We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Can I delete this folder ?

Options
245

Comments

  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    ComboFix 10-03-29.02 - My Name 30/03/2010 2:13.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1514 [GMT 1:00]
    Running from: c:\documents and settings\My Name\Desktop\ComboFix.exe
    AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .

    ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
    .

    2010-03-29 23:27 . 2010-03-29 23:27 388096 ----a-r- c:\documents and settings\My Name\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-03-29 23:27 . 2010-03-29 23:27
    d
    w- c:\program files\TrendMicro
    2010-03-29 21:40 . 2010-03-29 21:40 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-03-29 21:39 . 2010-03-29 21:39
    d
    w- c:\documents and settings\My Name\Application Data\Malwarebytes
    2010-03-29 21:38 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 21:38 . 2010-03-29 21:40
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-29 21:38 . 2010-03-29 21:38
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-29 21:38 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-05 09:45 . 2010-03-05 09:45 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
    2010-03-05 09:45 . 2010-03-05 09:45 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-03-05 09:45 . 2010-03-05 09:45 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
    2010-03-05 09:45 . 2010-03-05 09:45 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
    2010-03-05 09:45 . 2010-03-05 09:45 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
    2010-03-05 09:45 . 2010-03-05 09:45 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-29 22:46 . 2009-11-09 21:50 0 ----a-w- c:\documents and settings\My Name\Local Settings\Application Data\prvlcl.dat
    2010-03-23 23:37 . 2008-08-15 15:25
    d
    w- c:\documents and settings\My Name\Application Data\SiteClasses
    2010-03-23 23:24 . 2008-08-15 15:25
    d
    w- c:\documents and settings\My Name\Application Data\Sites
    2010-03-17 14:38 . 2008-08-15 15:22
    d
    w- c:\documents and settings\My Name\Application Data\vmntoolbar
    2010-03-11 01:25 . 2008-05-27 18:08
    d
    w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-03-05 09:45 . 2008-09-03 23:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-05 09:45 . 2008-09-03 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-05 09:45 . 2008-09-03 23:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-05 09:44 . 2009-11-03 02:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-03-05 09:44 . 2008-09-03 23:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-05 09:44 . 2008-09-03 23:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-02-18 15:41 . 2008-09-21 17:28
    d
    w- c:\documents and settings\My Name\Application Data\TransRender
    2010-02-12 10:03 . 2010-02-25 07:54 293376
    w- c:\windows\system32\browserchoice.exe
    2010-01-28 10:10 . 2010-01-28 10:10 503808 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcp71.dll
    2010-01-28 10:10 . 2010-01-28 10:10 499712 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\jmc.dll
    2010-01-28 10:10 . 2010-01-28 10:10 348160 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcr71.dll
    2010-01-28 10:10 . 2010-01-28 10:10 61440 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-sse.dll
    2010-01-28 10:10 . 2010-01-28 10:10 12800 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-d3d.dll
    2010-01-21 17:09 . 2010-01-27 08:28 52224 ----a-w- c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    2010-01-21 17:09 . 2010-01-27 08:28 101376 ----a-w- c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    2009-12-31 16:50 . 2006-01-24 03:36 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-23 15:40 . 2009-12-23 15:40 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
    2009-12-23 15:40 . 2009-12-23 15:40 296800 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
    2008-08-22 22:22 . 2008-07-05 17:14 104 -csh--r- c:\windows\system32\4B98DFD161.sys
    2008-09-29 10:41 . 2008-09-06 14:32 88 -csh--r- c:\windows\system32\61D1DF984B.sys
    2008-09-29 10:41 . 2008-07-05 17:13 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "Lexmark X84-X85 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]
    "Lexmark X84-X85 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-24 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [03/11/2009 03:45 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [04/09/2008 00:17 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/09/2008 00:17 216200]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/09/2008 00:17 242696]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22/12/2009 09:59 916760]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 10:45 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [22/12/2009 09:59 2325816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
    S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [05/03/2010 10:44 5888008]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [03/11/2009 03:45 122376]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [03/11/2009 03:45 30216]
    S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [03/11/2009 03:45 26120]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.euro.dell.com
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
    FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
    FF - HiddenExtension: XULRunner: {76AFD2AC-9555-4993-BF0B-7A75D4A4A08B} - c:\documents and settings\My Name\Local Settings\Application Data\{76AFD2AC-9555-4993-BF0B-7A75D4A4A08B}
    FF - HiddenExtension: XULRunner: {7FEE735D-3311-4B1D-8DA2-75191C6ECABB} - c:\documents and settings\My Name\Local Settings\Application Data\{7FEE735D-3311-4B1D-8DA2-75191C6ECABB}
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Packard Bell Data Secure - c:\program files\Packard Bell Data Secure\PBDataSecure.exe
    HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-30 02:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(1436)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll

    - - - - - - - > 'explorer.exe'(3020)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\windows\system32\PSIService.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\AVG\AVG9\avgam.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Apoint\Apntex.exe
    .
    **************************************************************************
    .
    Completion time: 2010-03-30 02:37:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-03-30 01:37

    Pre-Run: 34,706,182,144 bytes free
    Post-Run: 34,932,510,720 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B0E3677AF4B32BA22456B2DB17A7F50A
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\system32\4B98DFD161.sys
    c:\windows\system32\61D1DF984B.sys



    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    :idea:
  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    edited 30 March 2010 at 11:43AM
    *Ignore this post* got everything working :)
  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    ComboFix 10-03-29.04 - My Name 30/03/2010 11:17:26.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1396 [GMT 1:00]
    Running from: c:\documents and settings\My Name\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\My Name\Desktop\CFScript.txt
    AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

    FILE ::
    "c:\windows\system32\4B98DFD161.sys"
    "c:\windows\system32\61D1DF984B.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\4B98DFD161.sys
    c:\windows\system32\61D1DF984B.sys

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
    .

    2010-03-30 08:36 . 2010-03-30 08:39
    d
    w- C:\32788R22FWJFW.3.tmp
    2010-03-30 08:26 . 2010-03-30 08:30
    d
    w- C:\32788R22FWJFW.2.tmp
    2010-03-30 08:04 . 2010-03-30 08:26
    d
    w- C:\32788R22FWJFW.1.tmp
    2010-03-29 23:27 . 2010-03-29 23:27 388096 ----a-r- c:\documents and settings\My Name\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-03-29 23:27 . 2010-03-29 23:27
    d
    w- c:\program files\TrendMicro
    2010-03-29 21:40 . 2010-03-29 21:40 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-03-29 21:39 . 2010-03-29 21:39
    d
    w- c:\documents and settings\My Name\Application Data\Malwarebytes
    2010-03-29 21:38 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 21:38 . 2010-03-29 21:40
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-29 21:38 . 2010-03-29 21:38
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-29 21:38 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-05 09:45 . 2010-03-05 09:45 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
    2010-03-05 09:45 . 2010-03-05 09:45 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-03-05 09:45 . 2010-03-05 09:45 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
    2010-03-05 09:45 . 2010-03-05 09:45 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
    2010-03-05 09:45 . 2010-03-05 09:45 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
    2010-03-05 09:45 . 2010-03-05 09:45 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
    2010-03-05 09:45 . 2010-03-05 09:45 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-30 09:47 . 2009-11-09 21:50 0 ----a-w- c:\documents and settings\My Name\Local Settings\Application Data\prvlcl.dat
    2010-03-23 23:37 . 2008-08-15 15:25
    d
    w- c:\documents and settings\My Name\Application Data\SiteClasses
    2010-03-23 23:24 . 2008-08-15 15:25
    d
    w- c:\documents and settings\My Name\Application Data\Sites
    2010-03-17 14:38 . 2008-08-15 15:22
    d
    w- c:\documents and settings\My Name\Application Data\vmntoolbar
    2010-03-11 01:25 . 2008-05-27 18:08
    d
    w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-03-05 09:45 . 2008-09-03 23:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-05 09:45 . 2008-09-03 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-05 09:45 . 2008-09-03 23:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-05 09:44 . 2009-11-03 02:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-03-05 09:44 . 2008-09-03 23:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-05 09:44 . 2008-09-03 23:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-02-18 15:41 . 2008-09-21 17:28
    d
    w- c:\documents and settings\My Name\Application Data\TransRender
    2010-02-12 10:03 . 2010-02-25 07:54 293376
    w- c:\windows\system32\browserchoice.exe
    2010-01-28 10:10 . 2010-01-28 10:10 503808 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcp71.dll
    2010-01-28 10:10 . 2010-01-28 10:10 499712 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\jmc.dll
    2010-01-28 10:10 . 2010-01-28 10:10 348160 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcr71.dll
    2010-01-28 10:10 . 2010-01-28 10:10 61440 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-sse.dll
    2010-01-28 10:10 . 2010-01-28 10:10 12800 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-d3d.dll
    2010-01-21 17:09 . 2010-01-27 08:28 52224 ----a-w- c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    2010-01-21 17:09 . 2010-01-27 08:28 101376 ----a-w- c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    2009-12-31 16:50 . 2006-01-24 03:36 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-23 15:40 . 2009-12-23 15:40 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
    2009-12-23 15:40 . 2009-12-23 15:40 296800 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
    2008-09-29 10:41 . 2008-07-05 17:13 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-03-30_01.33.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-03-30 09:21 . 2010-03-30 09:21 16384 c:\windows\Temp\Perflib_Perfdata_210.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "Lexmark X84-X85 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]
    "Lexmark X84-X85 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-24 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [03/11/2009 03:45 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [04/09/2008 00:17 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/09/2008 00:17 216200]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/09/2008 00:17 242696]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22/12/2009 09:59 916760]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 10:45 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [22/12/2009 09:59 2325816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [03/11/2009 03:45 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [03/11/2009 03:45 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [03/11/2009 03:45 26120]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
    S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [05/03/2010 10:44 5888008]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.euro.dell.com
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
    FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
    FF - HiddenExtension: XULRunner: {76AFD2AC-9555-4993-BF0B-7A75D4A4A08B} - c:\documents and settings\My Name\Local Settings\Application Data\{76AFD2AC-9555-4993-BF0B-7A75D4A4A08B}
    FF - HiddenExtension: XULRunner: {7FEE735D-3311-4B1D-8DA2-75191C6ECABB} - c:\documents and settings\My Name\Local Settings\Application Data\{7FEE735D-3311-4B1D-8DA2-75191C6ECABB}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-30 11:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(1436)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    Completion time: 2010-03-30 11:26:52
    ComboFix-quarantined-files.txt 2010-03-30 10:26
    ComboFix2.txt 2010-03-30 01:37

    Pre-Run: 34,863,058,944 bytes free
    Post-Run: 34,831,548,416 bytes free

    - - End Of File - - 0BB0CAAA6E373759579F157204BEE114
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download CCLEANER
    http://www.piriform.com/ccleaner/download/slim
    Run the CLEANER scan (UNTICK 'cookies')
    Then run the REGISTRY scan (Backup the registry when it asks)

    Manually find and delete all these folders (And any others that begin with the same code (if any))~
    C:\32788R22FWJFW.3.tmp
    C:\32788R22FWJFW.2.tmp
    C:\32788R22FWJFW.1.tmp
    :idea:
  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    edited 30 March 2010 at 9:18PM
    ignore, finally got back on
  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    have done the CCLEANER
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Assuming youve deleted those folders id say your good to go
    :idea:
  • cally6008
    cally6008 Posts: 7,629 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    yep, deleted those folders, should i run malware and hijack again just to be on the safe side ?

    thanks again so much for your help :)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    If you want to make another check ~
    Download and run the FREE version of DR WEB
    http://www.freedrweb.com/download+cureit/gr/
    Turn your anti virus OFF
    Click CANCEL to the 'Would you like to read purchase terms now?' message
    Click START click OK
    It will auto QUICK scan
    After that set to scan the WHOLE computer and press the 'play' icon
    ***DO NOT UPGRADE TO FULL VERSION***
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture