Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
Hi

My laptop has been running extremely slowly lately. I have uninstalled firefox and norton (which i couldnt get to run and have been unable install AVG) tried defragging and going back to an older restore point, all to no effect.

It loads up ok, but if i am online or running a program it runs extremely slow or freezes altogether. I have been unable to run norton antivirus or superantispyware without the machine turninng off, even during safe mode.

I have run the first steps but GMER freezes and i have been unable to save the file log. I have run it 3 times, during the second attempt, the machine shut down with a BSOD (not had this problem previously) I havent been able to save the text document reports from any of the programs - i recieve an error message that there isnt sufficient memory.

The DDS log is below, I hope the attachment has uploaded ok, i had some problems getting this done. Any help or advice you can give me would be much appreciated

DDS LOG


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mikey at 23:16:03.94 on 15/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1997 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mikey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5ZPWXV9\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S2 gupdate1ca0bdac4363ee9;Google Update Service (gupdate1ca0bdac4363ee9);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [2005-9-16 149504]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-9-5 38976]

=============== Created Last 30 ================

2009-12-13 17:07:10 0 --sha-w- c:\users\mikey\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
2009-12-13 17:07:10 0 --sha-w- c:\users\mikey\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
2009-12-13 17:07:10 0 --sha-w- c:\users\mikey\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
2009-12-13 17:07:10 0 --sha-w- c:\users\mikey\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
2009-12-12 22:22:03 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-12 22:20:50 0 d-----w- c:\users\mikey\appdata\roaming\SUPERAntiSpyware.com
2009-12-12 22:20:50 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-12 21:17:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-12 21:00:38 0 d-----w- c:\users\mikey\appdata\roaming\AVG8
2009-12-12 19:35:43 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2009-12-10 13:04:09 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 13:04:09 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 12:52:20 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 19:33:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 19:33:19 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 19:33:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 17:27:44 0 d-----w- C:\9a2b3aee4a33dea808a7d0
2009-12-06 11:24:22 132427624 ----a-w- c:\windows\MEMORY.DMP
2009-11-26 17:41:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:49:58 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:49:55 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 13:49:35 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-13 11:46:40 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-13 11:46:39 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-13 11:46:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-01 20:16:59 41857 ----a-w- c:\programdata\nvModes.dat
2008-10-26 10:07:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-26 10:07:17 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:16:45.09 ===============
 

Attachments

·
Registered
Joined
·
6 Posts
Discussion Starter · #2 ·
As an update, I have been unable to run mber in safe mode

i ran it twice and the machine powered down after sticking for a while

the strange thing is that it seemed to be at the same point in the scan

software\Microsoft\windowsnt\current version\perflib\009

when I had run super anti spyware, it did seem to stick on the same registry key but I never made a note of it... Thought it was a coincidence

please help... I'm reluctant to reformat :-(
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top