3.0
    RP197: 6/7/2012 5:28:14 PM - Software Distribution Service 3.0
    RP198: 6/8/2012 3:51:21 PM - Software Distribution Service 3.0
    RP199: 6/15/2012 8:21:39 PM - Software Distribution Service 3.0
    RP200: 6/16/2012 3:00:28 AM - Software Distribution Service 3.0
    RP201: 6/17/2012 3:51:00 AM - System Checkpoint
    RP202: 6/17/2012 4:58:22 PM - Software Distribution Service 3.0
    RP203: 6/19/2012 9:53:22 AM - Software Distribution Service 3.0
    RP204: 6/20/2012 10:30:35 AM - System Checkpoint
    RP205: 6/20/2012 12:39:58 PM - Software Distribution Service 3.0
    RP206: 6/24/2012 8:35:15 PM - Software Distribution Service 3.0
    RP207: 6/25/2012 3:57:32 PM - Software Distribution Service 3.0
    RP208: 6/25/2012 8:28:17 PM - Software Distribution Service 3.0
    RP209: 6/29/2012 11:41:37 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    6400_Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Conexant D850 56K V.9x DFVc Modem
    CustomerResearchQFolder
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocMgr
    DocProc
    DocProcQFolder
    Fax
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Customer Participation Program 10.0
    HP Document Manager 1.0
    HP Imaging Device Functions 10.0
    HP Officejet J6400 Series
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Update
    HPSSupply
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    J6400
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OCR Software by I.R.I.S. 10.0
    ProductContext
    PSSWCORE
    Roblox for Owner
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shop for HP Supplies
    SmartWebPrintingOC
    SoundMAX
    Status
    SUPERAntiSpyware
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    WinRAR 4.00 beta 1 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/24/2012 9:31:07 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/24/2012 8:17:21 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    6/24/2012 10:07:25 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

  8. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Could you do the exercise below please,
    Please download MiniToolBox http://download.bleepingcomputer.com...iniToolBox.exe and run it.

    • Checkmark following boxes:
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    • Click Go and post the result.


    NEXT
    Did you run a Malwarebytes scan? Could you post the log. It's located in the log tabs in the Malwarebytes program. If you did not run it here's the instruction, you won't have to download it cause I see you have it installed already,

    Please download Malwarebytes' Anti-Malware to your desktop from here Malwarebytes.org
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


    I also see that you have visited www.crucial.com. Are you considering adding more ram?
    Last edited by zep516; 07-01-2012 at 08:20 AM.

  9. #8
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    Thank you for your time! I wasnt considering adding more ram to this computer, we primarily use our desktops. Our kids use this one but because it run s so slow they take over the laptops.


    MiniToolBox by Farbar Version: 25-06-2012
    Ran by Owner (administrator) on 05-07-2012 at 22:36:03
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (06/30/2012 10:30:57 AM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1905. Module C:\Program Files\HP\Digital Imaging\Product Assistant\Bin\hpqscprefhelper.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

    Error: (06/30/2012 10:30:57 AM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1905. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.

    Error: (06/29/2012 09:50:37 PM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    Error: (06/29/2012 09:48:32 PM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

    Error: (06/29/2012 03:53:59 PM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

    Error: (06/29/2012 01:53:40 PM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

    Error: (06/29/2012 11:49:05 AM) (Source: MsiInstaller) (User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

    Error: (06/26/2012 09:24:39 AM) (Source: Application Hang) (User: )
    Description: Fault bucket 1678620484.

    Error: (06/25/2012 01:12:47 PM) (Source: Application Hang) (User: )
    Description: Hanging application WINWORD.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (06/24/2012 09:59:49 PM) (Source: MPSampleSubmission) (User: )
    Description: EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile, P4 4.0.1526.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


    System errors:
    =============
    Error: (07/05/2012 02:20:38 PM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (07/02/2012 10:20:45 AM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (06/30/2012 04:47:32 PM) (Source: Print) (User: NT AUTHORITY)
    Description: Document Microsoft Word - House for Sale.docx was corrupted and has been deleted. The associated driver is: HP Officejet J6400 series.

    Error: (06/30/2012 04:44:31 PM) (Source: Service Control Manager) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (06/30/2012 04:18:17 PM) (Source: Service Control Manager) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (06/30/2012 10:19:29 AM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (06/29/2012 03:45:30 PM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (06/29/2012 01:50:18 PM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (06/29/2012 11:32:54 AM) (Source: Service Control Manager) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (06/24/2012 10:10:19 PM) (Source: Print) (User: NT AUTHORITY)
    Description: Document Microsoft Word - House for Sale.docx was corrupted and has been deleted. The associated driver is: HP Officejet J6400 series.


    Microsoft Office Sessions:
    =========================
    Error: (06/30/2012 10:30:57 AM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1905. Module C:\Program Files\HP\Digital Imaging\Product Assistant\Bin\hpqscprefhelper.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.(NULL)(NULL)(NULL)

    Error: (06/30/2012 10:30:57 AM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1905. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.(NULL)(NULL)(NULL)

    Error: (06/29/2012 09:50:37 PM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

    Error: (06/29/2012 09:48:32 PM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

    Error: (06/29/2012 03:53:59 PM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

    Error: (06/29/2012 01:53:40 PM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

    Error: (06/29/2012 11:49:05 AM) (Source: MsiInstaller)(User: AYLA)AYLA
    Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

    Error: (06/26/2012 09:24:39 AM) (Source: Application Hang)(User: )
    Description: 1678620484

    Error: (06/25/2012 01:12:47 PM) (Source: Application Hang)(User: )
    Description: WINWORD.EXE14.0.4734.1000hungapp0.0.0.000000000

    Error: (06/24/2012 09:59:49 PM) (Source: MPSampleSubmission)(User: )
    Description: mptelemetry2152759303unspecifiedscanfile4.0.1526.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL


    ========================= Memory info: ===================================

    Percentage of memory in use: 72%
    Total physical RAM: 765.98 MB
    Available physical RAM: 213.38 MB
    Total Pagefile: 1108.76 MB
    Available Pagefile: 312.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1967.28 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:74.46 GB) (Free:59.49 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\AYLA

    Administrator ASPNET Guest
    HelpAssistant Owner SUPPORT_388945a0


    **** End of log ****


    Malwarebytes Anti-Malware 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.06.29.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: AYLA [administrator]

    6/29/2012 1:58:38 PM
    mbam-log-2012-06-29 (13-58-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192816
    Time elapsed: 29 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  10. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi,

    Lets turn off some start up entries using Hijackthis, these entries are unnecessary, use up ram, can cause slow boot ups too.

    Open Hijackthis, Do a System Scan only, Place a check mark in the following entries:

    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    Click Fixed Checked.
    Close Hijackthis.
    Reboot.

    Post a new Hijackthis log so we can those entries are gone.

    I would strongly consider adding more Ram to the computer too.

    Joe
    Last edited by zep516; 07-05-2012 at 11:05 PM.

  11. The Following User Says Thank You to zep516 For This Useful Post:


  12. #10
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    I dont know if this has to do with being low on ram or not but the sounds on here are like muffled and videos dont load fast either. Sorry, Im not very computer savy If I did want to get more ram, how do I know what to purchase and where to get it?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:48:05 PM, on 7/6/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1289795596390
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O24 - Desktop Component 0: (no name) - http://www.google.com/images/nav_logo102.png

    --
    End of file - 5171 bytes

Page 1 of 2 12 LastLast