1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

slow firefox loading and no response for 2-3min

Discussion in 'Virus & Other Malware Removal' started by jmm1245, Jul 19, 2010.

Thread Status:
Not open for further replies.
  1. jmm1245

    jmm1245 Thread Starter

    Joined:
    Feb 4, 2010
    Messages:
    3
    Hi- I had great results here before on my desktop and now I need help with my laptop.

    I'm running Vista home 32 bit and Firefox. I was reviewing Leo Laporte's Tech Guy site from his weekend shows and noticed he suggested to install Microsoft Security Essentials and run the MRT. I have been experaincing slow starts and almost nothing when starting firefox. If I clicked on a bookmark- the tab would just spin and not load anything for about 2-3 minutes. So I removed Threat Fire and installed the Mircosodt product than ran a scan. It took a few hours and the MRT found 2 infected files (both trojens) and a bunch of other files that weren't infected. I think something is wrong now so I'm looking for some help. below is the hijack this log and the mrt log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:49:10 PM, on 7/19/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Joe\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_4730z
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_4730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_4730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_4730z
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    --
    End of file - 5930 bytes
    ***************************************************************

    icrosoft Windows Malicious Software Removal Tool v3.9, July 2010
    Started On Mon Jul 19 17:27:30 2010

    Extended Scan Results
    ----------------
    ->Scan ERROR: resource process://pid:1332 (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
    ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
    ->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{a8f9598d-935c-11df-a268-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{d98b89f2-90f5-11df-bed8-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{ded82267-8f9d-11df-bb5f-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{ded82280-8f9d-11df-bb5f-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{efcdd835-9023-11df-a996-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{fc3daff4-9267-11df-a062-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{fc3daffe-9267-11df-a062-001eecdedb70}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    Threat detected: TrojanDownloader:Win32/Harnig.gen!P
    file://C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A6O2H2O\z008102318801r0409J0d000601Rda6bfcd3Xe2d959d7Ya94fd13fZ0100f0360[1]
    SigSeq: 0x00003E78BD50A006
    Threat detected: TrojanDownloader:Win32/Renos.KO
    file://C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5A8T4VC\z008102318801r0409J0d000601Rda6bfcd3Xe2d959d7Ya94fd13fZ0100f0361[1]
    SigSeq: 0x0000D5402252FC56

    Extended Scan Removal Results
    ----------------
    Start 'remove' for file://\\?\C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5A8T4VC\z008102318801r0409J0d000601Rda6bfcd3Xe2d959d7Ya94fd13fZ0100f0361[1]
    Operation succeeded !

    Start 'remove' for file://\\?\C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A6O2H2O\z008102318801r0409J0d000601Rda6bfcd3Xe2d959d7Ya94fd13fZ0100f0360[1]
    Operation succeeded !


    Results Summary:
    ----------------
    Found TrojanDownloader:Win32/Harnig.gen!P and Removed!
    Found TrojanDownloader:Win32/Renos.KO and Removed!
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 19 20:37:01 2010


    Return code: 6 (0x6)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
    Started On Mon Jul 19 20:59:35 2010
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 19 21:00:10 2010


    Return code: 0 (0x0)

    Please- any help would be great

    Joe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/936919

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice