Hijack this log please

chocomonsta

Hiya I am not ignoring you.............it turned off again..sigh,

will do the hijack this and report back

cheers

chocomonsta

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:29:09, on 11/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Win XP\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SFTray] C:\Documents and Settings\Win XP\Local Settings\Application Data\SuperFast\tray\sftrayicon.exe
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
--
End of file - 5482 bytes

closed

Disable this one

O4 - HKCU\..\Run: [SFTray] C:\Documents and Settings\Win XP\Local Settings\Application Data\SuperFast\tray\sftrayicon.exe

and give it a scan with malwarebytes and avast browser cleanup

apart from that, looks ok generally, but you'll notice a lot of roboform entries

which browsers are installed now?

whats the commit charge when it goes slow.

are the leads to the monitor secure at both ends

chocomonsta

commit charge 360308

limit 1279544

peak 377352

chocomonsta

will do the malwarebytes

"?? looks ok generally, but you'll notice a lot of roboform entries

should I delete Roboform, I dont think I use it that much ......what would I use instead?

closed

What do you use it for?

It clutters logs up, and will use some resources, which you are short of.


Try cleanmem to make best use of your ram, pending a possible upgrade , use the direct download link at the bottom of this page

http://www.pcwintech.com/cleanmem
(Direct Download)
Setup File Info: (3.19 MB) (MD5 Hash - BD0991B4E804E075906FC2A2EADF8197)

it should download
cleanmem_v2.4.3_setup.exe


Are those commit charges when it goes slow?

chocomonsta

lol well I used to use it for competitions but not recently as I am only using PC minimally before it turns off!

i have installed the cleanmem is something supposed to happen or does it run in the background? told you I was not even slightly techie

commit charge is as it is running now, which seems ok,

It very often goes slow or grinds to a halt when I am on Daily Mail website

I now have the extra monitor here now, but I suppose I ought to wait until it switches off, then I can replace to see if it is the monitor that is faulty or my PC?

closed

if you don't use it much, uninstall it.

cleanmem sits in the background, it should have created a task under c:\windows\tasks if installed correctly

check the price of a ram upgrade, www.crucial.com/uk

you need to check the commit charge when it goes slow, if the commit charge is over 512MB, then insufficient ram is the most likely cause of slowness. if commit is under 512, then it should run ok.

re monitor, also need to make sure it's not the lead , or powersaving

chocomonsta

well before I checked that the leads were all secure and they seemed to be but then it switched off (as in screen goes black but monitor light is still on blue) then if I switch monitor on it comes on properly so I can see pages I am browsing but only for a second or two then goes black again.

closed

unscrew, and reseat both ends of the lead, check for kinks, and if it's a regular occurence, try the other monitor.

if you haven't already, give it a quick cleanup with ccleaner, to clear out the web cache, links in speedup sticky