We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
"Not Responding"
Comments
-
TICK and FIX these ~
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
Id recommend uninstalling the MSN TOOLBAR SUITE
Id recommend upgrading your RAM as 1gig would see quite an increase in speed
As you have trojans ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
I have removed ADAWARE
I have upgraded to AVG 9.0
IT won't remove, "O3 - Toolbar: FireShot -.........."
How do I remove MSN Toolbar suite?
How do I increase RAM?
Having downloaded ComboFix, there is a window telling me to close applications, so I will post this post now then continue, but what do you mean by "Shut down your anti virus", pretty sure I know but please clarify.Don`t steal - the Government doesn`t like the competition0 -
You don't really need more ram, if you limit what runs at startup, look in task manager, performance tab, peak commit charge, if that is more than 512MB, your pc will slow down
What were the 3 startuplite suggestions you ignored?
The malwarebytes scan says it deleted the infection, but it's still in the hjl log, which is why I asked the order.
Looking back on the malwarebytes list, it appears there are now only 2 on there;-
SunJavaUpdateSched
QuickTime TaskDon`t steal - the Government doesn`t like the competition0 -
To run Combifix I need to disable AVG, does this mean uninstalling? Or is there a way to "just disable"?Don`t steal - the Government doesn`t like the competition0
-
To temporarily disable AVG from running in the background open the AVG user interface (double click system tray icon) and then double-click Resident Shield. Under Resident Shield Settings (towards the bottom) remove the tick from the Resident Shield Active box - click Save Changes and exit.0
-
Have you tried disabling it from the taskbar? Down near the clock on the right, could be with the firewall.more dollar$ than sense0
-
You don't really need more ram, if you limit what runs at startup, look in task manager, performance tab, peak commit charge, if that is more than 512MB, your pc will slow down.
Commit Charge (K)
Total 489772
Limit 1279512
Peak 850560
Bottom bar
Processes 40
CPU usage, varying between 0 & 100%
Commit Charge 511m/1249mDon`t steal - the Government doesn`t like the competition0 -
That tells you that currently you have just enough ram (ignoring shared graphics ram, using 478MB), but at some point (peak commit>512MB) since you started up, you needed to use the pagefile because you ran out of ram, which is when things can go slow.
The cheap answer is to limit what runs at startup, including multiple security software scanners, epson monitors, narrator, javaupdaters, googleupdater, quicktime, photoshop album starter, MSGTAG, dwtrig20 etc., and trimming all those IE browser helper objects, all stuff that doesn't need to be running all the time, taking memory and cpu cycles.
As you have found, none of that security software picked up a well known infection.!!
> . !!!! ----> .0 -
To temporarily disable AVG from running in the background open the AVG user interface (double click system tray icon) and then double-click Resident Shield. Under Resident Shield Settings (towards the bottom) remove the tick from the Resident Shield Active box - click Save Changes and exit.Have you tried disabling it from the taskbar? Down near the clock on the right, could be with the firewall.
Have done as in post #26.Don`t steal - the Government doesn`t like the competition0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
ComboFix 10-04-04.01 - user 05/04/2010 17:43:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.161 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\Desktopicon
c:\documents and settings\user\Application Data\Desktopicon\config.ini
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
.
((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.
2010-04-05 15:05 . 2010-04-05 15:05
d
w- C:\$AVG
2010-04-05 15:05 . 2010-04-05 15:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-05 15:05 . 2010-04-05 15:05 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-05 15:04 . 2010-04-05 15:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-05 15:04 . 2010-04-05 15:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-05 15:04 . 2010-04-05 15:04
d
w- c:\windows\system32\drivers\Avg
2010-04-05 15:00 . 2010-04-05 15:00
d
w- c:\documents and settings\All Users\Application Data\avg9
2010-04-05 14:30 . 2010-04-05 14:30
d
w- c:\program files\Trend Micro
2010-04-05 10:33 . 2010-04-05 10:33
d
w- c:\documents and settings\user\Application Data\Malwarebytes
2010-04-05 10:32 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 10:32 . 2010-04-05 10:32
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-05 10:32 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 10:32 . 2010-04-05 14:41
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 09:28 . 2010-03-31 09:28 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcp71.dll
2010-03-31 09:28 . 2010-03-31 09:28 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\jmc.dll
2010-03-31 09:28 . 2010-03-31 09:28 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcr71.dll
2010-03-31 09:28 . 2010-03-31 09:28 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-sse.dll
2010-03-31 09:28 . 2010-03-31 09:28 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-d3d.dll
2010-03-30 08:51 . 2010-03-30 08:51
d
w- c:\documents and settings\user\Local Settings\Application Data\Real
2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-30 08:48 . 2010-03-30 08:48 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-30 08:48 . 2010-03-30 08:48 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-30 08:48 . 2010-03-30 08:48 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-30 08:48 . 2010-03-30 08:48 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-30 08:48 . 2010-03-30 08:48 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-30 08:43 . 2010-03-30 08:43
d
w- c:\program files\Common Files\xing shared
2010-03-29 10:29 . 2010-02-12 10:03 293376
w- c:\windows\system32\browserchoice.exe
2010-03-22 11:38 . 2010-03-22 11:38
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-21 12:37 . 2010-03-21 12:37
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-21 12:36 . 2010-03-21 12:39
d
w- c:\documents and settings\user\Local Settings\Application Data\Temp
2010-03-11 08:50 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:33 . 2010-03-10 04:33 1025024 -c----w- c:\windows\system32\dllcache\browseui.dllDon`t steal - the Government doesn`t like the competition0 -
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 16:49 . 2007-05-02 12:47
d
w- c:\documents and settings\All Users\Application Data\Kontiki
2010-04-05 15:23 . 2005-08-01 20:11
d
w- c:\documents and settings\user\Application Data\Lavasoft
2010-04-05 15:00 . 2008-07-22 10:56
d
w- c:\program files\AVG
2010-04-02 10:01 . 2005-08-12 12:23
d
w- c:\program files\OpenOffice.org1.1.0
2010-03-31 09:29 . 2006-01-05 11:13
d
w- c:\program files\Common Files\Java
2010-03-31 09:26 . 2006-01-05 11:15
d
w- c:\program files\Java
2010-03-30 09:00 . 2007-10-30 15:35
d
w- c:\program files\SUPERAntiSpyware
2010-03-30 08:57 . 2009-07-12 09:15 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-30 08:48 . 2005-08-05 22:11
d
w- c:\program files\Common Files\Real
2010-03-30 08:44 . 2005-08-05 22:11
d
w- c:\program files\Real
2010-03-30 08:42 . 2005-08-01 19:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-30 08:42 . 2005-08-01 19:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-21 12:41 . 2005-08-01 19:36
d
w- c:\program files\Google
2010-03-09 03:28 . 2008-12-20 10:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-08-01 20:34 81920
w- c:\windows\system32\ieencode.dll
2010-02-24 10:16 . 2009-10-03 08:52 181632
w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSGTAG"="c:\program files\MSGTAG\MSGTAG.exe" [2003-09-16 1320448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]Don`t steal - the Government doesn`t like the competition0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards