Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Open Anything From Desktop


  • This topic is locked This topic is locked
13 replies to this topic

#1 Flipper317

Flipper317

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 25 August 2008 - 02:37 AM

Everytime I open a window on my Laptop it closes down in 5 seconds. Can just barely run a HiJack log before it disappears. Just started happening tonite.
Hope someone can help me

Thanks in advance
Phil

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:54 AM, on 8/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Wireless\WE603H\Gcc.exe
C:\Program Files\Wireless\WE603H\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: IEEE802.11g WLAN Card Utility.lnk = C:\Program Files\Wireless\WE603H\Gcc.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - Winlogon Notify: d498dae7382 - C:\WINNT\system32\__c00DCB8E.dat
O20 - Winlogon Notify: __c0054CE4 - C:\WINNT\system32\__c0054CE4.dat
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

--
End of file - 4667 bytes

Edited by Flipper317, 25 August 2008 - 02:37 AM.


BC AdBot (Login to Remove)

 


m

#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:08 AM

Posted 09 September 2008 - 12:26 PM

Hello Flipper317 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


I ask that you refrain from running tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 09 September 2008 - 08:02 PM

Thank you very much Wall

Once I saved the text to the dektop I couldn't open it because the text.exe found errors so I saved it as an explorer file.
Here it is:

Tuesday, September 9, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 21:40:20
Records in database: 1203903


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 18932
Threat name 4
Infected objects 30
Suspicious objects 0
Duration of the scan 00:56:07

File name Threat name Threats count
C:\WINNT\system32\__c00DCB8E.dat/C:\WINNT\system32\__c00DCB8E.dat Infected: Trojan.Win32.Inject.gto 18

C:\WINNT\system32\__c0054CE4.dat/C:\WINNT\system32\__c0054CE4.dat Infected: not-a-virus:AdWare.Win32.Agent.ekj 7

pdfSaver.exe\__c0054CE4.dat/pdfSaver.exe\__c0054CE4.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1

Ad-watch.exe\__c0054CE4.dat/Ad-watch.exe\__c0054CE4.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1

C:\WINNT\system32\~.exe Infected: Trojan-Downloader.Win32.Agent.abnd 1

C:\WINNT\system32\__c00DCB8E.dat Infected: Trojan.Win32.Inject.gto 1

C:\WINNT\system32\__c0054CE4.dat Infected: not-a-virus:AdWare.Win32.Agent.ekj 1

The selected area was scanned.


I can only open one explorer window at a time so I will post the other scan in the next post.

Again many thanks
Phil

#4 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 09 September 2008 - 09:00 PM

Logfile of random's system information tool (written by random/random)
Run by Administrator at 2008-09-10 09:48:52
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 14 GB (72%) free of 19 GB
Total RAM: 255 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:59 AM, on 9/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Wireless\WE603H\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O20 - Winlogon Notify: d498dae7382 - C:\WINNT\system32\__c00DCB8E.dat
O20 - Winlogon Notify: __c0054CE4 - C:\WINNT\system32\__c0054CE4.dat
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

--
End of file - 3802 bytes

Scheduled tasks folder

C:\WINNT\tasks\ParetoLogic Update.job
C:\WINNT\tasks\RegCure.job
C:\WINNT\tasks\RegCure Program Check.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"= []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-02-05 495616]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-02-05 98304]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-24 335872]
"602PC SUITE PDF Saver"=C:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]
"Ad-watch"=C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe [2003-02-12 392192]
"ATIModeChange"=C:\WINNT\system32\Ati2mdxx.exe [2001-09-04 28672]
"Synchronization Manager"=C:\WINNT\system32\mobsync.exe [2003-06-19 111376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPortPatch]
C:\WINNT\DockQuickInstall\cppch.exe [2001-08-06 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINNT\system32\NeroCheck.exe [2003-07-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
C:\WINNT\system32\pctspk.exe [2002-07-18 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRPCMonitor]
C:\WINNT\system32\PRPCUI.exe [2002-03-25 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINNT\system32\mobsync.exe [2003-06-19 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE802.11g WLAN Card Utility.lnk]
C:\Program Files\Wireless\WE603H\Gcc.exe [2005-11-16 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d498dae7382]
C:\WINNT\system32\__c00DCB8E.dat [2008-08-25 74240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0054CE4]
C:\WINNT\system32\__c0054CE4.dat [2008-09-09 25088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

List of files/folders created in the last three months

2008-09-09 21:06:01 ----D---- C:\rsit
2008-09-09 19:41:16 ----D---- C:\WINNT\Sun
2008-09-09 19:41:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-09-09 19:40:50 ----A---- C:\WINNT\system32\javaws.exe
2008-09-09 19:40:50 ----A---- C:\WINNT\system32\javaw.exe
2008-09-09 19:40:50 ----A---- C:\WINNT\system32\java.exe
2008-09-09 19:39:03 ----D---- C:\Program Files\Java
2008-09-09 19:38:36 ----D---- C:\Program Files\Common Files\Java
2008-09-03 00:05:48 ----D---- C:\Program Files\Windows Resource Kits
2008-08-27 23:24:03 ----A---- C:\WINNT\system32\RPVersion.ini
2008-08-27 23:19:52 ----A---- C:\WINNT\unvise32.exe
2008-08-27 23:18:35 ----D---- C:\Program Files\RegistryPatrol3.0
2008-08-26 10:47:53 ----D---- C:\Program Files\RegCure
2008-08-26 10:21:11 ----D---- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2008-08-26 10:20:47 ----D---- C:\Program Files\ParetoLogic
2008-08-26 10:20:47 ----D---- C:\Program Files\Common Files\ParetoLogic
2008-08-26 10:20:47 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-08-26 10:20:20 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-25 03:47:54 ----A---- C:\WINNT\ntbtlog.txt
2008-08-25 02:53:16 ----D---- C:\Program Files\Trend Micro
2008-08-18 15:57:55 ----A---- C:\WINNT\TLCUninstall.exe
2008-08-18 15:57:52 ----D---- C:\Program Files\The Learning Company
2008-08-18 15:55:36 ----A---- C:\WINNT\SETUP32.INI
2008-08-17 07:00:11 ----A---- C:\WINNT\system32\~.exe
2008-08-12 17:50:40 ----HD---- C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$
2008-08-12 17:31:13 ----HD---- C:\WINNT\$NtUninstallKB952954$
2008-08-12 17:30:31 ----HD---- C:\WINNT\$NtUninstallKB953838-IE6SP1-20080620.120000$
2008-08-12 17:29:53 ----HD---- C:\WINNT\$NtUninstallKB953839$
2008-08-12 17:29:19 ----HD---- C:\WINNT\$NtUninstallKB950974$
2008-07-10 07:00:14 ----A---- C:\WINNT\system32\es.dll
2008-07-09 22:10:50 ----D---- C:\FOUND.002
2008-07-08 20:27:10 ----HD---- C:\WINNT\$NtUninstallKB951748$
2008-06-25 06:41:54 ----A---- C:\WINNT\system32\mswsock.dll
2008-06-25 06:41:54 ----A---- C:\WINNT\system32\msafd.dll
2008-06-25 06:41:54 ----A---- C:\WINNT\system32\dnsapi.dll
2008-06-24 21:41:19 ----HD---- C:\WINNT\$NtUninstallKB950760$
2008-06-24 21:37:54 ----HD---- C:\WINNT\$NtUninstallKB950759-IE6SP1-20080418.120000$
2008-06-24 21:37:08 ----HD---- C:\WINNT\$NtUninstallKB951698_DX9$
2008-06-20 10:59:20 ----A---- C:\WINNT\system32\BROWSEUI.DLL
2008-06-20 10:59:12 ----A---- C:\WINNT\system32\SHDOCVW.DLL
2008-06-20 10:59:04 ----A---- C:\WINNT\system32\SHLWAPI.DLL
2008-06-20 09:53:58 ----A---- C:\WINNT\system32\WININET.DLL
2008-06-20 09:53:52 ----A---- C:\WINNT\system32\URLMON.DLL
2008-06-20 09:53:34 ----A---- C:\WINNT\system32\IEPEERS.DLL
2008-06-20 09:53:32 ----A---- C:\WINNT\system32\PNGFILT.DLL
2008-06-20 09:53:30 ----A---- C:\WINNT\system32\MSHTML.DLL
2008-06-20 09:53:28 ----A---- C:\WINNT\system32\DXTMSFT.DLL
2008-06-20 09:53:26 ----A---- C:\WINNT\system32\DXTRANS.DLL

List of drivers

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2005-01-06 58000]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-01-06 23420]
R1 OMCI;OMCI WDM Device Driver; C:\WINNT\system32\DRIVERS\omci.sys [2004-02-13 17153]
R2 PRPC;PRPC; C:\WINNT\system32\drivers\PRPC.sys [2001-11-28 10495]
R3 AR5211;IEEE802.11g WLAN Card Service; C:\WINNT\system32\DRIVERS\ar5211.sys [2006-01-20 488448]
R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2004-02-24 679424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2003-06-19 9904]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINNT\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINNT\System32\DRIVERS\el90Xbc5.SYS [2002-04-05 73827]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINNT\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673]
R3 SynTP;Synaptics TouchPad Driver; C:\WINNT\System32\DRIVERS\SynTP.sys [2004-02-05 178496]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINNT\system32\CBTNDIS5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINNT\System32\DRIVERS\el575nd5.sys [1999-10-19 77072]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [2002-04-05 73827]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINNT\System32\DRIVERS\ptserial.sys [2002-11-06 135260]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 dmload;dmload; C:\WINNT\System32\drivers\dmload.sys [2003-06-19 7312]

List of services

R2 ActionAgent;ActionAgent; C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe [2002-12-15 118784]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [2004-02-24 397312]
R2 DellDmi;DellDmi; C:\DMI\WIN32\bin\DellDmi.exe [2002-12-15 217088]
R2 DEventAgent;DEventAgent; C:\Program Files\Dell\OpenManage\Client\EventAgt.exe [2002-12-15 147456]
R2 DLT;DLT; C:\Program Files\Dell\OpenManage\Client\DLT.exe [2002-12-15 131072]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2002-12-15 155648]
R2 Win32Sl;Win32Sl; C:\dmi\win32\bin\Win32sl.exe [2002-12-15 249344]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------

Edited by Flipper317, 10 September 2008 - 08:47 AM.


#5 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 09 September 2008 - 09:55 PM

info.txt logfile of random's system information tool 2008-09-10 09:49:03

Uninstall list

602PC SUITE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DFC4B13-4489-4A59-AF95-12628A86FA76}\Setup.exe" -l0x9 -UNINSTALL -UNINSTALL
64x Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{033FAD4E-C48B-11D5-BCEF-005004748D87}\Setup.exe" -l0x9
AccessDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Ad-aware 6 Professional-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX-->C:\WINNT\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINNT\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Dell Dock Quick Install for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97633BED-21C3-11D5-A09E-00600823B4E4}\SETUP.EXE" anything
Dell OpenManage Client Instrumentation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0773A806-0853-4B4D-8771-55BEF03E242B}\Setup.exe" -l0x9 -f1C:\PROGRA~1\Dell\OPENMA~1\Client\uninst.iss
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB911562)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB911562-x86-ENU$\spuninst\spuninst.exe"
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
IEEE802.11g WLAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F00ED24-A6D5-471B-B097-6183867DF9BB}\Setup.exe" -l0x9
Intel SpeedStep technology Applet-->C:\WINNT\IsUninst.exe -f"C:\WINNT\System32\Intel® SpeedStep™ technology Applet.isu"
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Odyssey Client-->MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
ParetoLogic Privacy Controls-->MsiExec.exe /I{742DFC87-1703-46D8-AC24-F87FDCD7C1AB}
PCTEL 2304WT V.92 MDC Modem Drivers-->ptuninst.exe
PDF-XChange 3.0-->"c:\Program Files\PDF\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Registry Patrol v3.0-->C:\WINNT\unvise32.exe C:\Program Files\RegistryPatrol3.0\uninstal.log
Security Update for DirectX 9 (KB941568)-->"C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB890046-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896424-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896688-->"C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB902400-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908523-->"C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911567-->"C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912812-->"C:\WINNT\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912919-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917159-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918899-->"C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920958-->"C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921503-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921883-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922616-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922760-->"C:\WINNT\$NtUninstallKB922760-IE6SP1-20061018.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925454-->"C:\WINNT\$NtUninstallKB925454-IE6SP1-20061116.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"C:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928090-->"C:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931768-->"C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933566-->"C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB936021-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937143-->"C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938127-->"C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938829-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB939653-->"C:\WINNT\$NtUninstallKB939653-IE6SP1-20070817.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941202-->"C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941644-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941693-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB942615-->"C:\WINNT\$NtUninstallKB942615-IE6SP1-20071029.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944533-->"C:\WINNT\$NtUninstallKB944533-IE6SP1-20071210.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB947864-->"C:\WINNT\$NtUninstallKB947864-IE6SP1-20080215.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948881-->"C:\WINNT\$NtUninstallKB948881-IE6SP1-20080313.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950759-->"C:\WINNT\$NtUninstallKB950759-IE6SP1-20080418.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950760-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953838-->"C:\WINNT\$NtUninstallKB953838-IE6SP1-20080620.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953839-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=C:\WINNT\system32;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\DMI\WIN32\BIN
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"WIN32DMIPATH"=C:\DMI\WIN32
"602ALBUM_EXE"=C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe

-----------------EOF-----------------

Edited by Flipper317, 10 September 2008 - 09:08 AM.


#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:08 AM

Posted 11 September 2008 - 12:09 PM

I don't see any sign of either an antivirus or firewall on your computer. That is really dangerous in today's world with all the Malware out there just waiting to attack an unprotected system.


Here are some links to programs which are free and can upgrade your security quite a bit

1.)

For a free anti-virus please follow these instructions:


Click on this link: AVG
  • Underneath AVG Anti-Virus Free click on Download
  • Click on AVG 8.0 Free for Windows
  • Click on Download
  • A window will open. Click on Save File-A window will open. Click on Next
  • Click on Accept
  • Make sure standard install is checked and click Next
  • You can enter your name and click Next
  • click Finish After install is complete click OK
  • Follow prompters to update and check for viruses
Some more links to free anti-virus programs(Note. Choose only one)

Avira

Avast




A firewall is also of the utmost importance in preventing your system from being hacked.
Click for more information on: Understanding and Using Firewalls


Here are some good programs that are also free:

Sunbelt-Kerio

Online Armore Free Edition

Comodo

Note: Use only one!





2.)

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".





3.)

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.




When completed please post a new HJT log along with the one from MBAM
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 11 September 2008 - 03:23 PM

Here's the 2 logs you requested Wall

What do you suggest uninstalling to make the computer startup quicker and run faster? Ad Aware, Ad Watch?

I'm sure there are unnecessary programs and startup items.

Thanks for all your help and donation on the way when all is done.

Thanks
Flip


Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.0.2195 Service Pack 4

9/11/2008 4:22:59 PM
mbam-log-2008-09-11 (16-22-59).txt

Scan type: Quick Scan
Objects scanned: 32556
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0054ce4 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:07 PM, on 9/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: d498dae7382 - C:\WINNT\system32\__c00DCB8E.dat (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

--
End of file - 4919 bytes

Edited by Flipper317, 11 September 2008 - 03:28 PM.


#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:08 AM

Posted 11 September 2008 - 03:37 PM

I'm just glad I am able to help you. :thumbsup:


What do you suggest uninstalling to make the computer startup quicker and run faster? Ad Aware, Ad Watch?


When we are done I will give you some things to help with disabling programs you don't need all of the time.





How is the computer running now? Is it any better?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 11 September 2008 - 07:55 PM

Seems much better. I can open programs from the desktop without them shutting down. My Wireless connection hasn't come back but that is fixable.

Thank you very much

What's next?

Phil

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:08 AM

Posted 12 September 2008 - 06:55 AM

Log is looking good now, just a little cleaning up left to do.


Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O20 - Winlogon Notify: d498dae7382 - C:\WINNT\system32\__c00DCB8E.dat (file missing)

Then close all windows except HijackThis and click Fix Checked.

Restart your computer


I am giving you a link to one of our other forums which talks about Windows startup programs. This link is one topic in a forum which has a lot of info on what you are asking about and is a good way to determine what you want to run at startup and what you may not want to. It provides a link to a program called Autoruns which is highly helpful in making startup decisions.

Windows Startup Program Database




You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.


Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis



  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date




Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 12 September 2008 - 11:26 AM

Thanks again.

Do I assume that you want me to download the above programs and then also keep the AF Cleaner, AGV, RSIT and Malawarebytes on my desktop?

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:08 AM

Posted 12 September 2008 - 11:47 AM

You can delete the RSIT if you would like to. If it was ever needed again it would be better to have an upgraded version. The others you can keep along with the new stuff. The AVG 8 is now your antivirus and you should definitely keep it and even if it is set to automatic updates it is always a good idea to check them often and make sure they are updated, same as with your other programs like MBAM. I usually scan my computer at least once a week with MBAM along with doing various on-line scans like Kaspersky on a regular basis. I have found there is really no such thing as being overly cautious when it comes to Malware.


Best of luck to you in the future!! :thumbsup:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 Flipper317

Flipper317
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 12 September 2008 - 12:22 PM

Thanks again Mr. Wall

Terrific responses and wonderful advice.

I and the family appreciate it.

Phil

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 12 September 2008 - 05:26 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users