We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
PLEASE ADVISE: what can we safely remove from c drive
Options
Comments
-
BOOT (C) total size 9.31GB free space 128MB
BACKUP (D) total size 6.38GB free space 1.22GB
RECOVER (E) total size 2.92GB free space 1.46GB
(It's a 2002 PC, running XP Home with SP3)
I have shifted most of my pics, videos and music from the C to the D drive in stages, but after each shift the freed space quickly gets gobbled up by something. I regularly run Ccleaner, but most space is recovered by Windows "compressing old files". I can't account for.most of the GB on the C Drive.0 -
You could move 2.5Gb of data from C to D or E.
You could download WinDirStat to either D or E and run it to see what's using all the space on C0 -
nottseagull wrote: »I have updated Malwarebytes (to Version 4842). Just started the full scan; how many hours should it take if the first scan took 2hrs 7 mins? If much more, should I let it run overnight? I'll uninstall Combofix (I saved it without running) and reinstall it. Is it OK to "disable the NVA system tray"? If asked, do I run Vcs4Core.exe ? I won't download Hijack This until you say so.
The reason I always ask for a quick scan first is so that if a computers heavily infected it wont take as long to remove the majority of infections
2 hours is a long time for a quick scan, most full scans take around that time
As for combofix, ive never seen that problem before so im not 100% sure its even combofix thats running. So my theory is let malwarebytes remove everything it can then attempt combofix again
***EDIT*** run hijack inbetween the 2 as well:idea:0 -
Have you emptied your trash?0
-
Is confused, whats happened to the original op hogshead ?0
-
nottseagull wrote: »I have shifted most of my pics, videos and music from the C to the D drive in stages, but after each shift the freed space quickly gets gobbled up by something. I regularly run Ccleaner, but most space is recovered by Windows "compressing old files".
I can't account for.most of the GB on the C Drive.
Running WinDirStat will account for it for you. You'll see what's using your space and which folders it's in.0 -
My PC has been running slow for many months; I presume it's because a trojan is running stuff on behalf of another PC somewhere in the World! Mind you, only having a 1.3 Ghz single core processor doesn't help, I suppose. Well, the full scan didn't show any more malware, I'm really surprised, because I shifted a lot of files to my D drive.2 hours is a long time for a quick scan, most full scans take around that time
The log for this is under the ****************** I haven't deleted anything, but one of the files is for "Incredimail", a programme which caused a lot of hassle and one I thought I had got rid of.*EDIT* run hijack inbetween the 2 as well
I haven't disabled Avast for any of these scans so far, but I am about to do so as I prepare to run Combofix.As for combofix, ive never seen that problem before so im not 100% sure its even combofix thats running. So my theory is let malwarebytes remove everything it can then attempt combofix again
The logs:
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4842
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
16/10/2010 02:43:09
mbam-log-2010-10-16 (02-43-09).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 227151
Time elapsed: 3 hour(s), 31 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:25:01, on 16/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
\BitMeter\BitMeter2.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe\System folder my downloads\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe\System folder my downloads\UpdateCenterService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe\System folder my downloads\nTune\nTuneCmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.searchforge.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.searchforge.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforge.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -\rEVIEW BEFORE BURNING\rpbrowserrecordplugin.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_43.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Surs] C:\Documents and Settings\fil\Application Data\awab.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Helpex32] c:\windows\system32\helpex32.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Netdll32] c:\windows\system32\netdll32.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Cbtdhlg] C:\WINDOWS\System32\rdcdfi.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'mum')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: Bitmeter2.lnk =\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm22735
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_43.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_43.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_43.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_43.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.staples.co.uk/
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax_gb.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} - http://216.82.66.200/build/preload.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1028_EN_XP.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - ftp://download2.us4.outblaze.com/download/mail.com/emailalert/mail_mcea115.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {0BE0E0B4-3E03-4EB6-99B2-00948505A067} (Media Client ActiveX Installer) - http://www.downloadcoach.com/MCInstaller.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dcefb1d5756c0b760d59dc33b9bec5b01707f833ceeca8ca41918abfa4ce0b15a6c9418f1ac630efb19fd9bbb8c09c4b672f5ef3c66baf1404bd891496a37e71c1:62a5934b3643ae9627791f5533d91105
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/109486.exe
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {551A94FA-1F29-4CEB-4086-4A6F727A758B} - http://63.219.178.91/1/rdgGB990.exe
O16 - DPF: {5EE8C907-D4BD-5F94-E377-6D3F2C26724A} - http://63.219.176.203/1/gdnGB485.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} - http://www.mainentrypoint.com/linkzz/QcBar.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc7-gb/gbc7/games4.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://www.exactsearchbar.com/mailcom/Download/Standalone/exactSetup.exe
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FE} - http://217.73.66.1/minidialler/mddl/OR/910039_3050905320_HCGA.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} - http://www.movie-browser.com/tl4000.dll
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} - http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1862.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gba1096.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.dikai.com/em-meuk.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEAE338-9162-4320-B750-6C8B7045EBA2}: NameServer = 217.171.132.1 217.171.135.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Performance Service (nTuneService) - NVIDIA -\System folder my downloads\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA -\System folder my downloads\UpdateCenterService.exe
--
End of file - 17171 bytes0 -
From what I can tell (although alienRIK is better at telling you more accurately):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.searchforge.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.searchforge.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforge.com/search.html
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Surs] C:\Documents and Settings\fil\Application Data\awab.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Helpex32] c:\windows\system32\helpex32.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Netdll32] c:\windows\system32\netdll32.exe (User 'fil')
O4 - HKUS\S-1-5-21-1582333133-3307144382-660890162-1005\..\Run: [Cbtdhlg] C:\WINDOWS\System32\rdcdfi.exe (User 'fil')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm22735
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax_gb.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} - http://216.82.66.200/build/preload.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1028_EN_XP.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - ftp://download2.us4.outblaze.com/dow...il_mcea115.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab
O16 - DPF: {0BE0E0B4-3E03-4EB6-99B2-00948505A067} (Media Client ActiveX Installer) - http://www.downloadcoach.com/MCInstaller.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...791f5533d91105
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/109486.exe
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binarie...ia32_EN_XP.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binarie...EGDHTML_XP.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {551A94FA-1F29-4CEB-4086-4A6F727A758B} - http://63.219.178.91/1/rdgGB990.exe
O16 - DPF: {5EE8C907-D4BD-5F94-E377-6D3F2C26724A} - http://63.219.176.203/1/gdnGB485.exe
O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} - http://www.mainentrypoint.com/linkzz/QcBar.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc7-gb/gbc7/games4.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://fr4-scripts.downloadv3.com/bi...DHTML_pack.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://www.exactsearchbar.com/mailco...exactSetup.exe
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FE} - http://217.73.66.1/minidialler/mddl/...05320_HCGA.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} - http://www.movie-browser.com/tl4000.dll
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binarie...4a_pack_XP.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com...up_minsize.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} - http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1862.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gba1096.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.dikai.com/em-meuk.exe
Although other things are worrying too but I'm not that confident.0 -
Thank you Grandmaster but I will wait for Alien's opinion. Do I delete these before running Combofix?The_Grandmaster wrote: »Although other things are worrying too but I'm not that confident.
Five rows down from your last selection there are four Avast files; as I will be uninstalling Avast 4.8 before running Combofix, is it OK to delete these as well?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards