We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Firefox grinding to load (hijackthis log included)
Comments
-
ComboFix 10-04-21.01 - Admin 23/04/2010 19:27:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.28 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\iun6002.exe"
"c:\windows\system32\drivers\rtnoruzs.sys"
"c:\windows\vsnpstd.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\iun6002.exe
c:\windows\system32\drivers\rtnoruzs.sys
c:\windows\vsnpstd.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-23 11:22 . 2010-04-23 11:22
d
w- c:\documents and settings\Admin\Local Settings\Application Data\Yahoo!
2010-04-21 18:45 . 2010-04-21 18:45 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-21 18:45 . 2010-04-21 18:45
d
w- c:\program files\Trend Micro
2010-04-17 19:17 . 2010-04-17 19:17
d
w- c:\documents and settings\Admin\Application Data\facemoods.com
2010-04-17 02:08 . 2010-04-17 03:19
d
w- c:\windows\system32\NtmsData
2010-04-17 02:05 . 2010-04-17 02:05
d
w- c:\documents and settings\Admin\Application Data\Avira
2010-04-14 00:56 . 2010-04-14 17:18
d
w- c:\windows\system32\MpEngineStore
2010-04-10 17:12 . 2010-04-21 19:28
d
w- c:\program files\DAP
2010-04-10 17:11 . 2010-04-10 17:11
d
w- c:\documents and settings\Admin\Application Data\Toolbar4
2010-04-10 17:11 . 2010-04-22 19:05
d
w- c:\program files\SearchPredict
2010-04-10 17:11 . 2010-04-21 19:28
d
w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-04-10 17:11 . 2010-04-10 17:11
d
w- c:\program files\SpeedBit Video Downloader
2010-04-07 02:11 . 2010-01-21 17:46 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
2010-04-07 02:11 . 2010-01-21 17:46 101376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
2010-04-07 00:58 . 2010-04-07 00:58
d
w- c:\documents and settings\Admin\Local Settings\Application Data\Stardock
2010-04-06 20:11 . 2010-04-06 20:11
d
w- c:\program files\zoneLINK
2010-04-06 19:44 . 2010-04-06 19:44
d
w- c:\documents and settings\Admin\Local Settings\Application Data\Innovative Solutions
2010-04-06 19:43 . 2010-04-06 19:43
d
w- c:\program files\Innovative Solutions
2010-04-06 18:32 . 2010-04-06 18:32
d
w- c:\documents and settings\Admin\Application Data\Lavasoft
2010-04-06 18:29 . 2010-04-06 18:29
d
w- c:\windows\Time Stopper
2010-04-06 18:29 . 2010-04-06 18:29
d
w- c:\program files\Time Stopper
2010-04-06 15:34 . 2010-04-07 00:42
d
w- c:\program files\AcceleRun
2010-04-06 10:08 . 2010-04-06 10:08
d
w- c:\windows\system32\XPSViewer
2010-04-06 10:08 . 2010-04-06 10:08
d
w- c:\program files\MSBuild
2010-04-06 10:08 . 2010-04-06 10:08
d
w- c:\program files\Reference Assemblies
2010-04-06 10:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-06 10:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-06 10:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-06 10:07 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2010-04-06 10:07 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2010-04-06 10:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-06 10:07 . 2008-07-06 10:50 597504
w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-06 10:07 . 2010-04-06 10:08
d
w- C:\9b4b0f49be693f7408c1f7dd
2010-04-06 10:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-06 10:07 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2010-04-06 01:59 . 2010-04-06 01:59
d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-06 01:59 . 2010-04-06 01:59 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-06 01:59 . 2010-04-06 01:59 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-04-05 16:16 . 2010-04-05 16:16
d
w- c:\program files\AviSynth 2.5
2010-04-05 16:15 . 2010-04-05 16:26
d
w- c:\program files\Foto2Avi
2010-04-05 16:14 . 2010-04-05 16:14
d
w- c:\program files\WinSnap
2010-04-05 15:54 . 2010-04-05 15:54
d
w- c:\program files\Fast Duplicate File Finder
2010-04-05 11:41 . 2010-04-05 11:43
d
w- c:\program files\3GP Player 2009
2010-04-05 10:24 . 2010-04-05 10:24
d
w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2010-04-04 23:13 . 2010-04-04 23:14
d
w- c:\documents and settings\Admin\Application Data\VSO
2010-04-04 23:10 . 2010-04-04 23:10
d
w- c:\program files\VSO
2010-04-04 22:48 . 2010-04-04 22:48
d
w- c:\documents and settings\Admin\Application Data\MyPhoneExplorer
2010-04-04 22:48 . 2010-04-21 19:27
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-04 22:48 . 2010-04-04 22:48
d
w- c:\program files\MyPhoneExplorer
2010-04-04 22:27 . 2010-04-22 23:31
d
w- c:\program files\Mgtweak
2010-04-04 19:51 . 2010-04-04 19:51
d
w- c:\windows\system32\wbem\Repository
2010-04-04 17:46 . 2010-04-07 10:30
d
w- c:\program files\Tweak-XP Pro 4
2010-03-26 03:19 . 2010-03-26 03:19
d
w- c:\documents and settings\Admin\Application Data\ManyCam
2010-03-26 03:19 . 2010-03-26 03:21
d
w- c:\program files\ManyCam 2.4
2010-03-25 03:21 . 2010-04-20 01:17
d
w- c:\documents and settings\Admin\dwhelper
2010-03-25 01:52 . 2010-03-24 15:04 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{34c27e42-a304-470e-a066-d724148aed1b}\components\FFExternalAlert.dll
2010-03-25 01:52 . 2010-03-24 15:04 101376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{34c27e42-a304-470e-a066-d724148aed1b}\components\RadioWMPCore.dll
2010-03-25 01:12 . 2010-03-25 01:12 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-25 01:12 . 2010-03-25 01:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-25 01:11 . 2010-03-25 01:11 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-25 01:07 . 2010-03-25 01:07 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-25 01:07 . 2010-03-25 01:07
d
w- c:\program files\Common Files\DivX Shared
2010-03-25 01:07 . 2010-03-25 01:07 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe:A:dance:1+1+1=1:dance::A
"Marleyboy you are a legend!"
MarleyBoy "You are the Greatest"
Marleyboy You Are A Legend!
Marleyboy speaks sense
marleyboy (total legend)
Marleyboy - You are, indeed, a legend.0 -
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 10:12 . 2007-05-14 15:40
d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 19:14 . 2010-01-29 10:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 19:09 . 2010-01-29 10:48 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-22 19:05 . 2010-02-26 22:18
d
w- c:\program files\blinkx Remote Toolbar
2010-04-21 20:08 . 2007-05-14 15:55
d
w- c:\program files\Common Files\Adobe
2010-04-19 18:00 . 2009-03-10 18:12
d
w- c:\program files\Mozilla Thunderbird
2010-04-19 17:56 . 2009-03-10 18:12
d
w- c:\documents and settings\Admin\Application Data\Thunderbird
2010-04-14 18:03 . 2009-06-07 16:47
d
w- c:\program files\Google
2010-04-06 20:12 . 2007-05-14 15:27 69600 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 18:32 . 2009-05-30 16:03
d
w- c:\program files\Lavasoft
2010-04-05 16:10 . 2009-12-27 14:07
d
w- c:\documents and settings\All Users\Application Data\UDL
2010-04-05 10:24 . 2010-03-23 20:26
d
w- c:\documents and settings\Admin\Application Data\DivX
2010-04-04 19:51 . 2009-10-26 21:25
d
w- c:\program files\QuickTime
2010-04-04 19:51 . 2007-06-25 21:00
d
w- c:\program files\Real
2010-04-04 19:51 . 2010-01-25 22:19
d
w- c:\program files\DivX
2010-04-04 19:51 . 2010-01-11 15:36
d
w- c:\program files\coverXP
2010-04-04 19:51 . 2008-07-16 17:50
dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-04-04 19:51 . 2008-05-06 18:32
d
w- c:\program files\Compendium-OpenLearn
2010-04-04 19:51 . 2007-12-04 20:01
d
w- c:\program files\FirstClass
2010-04-04 19:51 . 2010-01-29 11:28
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-04 19:51 . 2009-12-26 01:26
d
w- c:\documents and settings\All Users\Application Data\LightScribe
2010-04-04 19:51 . 2009-11-29 14:45
d
w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-04-04 19:50 . 2009-12-27 14:25
d
w- c:\documents and settings\Admin\Application Data\Epson
2010-04-04 19:50 . 2009-12-27 14:05
d
w- c:\documents and settings\Admin\Application Data\InstallShield
2010-04-04 19:50 . 2009-11-29 14:47
d
w- c:\documents and settings\Admin\Application Data\ArcSoft
2010-04-04 19:50 . 2008-08-23 13:49
d
w- c:\documents and settings\Admin\Application Data\Apple Computer
2010-04-04 19:50 . 2010-04-04 19:50
d
w- c:\documents and settings\Admin\Application Data\Affinegy
2010-04-04 19:50 . 2010-04-04 19:50
d
w- c:\documents and settings\Admin\Application Data\U3
2010-04-04 19:50 . 2010-04-04 19:50
d--h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-04-04 19:50 . 2010-04-04 19:50
d
w- c:\program files\MSXML 4.0
2010-04-01 02:54 . 2007-05-15 15:40
d
w- c:\program files\Common Files\Java
2010-04-01 02:53 . 2008-12-10 17:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 23:46 . 2010-01-29 10:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-01-29 10:48 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 01:25 . 2010-03-23 20:19
d
w- c:\documents and settings\All Users\Application Data\DivX
2010-03-23 21:34 . 2010-03-18 09:35
d
w- c:\program files\VidMorph
2010-03-23 20:19 . 2010-03-23 20:28 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-22 14:40 . 2010-03-22 14:38
d
w- c:\documents and settings\Admin\Application Data\MSN6
2010-03-18 17:32 . 2010-03-18 17:32
d
w- c:\program files\Tubegadgets
2010-03-18 16:36 . 2010-03-18 09:37
d
w- c:\documents and settings\Admin\Application Data\VidMorph
2010-03-18 09:35 . 2010-03-18 09:35
d
w- c:\program files\Common Files\GeoVid
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 08:05 . 2009-06-15 13:16 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 12:24 . 2009-06-15 13:16 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:03 . 2010-03-22 15:30 293376
w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2001-08-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 19:16 . 2010-02-05 19:16 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-01-28 11:58 . 2010-01-28 11:58 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40929174-n\msvcr71.dll
2010-01-28 11:58 . 2010-01-28 11:58 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36d8db9a-n\decora-sse.dll
2010-01-28 11:58 . 2010-01-28 11:58 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40929174-n\msvcp71.dll
2010-01-28 11:58 . 2010-01-28 11:58 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40929174-n\jmc.dll
2010-01-28 11:58 . 2010-01-28 11:58 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-36d8db9a-n\decora-d3d.dll
2010-04-07 12:43 . 2010-04-07 12:43 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tweak-XP Pro"="c:\program files\Tweak-XP Pro 4\autostart.exe" [2004-09-28 16896]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-07 30192]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 401408]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/05/2009 17:06 64160]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [29/11/2009 15:47 11392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/06/2009 14:16 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]
S2 Ç-DillaSrv;Ç-DillaSrv;c:\windows\system32\drivers\CDANTSRV.EXE [09/04/1998 17:31 18432]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [14/04/2009 17:39 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2010 20:37 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/11/2009 14:05 13224]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/04/2010 13:42 30192]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [26/12/2009 02:21 7936]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 14:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:07]
2010-04-23 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 19:37]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 19:37]
.
.:A:dance:1+1+1=1:dance::A
"Marleyboy you are a legend!"
MarleyBoy "You are the Greatest"
Marleyboy You Are A Legend!
Marleyboy speaks sense
marleyboy (total legend)
Marleyboy - You are, indeed, a legend.0 -
Supplementary Scan
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{34c27e42-a304-470e-a066-d724148aed1b}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{34c27e42-a304-470e-a066-d724148aed1b}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{aa8fb078-c6e8-4b02-8f04-b443621890b3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\{aa8fb078-c6e8-4b02-8f04-b443621890b3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\fpjic1fy.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_blinkx_plugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-snpstd - c:\windows\vsnpstd.exe
AddRemove-Tweak-XP Pro 4 - c:\windows\iun6002.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 19:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x82F9D8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf877af28
\Driver\ACPI -> ACPI.sys @ 0xf86edcb8
\Driver\atapi -> atapi.sys @ 0xf868ab3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Bluetooth Device (Personal Area Network) #3 -> SendCompleteHandler -> NDIS.sys @ 0xf8580bb0
PacketIndicateHandler -> NDIS.sys @ 0xf856fa0d
SendHandler -> NDIS.sys @ 0xf8583b40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-23 19:45:19
ComboFix-quarantined-files.txt 2010-04-23 18:45
ComboFix2.txt 2010-04-23 12:33
Pre-Run: 7,406,403,584 bytes free
Post-Run: 7,366,987,776 bytes free
- - End Of File - - F0C17357A33CC0B31264D862F46F3BA6:A:dance:1+1+1=1:dance::A
"Marleyboy you are a legend!"
MarleyBoy "You are the Greatest"
Marleyboy You Are A Legend!
Marleyboy speaks sense
marleyboy (total legend)
Marleyboy - You are, indeed, a legend.0 -
I think many who have updated to FF 3.6 are experiencing CPU problems. I, like many others, have stayed with 3.5.9. Check their forums to see if your problems are the same as others.0
-
is there anything else you think I have missed or indeed is safe to remove (assuming laptop owner has no objections)
:rotfl: :wave: :rotfl: :wave: :rotfl: :wave: :rotfl:
Laptop owner getting mightily fed up of Marley's moans when FF takes forever to load! Please keep helping him, guys. Thanks.:heartpuls Mrs Marleyboy :heartpuls
MSE: many of the benefits of a helpful family, without disadvantages like having to compete for the tv remote
Proud Parents to an Aut-some son 0 -
Hows it running now?:idea:0
-
Its driving me nuts mate, Ive had sinclair spectrum load games quicker.
Firefox does work faster in safemode, but still takes as long to load the app, it seems to grind everything as soon as I click the icon.
Watching it in taskbar is interesting, as it pops up in there well before visual load, and gradually one by one works its way to the top of the list as the memory increases higher n higher, a good 7 minutes pass until it finally opens firefox on the desktop as it becomes more stable, once open firefox works fine (however slightly rougher than in safemode for obvious reasons), but the memory will continue to increase itself until I am forced to reboot firefox (I know you know what I mean).:A:dance:1+1+1=1:dance::A
"Marleyboy you are a legend!"
MarleyBoy "You are the Greatest"
Marleyboy You Are A Legend!
Marleyboy speaks sense
marleyboy (total legend)
Marleyboy - You are, indeed, a legend.0 -
I am thinking that maybe Geoffo is right, as this is the latest version of FF, although I suspect all these add ons n taskbars arent helping.
I have noted that it is getting pop up ads (this is recent as ad aware deals with them), however Malware and Combo did detect nasties. Although Combo did send a message off to its base to research - something I have never seen Combo do before.
On a side note critical updates keep failing (not all but enough to concern me).
This on desktop at moment that fails to load....
Not sure if this is related at all, but thought I would mention it.Security Update for Microsoft Office Publisher 2003 (KB980469)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB981432)
Security Update for Windows XP (KB979683)
I had Microsoft popup with a detected virus recently, similar to the update, but during boot up, without me having to do a thing, it said it was cleaning it and going to reboot itself.
There was nothing I could do but watch it perform, but I have to admit I have NEVER had Microsoft do this before on a system, I assumed as I was at the time liaising with MS tech re the failing upgrades that it was something they had done from their end. Still it unnerved me.
Maybe I am just paranoid that there is some nasty thats well hidden.:A:dance:1+1+1=1:dance::A
"Marleyboy you are a legend!"
MarleyBoy "You are the Greatest"
Marleyboy You Are A Legend!
Marleyboy speaks sense
marleyboy (total legend)
Marleyboy - You are, indeed, a legend.0 -
-
Something's working .... FireFox (full version non-safe mode) only took 2 minutes this morning.
That was after booting up the lappy, not starting any other apps, and leaving it for a good 5 minutes to finish loading anything and everything that's currently in the startup menu.
Either Marleyboy did something more after I went to bed, or it's the "woman's touch"
:heartpuls Mrs Marleyboy :heartpuls
MSE: many of the benefits of a helpful family, without disadvantages like having to compete for the tv remote Proud Parents to an Aut-some son 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards