1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unkown files

Discussion in 'Windows XP' started by megabyte, Jul 4, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    I am cleaning out my computer and would like to know what these files are and would it be okay to delete them:

    C:\$AVG8.VAULT$ (I do have AVG so I would imaging it is theirs. Do you think I could move this to the AVG file?)

    C:\2c03abed19b14-KB43b2e9f6a36d63 (in it is msxml929978-enu.log)

    C:\C_DILLA\SafeCast Product Licences (conflicting advice on web)


    If these are needed, can I create a folder called something like 'keep' and put them in there?
     
  2. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Are these large files?
     
  3. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    AVG = 23.4KB (size on disk 124KB) ....31 files

    next one = 283KB

    C_DILLA = 7.25KB
     
  4. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Well hardly worth worrying about as they take no room at all
     
  5. brillser

    brillser

    Joined:
    Mar 24, 2008
    Messages:
    2,423
    Hi there megabite,
    I can't really advise you technicaly as the files you mention are AVG, but on a lower, computer user level, I would suggest that you follow the golden rules.
    You know the one that states "leave well enough alone" and the other, "If it aint broke, don't fix it"
    I've been as bored as you (apparently) are now, and looked for all manner of problem with my machine, I even created a few, just so that I could fix them.:)

    You answered your own question in post No. 4
     
  6. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    The AVG one I think is the Virus Vault. Best to leave the folder where it is, but you can empty the vault through the AVG program.

    The second one is from the MS-XML installer from one of the Windows Updates (don't know which one, but I'd probably say from the .NET Framework). Don't really think it is totally necessary, but not sure.

    The third entry... well the consensus of Google does seem to indicate malware activity. I'd have it checked out if I was you.

    To assist in your problem, we need you to download HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe). Install the program (it will save to C:\Program Files\Trend Micro\HijackThis), run it, and select 'Scan'. Do not fix anything yet, just select 'Save log', and copy the contents of the log to your next post. A security expert will be along to check the log. Please be patient.


    If, after 48 hours, you have not received a response, click on the 'Report' button at the bottom of your post, and ask politely to have the post moved to the Malware Removal forum.
     
  7. brillser

    brillser

    Joined:
    Mar 24, 2008
    Messages:
    2,423
    Sorry Megabite,
    I sounded a bit like an A...........above:)
     
  8. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    No problem brissler! But I did not answer my own question...... please note the spelling on the names. I am Megabyte and Megabite has answer me :)

    Good thinking techkid about the hijack this.

    I know it sounds like I am going out of my way to create work for myself, but since I have been having problems and my friend is going to go out of his way to format and install 2007 for me.....and.....I will be spending ages reinstalling everything, I just want to do the best that I can.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:51:38, on 04/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...r=&.intl=us&.src=my&.done=http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] c:\program files\jv16 powertools 2007\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] c:\program files\jv16 powertools 2007\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1214480006948
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    --
    End of file - 9759 bytes
     
  9. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    BTW, my friend also download service pack 3. I am not sure if that is one of my problems, but everything seemed to slow down. I also got fed up with IE, so I am now back to Firefox
     
  10. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    I know you are busy guru's. When someone has a moment, could you please look at my hijack.

    Thanks
     
  11. oshwyn5

    oshwyn5

    Joined:
    May 23, 2007
    Messages:
    730
    Remember a good rule of thumb is that if you did not create it , you should not delete it unless an expert tells you specifically to delete it.
    Deleting files and folders which applications need can cause problems, a slowdown being the least of your worries.

    That covered, I suspect your slowdown issue may be related to AVG8.
    They have seriously changed it and it can really cause some issues.
    Many notice their PCs get severely slow after upgrading (and I use the term in its broadest meaning) to AVG8.
    Not only does the new AVG8 antivirus and antispyware engine use a lot more resources than previous versions, but they scan a lot of things like internet links , search results etc .It will make your browser wait to open new pages as it scans them , at what is an abysmally slow rate compared to other antivirus applications.
    http://free.avg.com/ww.faq.num-1338
    Tells how to disable the "link scanner" feature which will help a lot.
    Avira Antivir and Avast both have free antivirus which are far less demanding than the new AVG8
     
  12. megabyte

    megabyte Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    242
    Thanks for that oshwyn5. I was not aware of the problems with AVG8. I will try disabling the link scanner before changing to a different antivirus.

    I appreciate what you are saying about if I did not create it, leave it, and I agree.

    Since I am going through major work (for me) having my computer formatted (I am not the quickest bunny in the field!), I would still like someone to have a quick check through my HijackT just to make sure there is nothing in there that will cause problems.

    If a special guru misses seeing this, I will close this down and start a new one with my highjack on it, unless someone replies telling me not to do that.

    Thanks
     
  13. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    Security members typically do not respond to those problems which are either made or have been responded to within 48 hours. That is why people ask you to wait.

    Patience is a virtue, especially here.
     
  14. Morny

    Morny

    Joined:
    Oct 12, 2005
    Messages:
    738
    But if you are formatting your harddrive, you will get rid of any problems you are experiencing. Maybe when your system is up and running, go for a different anti-virus program, if you feel AVG is causing problems? I'd advise to download a different one first (before formatting) and save the .exe file to some other location, like an external HD or CD.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unkown files
  1. SilverSurf
    Replies:
    1
    Views:
    338
  2. Bill P
    Replies:
    3
    Views:
    385
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/727166

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice