Sandman70
New Member
Hey folks - Sandi & kinda new around here - I Have half of a Windows 7 (64bit) OS, so suspect I may become a fairly regular visitor to the Windows 7 area (since I spent the last 5 weeks chasing my tail removing Badware from this infernal machine - now I have a list of driver and app compatability issues to contend with!) :huh: Nevermind, sure I'll get there - but it's not actually my Laptop I'm here about today...
I mentioned 'badware' - What started out yesterday as an excercise in trying to speed up and reduce a friends painfully long lap-top re-start time
got me a little worried and my concience has bought me here in search of a little assistance. Would like to ensure we're not re-infecting each other after seeing (what looks to me like) an awful lot of 'Groovey' thingys going on, would like a 2nd opinion. (my browser is being an Ass again today and I'm struggling to get to any of the trusted malware helpsites i have used in the past) guess I'm not out the woods yet
His system - Vista home prem 32bit on a Toshiba Satelite laptop, unsure of exact spec, pretty sure it's a 2gig pentium duel core with 2gig of installed RAM
Although he's not currently having any major hassles with it, it's slow, gets a little overheated - a fair amount of petty glitchy things going on - and the re-boot time is painful! Managed to get several things disabled from running at start yesterday and removed some superfluous software installations - no problems, in fact there wasn't much left checked at all in msconfig list by time we finished - so was rather surprised by the volume of things Silent runners found afterwards.
- my reasons for worrying -
Norton had quarantined a file a long ago, which was apparently 'allowed' to run at start - I wasn't aware at 1st, so got him to run the Norton removal tool after spying a little Norton/Symantic residue. I would assume the tool should have removed the vault and the file too? Or no, maybe it was unable? Well anyway it was 'VMware - Virus Trigger'? something like that - none of the listed known registry entries associated with that malware were present so went ahead and deleted the file - all good, although his laptop did abruptly re-boot - I read somewhere that usually comes bundled with other things - I'm unsure exactly what Norton found back then.
Other concerns - unknowly had defender running alongside AVG for ... erm ... unknown amount of time. Not sure, but when I was running AVG free - was given the immpression that isn't wise? and AVG auto switches that off? So he's potentially had compromised AV protection?
He wasn't able to download HJT for a while system wouldn't allow it, even with re-naming - pointed him to a standalone downloader link and we got in the end.
Live messenger (Grrr) - advised him a link to Bleeping Computers site I sent was a reported attack site
and a couple of times Windows Live crashed (both ends mine & his but not simultaneous) when I attempted sending links to MW resources and MW removal info - don't think that can be a good sign ... ? Windows live sharing folder WAS resposible for some of my laptop issues...
'Groove monitor' ? I am aware there's a valid reason for that with MSO installed - but sooo many instances of running thingys?? Erm yer, well spotted .. I'm hoping to get his office software removed and replaced, as soon as I'm sure it's safe to do so - Along with IE browser probably, I also think a fresh AVG and Windows Live install wouldn't go amiss? Please feel free to tell me if I'm being paranoid - my laptop has made me that way lately - yes I am aware
I have nothing to loose on my laptop for now - yet another new install is no bother for me, but he has months of Uni work and stuff I'd prefer he didn't loose on account of something I may have given him
Attached silent runners and HJT log if anyone 'in the know' could please take a look and see for me and maybe offer a little guidance?
Thanks in advance
Sandi
~~~~
I mentioned 'badware' - What started out yesterday as an excercise in trying to speed up and reduce a friends painfully long lap-top re-start time


His system - Vista home prem 32bit on a Toshiba Satelite laptop, unsure of exact spec, pretty sure it's a 2gig pentium duel core with 2gig of installed RAM
Although he's not currently having any major hassles with it, it's slow, gets a little overheated - a fair amount of petty glitchy things going on - and the re-boot time is painful! Managed to get several things disabled from running at start yesterday and removed some superfluous software installations - no problems, in fact there wasn't much left checked at all in msconfig list by time we finished - so was rather surprised by the volume of things Silent runners found afterwards.
- my reasons for worrying -
Norton had quarantined a file a long ago, which was apparently 'allowed' to run at start - I wasn't aware at 1st, so got him to run the Norton removal tool after spying a little Norton/Symantic residue. I would assume the tool should have removed the vault and the file too? Or no, maybe it was unable? Well anyway it was 'VMware - Virus Trigger'? something like that - none of the listed known registry entries associated with that malware were present so went ahead and deleted the file - all good, although his laptop did abruptly re-boot - I read somewhere that usually comes bundled with other things - I'm unsure exactly what Norton found back then.
Other concerns - unknowly had defender running alongside AVG for ... erm ... unknown amount of time. Not sure, but when I was running AVG free - was given the immpression that isn't wise? and AVG auto switches that off? So he's potentially had compromised AV protection?
He wasn't able to download HJT for a while system wouldn't allow it, even with re-naming - pointed him to a standalone downloader link and we got in the end.
Live messenger (Grrr) - advised him a link to Bleeping Computers site I sent was a reported attack site

'Groove monitor' ? I am aware there's a valid reason for that with MSO installed - but sooo many instances of running thingys?? Erm yer, well spotted .. I'm hoping to get his office software removed and replaced, as soon as I'm sure it's safe to do so - Along with IE browser probably, I also think a fresh AVG and Windows Live install wouldn't go amiss? Please feel free to tell me if I'm being paranoid - my laptop has made me that way lately - yes I am aware

I have nothing to loose on my laptop for now - yet another new install is no bother for me, but he has months of Uni work and stuff I'd prefer he didn't loose on account of something I may have given him

Attached silent runners and HJT log if anyone 'in the know' could please take a look and see for me and maybe offer a little guidance?
Thanks in advance
Sandi
Attachments
My Computer
System One
-
- Manufacturer/Model
- HP Pavilion Dv6 1130sa
- CPU
- Pentium Dual Core -T4200 @ 2.00GHz
- Memory
- 4063MB Ram
- Graphics card(s)
- ATI mobilty Radeon HD4530
- Sound Card
- IDT High definition
- Screen Resolution
- 1366x768
- Hard Drives
- ST9250320AS ATA
- Internet Speed
- 10mb - with a fair wind. Alas I live on the north coast UK
- Other Info
- Currently wishing I could run in 64bit mode without at least 1 inoperative driver - varies from day to day which is gonna fail most :-P Don't like dem yellow exclamations much!