We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can I delete this folder ?
Options
Comments
-
'POPCAP GAMES' ~ not too great
Uninstall it (if you can)
Open notepad and copy/paste the text in RED below
File::
c:\windows\popcinfot.dat
c:\windows\popcreg.dat
c:\windows\Temp\Perflib_Perfdata_180.dat
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
I suspect the main problem is AVG though. Id recommend uninstalling and using the removal tool ~
http://www.avg.com/download-tools
Reboot and see how it is then.
Assuming its fine id give AVAST a go personally:idea:0 -
ComboFix 10-04-21.01 - My Name 25/04/2010 20:39:06.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1493 [GMT 1:00]
Running from: c:\documents and settings\My Name\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\My Name\Desktop\CFScript.txt
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\popcinfot.dat"
"c:\windows\popcreg.dat"
"c:\windows\Temp\Perflib_Perfdata_180.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\popcinfot.dat
c:\windows\popcreg.dat
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-24 16:30 . 2010-04-24 16:30 388096 ----a-r- c:\documents and settings\My Name\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-24 16:30 . 2010-04-24 16:30
d
w- c:\program files\Trend Micro
2010-04-20 08:53 . 2010-04-20 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 08:52 . 2010-04-20 08:52 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-08 23:40 . 2010-04-08 23:40
d
w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-04 07:32 . 2010-04-04 07:32 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:28 . 2010-03-30 22:28
d
w- c:\documents and settings\My Name\DoctorWeb
2010-03-30 20:19 . 2010-03-30 20:19
d
w- c:\program files\CCleaner
2010-03-29 23:27 . 2010-03-29 23:27
d
w- c:\program files\TrendMicro
2010-03-29 21:40 . 2010-03-29 21:40 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 21:39 . 2010-03-29 21:39
d
w- c:\documents and settings\My Name\Application Data\Malwarebytes
2010-03-29 21:38 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 21:38 . 2010-03-29 21:40
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 21:38 . 2010-03-29 21:38
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 21:38 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 15:47 . 2009-11-09 21:50 0 ----a-w- c:\documents and settings\My Name\Local Settings\Application Data\prvlcl.dat
2010-04-20 08:53 . 2008-09-03 23:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 00:21 . 2008-08-15 15:25
d
w- c:\documents and settings\My Name\Application Data\SiteClasses
2010-04-18 00:21 . 2008-08-15 15:25
d
w- c:\documents and settings\My Name\Application Data\Sites
2010-04-15 07:02 . 2008-05-27 18:08
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-02 17:27 . 2008-09-21 17:28
d
w- c:\documents and settings\My Name\Application Data\TransRender
2010-03-17 14:38 . 2008-08-15 15:22
d
w- c:\documents and settings\My Name\Application Data\vmntoolbar
2010-03-09 11:09 . 2004-08-10 12:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 09:45 . 2008-09-03 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 09:45 . 2008-09-03 23:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 09:44 . 2009-11-03 02:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-05 09:44 . 2008-09-03 23:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 09:44 . 2008-09-03 23:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-26 05:43 . 2004-08-10 12:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-10 12:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-01-24 03:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2004-08-10 12:51 2189952
w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816
w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-25 07:54 293376
w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 12:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 12:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-28 10:10 . 2010-01-28 10:10 503808 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcp71.dll
2010-01-28 10:10 . 2010-01-28 10:10 499712 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\jmc.dll
2010-01-28 10:10 . 2010-01-28 10:10 348160 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcr71.dll
2010-01-28 10:10 . 2010-01-28 10:10 61440 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-sse.dll
2010-01-28 10:10 . 2010-01-28 10:10 12800 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-d3d.dll
2009-12-23 15:40 . 2009-12-23 15:40 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-12-23 15:40 . 2009-12-23 15:40 296800 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2008-09-29 10:41 . 2008-07-05 17:13 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-24_18.41.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 18:32 . 2010-04-25 18:32 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]
2002-09-04 09:36 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]
2003-01-08 13:36 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1677:UDP"= 1677:UDP:Windows Media Format SDK (firefox.exe)
"1676:UDP"= 1676:UDP:Windows Media Format SDK (firefox.exe)
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [03/11/2009 03:45 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [04/09/2008 00:17 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/09/2008 00:17 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/09/2008 00:17 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22/12/2009 09:59 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 10:45 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [22/12/2009 09:59 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [03/11/2009 03:45 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [03/11/2009 03:45 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [03/11/2009 03:45 26120]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [05/03/2010 10:44 5888008]
.
Contents of the 'Scheduled Tasks' folder
2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.euro.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: XULRunner: {76AFD2AC-9555-4993-BF0B-7A75D4A4A08B} - c:\documents and settings\My Name\Local Settings\Application Data\{76AFD2AC-9555-4993-BF0B-7A75D4A4A08B}
FF - HiddenExtension: XULRunner: {7FEE735D-3311-4B1D-8DA2-75191C6ECABB} - c:\documents and settings\My Name\Local Settings\Application Data\{7FEE735D-3311-4B1D-8DA2-75191C6ECABB}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 20:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1420)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-04-25 20:43:09
ComboFix-quarantined-files.txt 2010-04-25 19:43
ComboFix2.txt 2010-04-25 19:34
ComboFix3.txt 2010-04-24 18:43
ComboFix4.txt 2010-03-30 10:26
ComboFix5.txt 2010-04-25 19:38
Pre-Run: 34,055,217,152 bytes free
Post-Run: 34,043,002,880 bytes free
- - End Of File - - A8D807B5C7E9A1DFB98636DCCFB121800 -
off to find Avast and download it0
-
-
Downloaded Avast and ran a scan this morning which found nothing
I want to clean off some of the rubbish thats on this laptop ..
Going into Add/Remove programs, I have this lot ... I've made a note of what I think I can delete but would like clarification please
AceFTP 3 Freeware = keep
Adobe Flash Player 10 Plugin = keep
Adobe Flash Player ActiveX = keep
Adobe Reader 7.0 = keep
ALPS Touch Pad Driver = keep
Amazon MP3 Downloader 1.0.8 = keep
Apple Software Update = DELETE (used rarely)
avast! Free Antivirus = keep
CA VMN Anti-Spyware (remove only) = ??? (used rarely)
CCleaner = keep
Conexant D110 MDC V.9x Modem = ???
Dell Driver Reset Tool = keep
Dell Media Experience = keep
Dell Support 5.0.0 (630) = keep
Dell System Restore = keep
Digital Line Detect = ??? (used rarely)
EPSON Easy Photo Print = DELETE (dont have this printer anymore
EPSON Printer Software = DELETE
ESPR360_390 User's Guide = DELETE
FastStone Image Viewer 3.5 = keep
Google Chrome = ??? (i use firefox, this came with Avast)
GSiteCrawler = DELETE
HiJackThis = keep
Intel(R) Graphics Media Accelerator Driver for Mobile = keep
Intel(R) PROSet/Wireless Software = keep
Internal Network Card Power Management = keep
Java 2 Runtime Environment, SE v1.4.2_03 = ???
Java(TM) 6 Update 18 = ???
Java(TM) 6 Update 7 = ???
Keynote Connector = DELETE
K-Lite Mega Codec Pack 4.8.0 = keep
Malwarebytes' Anti-Malware = keep
Microsoft .Net Framework 1.1 = ???
Microsoft Compression Client Pack 1.0 for Windows XP = ???
Microsoft Office 2000 Premium = keep
Microsoft Office Enterprise 2007 = keep
Microsoft Silverlight = ??? (used rarely)
Microsoft User-Mode Driver Framework Feature Pack 1,0 = ???
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 = ???
Microsoft Visual C++ 2005 Redistributable = ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 = ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 = ???
Microsoft Works 7.0 = delete (i dont use it)
Modem Helper = ??? (used rarely)
Mozilla Firefox (3.5.9) = keep
MSXML 4.0 SP2 (KB936181) = ???
MSXML 4.0 SP2 (KB954430) = ???
MSXML 4.0 SP2 (KB973688) = ???
NetWaiting = ??? (used rarely)
OpenOffice.org Installer 1.0 = delete
QuickSet = keep
QuickTime = delete
SAMSUNG CDMA Modem Driver Set = keep
SAMSUNG Mobile Composite Device Software = keep
Samsung Mobile phone USB driver Software = keep
SAMSUNG Mobile USB Modem 1.0 Software = keep
SAMSUNG Mobile USB Modem Software = keep
Samsung PC Studio = keep
Samsung PC Studio 3 USB Driver Installer = keep
TeamViewer 3 = keep
ToolbarBrowser v2.4 = ??? (used rarely)
Turbo Lister 2 = keep
VLC media player 0.9.9 = keep
VMN Toolbar = delete (dont use it)
Windows Live Essentials = delete
Windows Live Sign-in Assistant = delete
Windows Live Upload Tool = delete
Windows Media Format 11 runtime = keep
Windows Media Player 11 = keep
Windows XP Service Pack 3 = keep
Yahoo! Extras = delete
Yahoo! Install Manager = delete
Yahoo! Internet Mail = ???
Yahoo! Messenger = delete
Yahoo! Toolbar = keep0 -
Am running Malwarebytes followed by Hijack this again
Symptoms -
1 = wireless connection not found to our network thingy, having to refresh network list several times and/or reboot laptop for it to connect up
2 = getting page not found errors on things like MSE and facebook and having to refresh like 3 times for it to work
Malware got one object infected found so far. Back in hour or so with scan results
Are you still having these problems?:idea:0 -
a couple of times for each first thing this morning but nothing since0
-
You can remove all those youve said to delete
You can also remove these ~
CA VMN Anti-Spyware (remove only) = ??? (used rarely)
GSiteCrawler = DELETE
Modem Helper = ??? (used rarely)
ToolbarBrowser v2.4 = ??? (used rarely)
VMN Toolbar = delete (dont use it):idea:0 -
On hols from work so thought I'd just give the laptop a once over.
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4209
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
17/06/2010 17:50:55
mbam-log-2010-06-17 (17-50-55).txt
Scan type: Full scan (C:\|)
Objects scanned: 182399
Time elapsed: 50 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:47, on 17/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8145 bytes0 -
Why not update to IE8 ???0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards