We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

"Not Responding"

1246

Comments

  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    closed wrote: »
    That tells you that currently you have just enough ram (ignoring shared graphics ram, using 478MB), but at some point (peak commit>512MB) since you started up, you needed to use the pagefile because you ran out of ram, which is when things can go slow. The cheap answer is to limit what runs at startup, including multiple security software scanners, epson monitors, narrator, javaupdaters quicktime, photoshop album starter, MSGTAG, etc., and trimming all those IE browser helper objects, all stuff that doesn't need to be running all the time, taking memory and cpu cycles.

    As you have found, none of that security software picked up a well known infection.

    From the Task manager> start up;-
    MSASCui
    vsnpstd
    SiSUSBrg
    atiptaxx
    apdproxy
    qttask
    jusched
    MSGTAG
    TeaTimer

    I don't use IE,( although it is on the computer), so what are the "IE browser helper objects", and if I have them on, how do I switch them off?
    Epson monitors?,(explain) Printer is only switched on as I need it,(very rarely).
    Don`t steal - the Government doesn`t like the competition


  • closed
    closed Posts: 10,886 Forumite
    edited 5 April 2010 at 5:46PM
    Browser helper objects are plugins/toolbars for IE, if you search for BHO in your hjl you will see them, and can disable the ones you don't use.

    Epson software is usually monitoring ink and connectivity status, etc, not really needed to be running all the time.
    !!
    > . !!!! ----> .
  • taxi97w
    taxi97w Posts: 1,526 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker Photogenic
    Type msconfig.exe in the start or run box. Then select 'startup'.
    more dollar$ than sense
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Can you post the WHOLE of the log please
    :idea:
  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    aliEnRIK wrote: »
    Can you post the WHOLE of the log please


    Have done!
    Don`t steal - the Government doesn`t like the competition


  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    taxi97w wrote: »
    Type msconfig.exe in the start or run box. Then select 'startup'.


    Have done, see #33.
    Don`t steal - the Government doesn`t like the competition


  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Have done another ComboFix ;-

    ComboFix 10-04-05.05 - user 06/04/2010 9:42.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.148 [GMT 1:00]
    Running from: c:\documents and settings\user\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
    .

    2010-04-06 08:38 . 2010-04-06 08:38 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-04-06 08:38 . 2010-04-06 08:38 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-04-06 08:38 . 2010-04-06 08:38 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-04-06 08:38 . 2010-04-06 08:38 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2010-04-06 08:38 . 2010-04-06 08:38 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
    2010-04-06 08:38 . 2010-04-06 08:38 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2010-04-06 08:37 . 2010-04-06 08:37 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-04-06 08:37 . 2010-04-06 08:37 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
    2010-04-06 08:37 . 2010-04-06 08:37 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
    2010-04-06 08:37 . 2010-04-06 08:37 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
    2010-04-06 08:37 . 2010-04-06 08:37 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2010-04-06 08:37 . 2010-04-06 08:37 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    2010-04-06 08:36 . 2010-04-06 08:36 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-04-06 08:36 . 2010-04-06 08:36 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-05 15:05 . 2010-04-05 15:05
    d
    w- C:\$AVG
    2010-04-05 15:05 . 2010-04-05 15:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-05 15:05 . 2010-04-05 15:05 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-05 15:04 . 2010-04-05 15:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-05 15:04 . 2010-04-05 15:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-05 15:04 . 2010-04-06 08:32
    d
    w- c:\windows\system32\drivers\Avg
    2010-04-05 15:00 . 2010-04-05 15:00
    d
    w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-05 14:30 . 2010-04-05 14:30
    d
    w- c:\program files\Trend Micro
    2010-04-05 10:33 . 2010-04-05 10:33
    d
    w- c:\documents and settings\user\Application Data\Malwarebytes
    2010-04-05 10:32 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-05 10:32 . 2010-04-05 10:32
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-05 10:32 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-05 10:32 . 2010-04-05 14:41
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-31 09:28 . 2010-03-31 09:28 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcp71.dll
    2010-03-31 09:28 . 2010-03-31 09:28 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\jmc.dll
    2010-03-31 09:28 . 2010-03-31 09:28 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcr71.dll
    2010-03-31 09:28 . 2010-03-31 09:28 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-sse.dll
    2010-03-31 09:28 . 2010-03-31 09:28 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-d3d.dll
    2010-03-30 08:51 . 2010-03-30 08:51
    d
    w- c:\documents and settings\user\Local Settings\Application Data\Real
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-30 08:48 . 2010-03-30 08:48 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-30 08:48 . 2010-03-30 08:48 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-30 08:48 . 2010-03-30 08:48 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-30 08:48 . 2010-03-30 08:48 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-30 08:48 . 2010-03-30 08:48 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-03-30 08:43 . 2010-03-30 08:43
    d
    w- c:\program files\Common Files\xing shared
    2010-03-29 10:29 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    2010-03-22 11:38 . 2010-03-22 11:38
    d
    w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-03-21 12:37 . 2010-03-21 12:37
    d
    w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-03-21 12:36 . 2010-03-21 12:39
    d
    w- c:\documents and settings\user\Local Settings\Application Data\Temp
    2010-03-11 08:50 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-10 04:33 . 2010-03-10 04:33 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-06 08:49 . 2007-05-02 12:47
    d
    w- c:\documents and settings\All Users\Application Data\Kontiki
    2010-04-05 15:23 . 2005-08-01 20:11
    d
    w- c:\documents and settings\user\Application Data\Lavasoft
    2010-04-05 15:00 . 2008-07-22 10:56
    d
    w- c:\program files\AVG
    2010-04-02 10:01 . 2005-08-12 12:23
    d
    w- c:\program files\OpenOffice.org1.1.0
    2010-03-31 09:29 . 2006-01-05 11:13
    d
    w- c:\program files\Common Files\Java
    2010-03-31 09:26 . 2006-01-05 11:15
    d
    w- c:\program files\Java
    2010-03-30 09:00 . 2007-10-30 15:35
    d
    w- c:\program files\SUPERAntiSpyware
    2010-03-30 08:57 . 2009-07-12 09:15 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-03-30 08:48 . 2005-08-05 22:11
    d
    w- c:\program files\Common Files\Real
    2010-03-30 08:44 . 2005-08-05 22:11
    d
    w- c:\program files\Real
    2010-03-30 08:42 . 2005-08-01 19:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-03-30 08:42 . 2005-08-01 19:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-03-21 12:41 . 2005-08-01 19:36
    d
    w- c:\program files\Google
    2010-03-09 03:28 . 2008-12-20 10:15 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-26 05:43 . 2003-03-31 12:00 667136
    w- c:\windows\system32\wininet.dll
    2010-02-26 05:43 . 2005-08-01 20:34 81920
    w- c:\windows\system32\ieencode.dll
    2010-02-24 10:16 . 2009-10-03 08:52 181632
    w- c:\windows\system32\MpSigStub.exe
    .
    Don`t steal - the Government doesn`t like the competition


  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    ((((((((((((((((((((((((((((( SnapShot@2010-04-05_16.49.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-06 08:25 . 2010-04-06 08:25 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
    + 2010-04-06 08:25 . 2010-04-06 08:25 16384 c:\windows\Temp\Perflib_Perfdata_158.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSGTAG"="c:\program files\MSGTAG\MSGTAG.exe" [2003-09-16 1320448]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-06 10:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-05 15:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
    backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    path=c:\documents and settings\user\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
    backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
    2007-11-14 17:53 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
    2004-01-19 01:25 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-06-01 15:51 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2007-11-14 17:53 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
    2010-03-30 08:41 75320 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    Don`t steal - the Government doesn`t like the competition


  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-04-27 08:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2006-07-22 12:21 144448 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-06 12:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-30 08:41 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
    2009-11-12 13:21 9109296 ----a-w- c:\program files\VoipStunt.com\VoipStunt\voipstunt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XSC SIP Client]
    2004-06-01 13:58 3305472 ----a-w- c:\program files\X-Lite\X-Lite.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\X-Lite\\X-Lite.exe"=
    "c:\\Program Files\\Abacast\\Abaclient.exe"=
    "c:\\Program Files\\MSGTAG\\MSGTAG.exe"=
    "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2010 16:04 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2010 16:05 242696]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23/06/2009 11:01 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 66632]
    R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [05/08/2005 17:33 120320]
    R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [08/06/2007 10:23 1858144]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [05/04/2010 16:03 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/04/2010 16:02 308064]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 13:36 136176]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 12872]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 12:35]

    2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 12:35]

    2010-04-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-606747145-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

    2010-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-606747145-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

    2008-08-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-06-29 13:45]

    2008-08-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-06-29 13:45]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://moneysavingexpert.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?876c6236213c40b6b5e66d677a7e9629
    IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?876c6236213c40b6b5e66d677a7e9629
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - moneysavingexpert.com
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    Don`t steal - the Government doesn`t like the competition


  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-06 09:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(516)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'explorer.exe'(3640)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-04-06 09:52:33
    ComboFix-quarantined-files.txt 2010-04-06 08:52
    ComboFix2.txt 2010-04-05 16:52

    Pre-Run: 4,520,882,176 bytes free
    Post-Run: 4,487,921,664 bytes free

    - - End Of File - - E3D3CBFA030002FB89129CBC8816F47F
    Don`t steal - the Government doesn`t like the competition


This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.1K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.5K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178K Life & Family
  • 260.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture