Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check infection?


  • Please log in to reply
23 replies to this topic

#1 rpsupporter

rpsupporter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 30 January 2012 - 12:12 AM

Hello,

I believe this all started on booting, but I'm pretty sure the last shutdown was a panic.
Trying to fix a computer for a jackass.
The desktop is black, with no icons..
Has a system check window open.
Bunch of error windows behind it, "Failed to start....corruptable or unreadable".

Originally the Start menus were empty except for Programs, which was empty, and some shortcut for Toshiba products (Toshiba laptop).

Now what I'm responsible for...
Started in safe mode, and sort of thought to unhide folders on my own, started by chasing down all of the missing icons.
Did get what appears to be all icons back and now Programs shows a bunch of shortcuts, but they are all empty, except for the system check, and it has 2 shortcuts, one of which is an uninstall. It was tempting. Also now have a shortcut that appeared to be IE on the start menu.

After reading some posts here, followed the system check removal guide.
Downloaded RKill, MBam and unHide to a jump drive and transferred RKill to infection laced lapper.
Did not specify finding & killing any apps, though it did show the log file.
Did not turn off machine.

Connected it to the comcast hose(internet).
Transferred & Went to install & run MBam but it denied access.
So I thought to try the copy of MBam already on the machine (no previous infection - used for maintenance).
It could not update because it goes into install mode and gets denied access.

So I went with my 30 day old version for a full scan.
And when that's done, assuming all goes well, I plan to run unHide and maybe all will be good.

Any suggestions?
Thanks in advance.
rpsupporter

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 30 January 2012 - 02:56 AM

Please download exeHelper to your desktop.

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

http://download.bleepingcomputer.com/grinler/unhide.exe

Run the unhide fix first

Try to install malwarebytes now.If that doesnt work,rename mbam.exe to mbam.com and run it

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 30 January 2012 - 02:58 AM.


#3 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 30 January 2012 - 11:09 AM

Thanks narenxp,

Sorry I didn't jump on this in the late am.

Just an update. I followed through with my original plan, MBam found 7 problems and removed but did not prompt a reboot. Still could not update MBam. Then I ran unhide and most returned to normal in safe mode. But there was still a system check entry in my Programs menu. It did not appear in my control panel add/remove list.

When I started in normal windows, the problem came back. I tried to kill it right away. Rebooted in safe mode and was missing some shortcuts, along with the desktop. It wasn't as bad as before.

Ran RKill and it only found adobe. But my desktop returned. Then ran MBam, it found 6 problems & removed. It did prompt a reboot this time.

And that is where I'll start with your new instructions. I did find the files associated with the system check menu entry. Dates match the infection time line. Looked into the startup & such to see if I noticed anything but did not.

Thanks again, and I'll provide the results as per your instructions.
rpsupporter

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 30 January 2012 - 11:25 AM

I want you to manually remove the system check icons and continue with instructions

Good luck

#5 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 30 January 2012 - 06:25 PM

Hello narenxp,

Almost done, here's what I have so far:

All done in safe mode.
Ran exehelper, apparently normal.
Ran unHide, apparently normal.
Updated/installed MBam with no problems. It found nothing.
Ran TDDSKiller, nothing found.
Now waiting for GMER to finish.

Then I'll run aswMBR.

And then remove the system check shortcuts in the Programs menu.
How about moving the associated files for system check to another directory? Currently in \docs&settings\allusers\app data. One is named: 32NIBP8XEHFAKKX.exe

Thanks again for the help.
rpsupporter

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 30 January 2012 - 07:11 PM

How about moving the associated files for system check to another directory?//

Not sure what you meant in this line but i require you to delete it permanently.32NIBP8XEHFAKKX.exe this is definitely a rogue file

Good luck

Edited by narenxp, 30 January 2012 - 07:11 PM.


#7 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 30 January 2012 - 09:02 PM

Hello narenxp,

Just to be clear...On my Programs menu I have a "System Check" item that opens to 2 shortcuts, "System Check" & "Uninstall System Check". The files associated with them are 2nibp8XEHfakKx.exe & 2nibp8XEHfakKx.exe"1 respectively.

The folder they reside in (Application Data) holds these 4 files:
2nibp8XEHfakKx
~2nibp8XEHfakKx
2nibp8XEHfakKx.exe
2nibp8XEHfakKxr

And I should remove them all permanently, correct? I took the message as to remove the menu items.

As of now, I finished running GMER & aswMBR (default was quickscan) and have posted both logs below.

I still have the aswMBR results screen up, have not rebooted.

I'll wait for your instructions.
Thanks,
rpsupporter

*******************************************
gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-30 19:15:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS542512K9SA00 rev.BB2OC33P
Running: wdowwz0v.exe; Driver: C:\DOCUME~1\CHRISL~1\LOCALS~1\Temp\uwryapoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

***************************************
awsMBR log
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 19:16:55
-----------------------------
19:16:55.687 OS Version: Windows 5.1.2600 Service Pack 3
19:16:55.687 Number of processors: 2 586 0x6802
19:16:55.687 ComputerName: CL-LAPTOP UserName:
19:16:56.500 Initialize success
19:17:41.546 AVAST engine defs: 12013000
19:17:52.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:17:52.500 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
19:17:52.531 Disk 0 MBR read successfully
19:17:52.546 Disk 0 MBR scan
19:17:52.578 Disk 0 Windows XP default MBR code
19:17:52.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105865 MB offset 63
19:17:52.656 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 8605 MB offset 216813240
19:17:52.687 Disk 0 scanning sectors +234436545
19:17:52.796 Disk 0 scanning C:\WINDOWS\system32\drivers
19:18:09.796 Service scanning
19:18:11.984 Modules scanning
19:18:49.312 Disk 0 trace - called modules:
19:18:49.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:18:49.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a709ab8]
19:18:49.453 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a6fff18]
19:18:49.531 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a719940]
19:18:50.359 AVAST engine scan C:\WINDOWS
19:20:17.781 AVAST engine scan C:\WINDOWS\system32
19:34:02.781 AVAST engine scan C:\WINDOWS\system32\drivers
19:35:41.093 AVAST engine scan C:\Documents and Settings\Chris Laboon
19:38:59.171 File: C:\Documents and Settings\Chris Laboon\Application Data\Sun\Java\Deployment\cache\6.0\7\e0ede87-17a03b41 **INFECTED** Win32:Crypt-LHP [Trj]
19:48:42.406 AVAST engine scan C:\Documents and Settings\All Users
19:48:42.531 File: C:\Documents and Settings\All Users\Application Data\2nibp8XEHfakKx.exe **INFECTED** Win32:Crypt-LHP [Trj]
19:49:24.093 File: C:\Documents and Settings\All Users\Application Data\PAwhgCLyHSr.exe **INFECTED** Win32:Crypt-LHP [Trj]
19:49:45.390 Scan finished successfully
20:31:21.218 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
20:31:21.234 The log file has been saved successfully to "F:\aswMBR.txt"

The last 2 entries(above Scan Finished Successfully) were in red, as was the 4th entry from the end, all trjs.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 31 January 2012 - 01:00 AM

That's right,systemcheck icons resides in application data folder.

Press Windows+R key and type

notepad and click ok

Now copy this script
@echo off
del /f /s /q "C:\Documents and Settings\Chris Laboon\Application Data\Sun\Java\Deployment\cache\6.0\7\e0ede87-17a03b41"
del /f /s /q "C:\Documents and Settings\All Users\Application Data\2nibp8XEHfakKx.exe"
del /f /s /q "C:\Documents and Settings\All Users\Application Data\PAwhgCLyHSr.exe"
del %0

Save it as Remove.bat

Run the bat file

Post the new aswmbr log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 31 January 2012 - 01:01 AM.


#9 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 January 2012 - 10:40 AM

Hello narenxp,

The laptop is still sitting here in safemode, connected to the router/internet, hasn't rebooted since the first MBam scan reuired it.

Ran the Remove.bat file.
Ran aswMBR and the log is below.
Ran esetsmartinstaller and the log is below.
Ran MiniToolBox and the log is below.

Should I permanently delete the other 3 files that were in the directory of 2nibp8XEHfakKx.exe? They had the same name but different extensions. The problem with working with me is that I take directions literally, so I'm sorry if that's what you meant previously.

Await your reply.
rpsupporter


*********************************
aswMBR log

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 07:34:03
-----------------------------
07:34:03.625 OS Version: Windows 5.1.2600 Service Pack 3
07:34:03.625 Number of processors: 2 586 0x6802
07:34:03.625 ComputerName: CL-LAPTOP UserName:
07:34:04.359 Initialize success
07:34:10.765 AVAST engine defs: 12013000
07:34:29.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:34:29.890 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
07:34:29.937 Disk 0 MBR read successfully
07:34:29.953 Disk 0 MBR scan
07:34:29.953 Disk 0 Windows XP default MBR code
07:34:29.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105865 MB offset 63
07:34:30.000 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 8605 MB offset 216813240
07:34:30.015 Disk 0 scanning sectors +234436545
07:34:30.125 Disk 0 scanning C:\WINDOWS\system32\drivers
07:35:12.531 Service scanning
07:35:15.015 Modules scanning
07:35:58.218 Disk 0 trace - called modules:
07:35:58.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:35:58.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a709ab8]
07:35:58.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a6fff18]
07:35:58.437 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a719940]
07:35:59.359 AVAST engine scan C:\WINDOWS
07:37:07.187 AVAST engine scan C:\WINDOWS\system32
07:43:24.234 AVAST engine scan C:\WINDOWS\system32\drivers
07:43:56.687 AVAST engine scan C:\Documents and Settings\Chris Laboon
07:56:21.156 AVAST engine scan C:\Documents and Settings\All Users
07:57:47.593 Scan finished successfully
08:11:47.828 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
08:11:47.843 The log file has been saved successfully to "F:\aswMBR02.txt"

*********************************
esetsmartinstaller log


C:\Documents and Settings\Chris Laboon\Local Settings\Temporary Internet Files\Content.IE5\2MOMFKO1\16[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

********************************
MiniToolBox log


MiniToolBox by Farbar Version: 18-01-2012
Ran by Chris Laboon (administrator) on 31-01-2012 at 10:08:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

192.168.2.4 NPIDA3D3C

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : CL-Laptop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter Physical Address. . . . . . . . . : 00-21-63-17-6C-E6Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC Physical Address. . . . . . . . . : 00-1E-33-48-8C-17 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Tuesday, January 31, 2012 7:26:05 AM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PMServer:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.113.147, 74.125.113.103, 74.125.113.105, 74.125.113.106
74.125.113.104, 74.125.113.99

Pinging google.com [74.125.115.104] with 32 bytes of data:Reply from 74.125.115.104: bytes=32 time=31ms TTL=50Reply from 74.125.115.104: bytes=32 time=29ms TTL=50Ping statistics for 74.125.115.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 31ms, Average = 30msServer:
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=168ms TTL=49Reply from 98.137.149.56: bytes=32 time=94ms TTL=49Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 94ms, Maximum = 168ms, Average = 131msServer:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 63 17 6c e6 ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
0x3 ...00 1e 33 48 8c 17 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.9 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.9 192.168.2.9 20
192.168.2.9 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.9 192.168.2.9 20
224.0.0.0 240.0.0.0 192.168.2.9 192.168.2.9 20
255.255.255.255 255.255.255.255 192.168.2.9 192.168.2.9 1
255.255.255.255 255.255.255.255 192.168.2.9 2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2012 00:38:02 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 00:37:10 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 00:24:16 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 00:23:41 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 11:02:27 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 11:01:48 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 04:43:56 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/29/2012 04:43:01 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/27/2012 03:12:14 PM) (Source: MsiInstaller) (User: Chris Laboon)Chris Laboon
Description: Product: Microsoft Office 2000 Small Business -- Error 1907. Could not register font . Verify that you have sufficient permissions to install fonts, and that the system supports this font.

Error: (01/17/2012 07:02:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


System errors:
=============
Error: (01/31/2012 10:02:52 AM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/31/2012 10:02:41 AM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/31/2012 08:11:42 AM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/31/2012 07:27:12 AM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/31/2012 07:24:25 AM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/30/2012 08:36:07 PM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/30/2012 08:30:33 PM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/30/2012 08:30:13 PM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/30/2012 07:16:10 PM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/30/2012 07:15:45 PM) (Source: DCOM) (User: Chris Laboon)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Acrobat.com (Version: 1.6.65)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 9 ActiveX (Version: 9.0.115.0)
Adobe Reader 9.1 (Version: 9.1.0)
AMD Processor Driver (Version: 1.3.2.0053)
Atheros Client Utility
Atheros Driver Installation Program (Version: 5.2)
ATI Catalyst Control Center (Version: 2.008.0122.1518)
ATI Display Driver (Version: 8.453-080122a-058302C-Toshiba)
AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)
Belkin Setup and Router Monitor
BufferChm (Version: 45.4.157.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Full Existing (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Full New (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Light (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Czech (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Danish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Dutch (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Finnish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization French (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization German (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Greek (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Hungarian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Italian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Japanese (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Korean (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Norwegian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Polish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Portuguese (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Russian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Spanish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Swedish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Thai (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Turkish (Version: 2008.0122.1519.27310)
ccc-core-preinstall (Version: 2008.0122.1519.27310)
ccc-core-static (Version: 2008.0122.1519.27310)
ccc-utility (Version: 2008.0122.1519.27310)
CCC Help Chinese Standard (Version: 2008.0122.1518.27310)
CCC Help Chinese Traditional (Version: 2008.0122.1518.27310)
CCC Help Czech (Version: 2008.0122.1518.27310)
CCC Help Danish (Version: 2008.0122.1518.27310)
CCC Help Dutch (Version: 2008.0122.1518.27310)
CCC Help English (Version: 2008.0122.1518.27310)
CCC Help Finnish (Version: 2008.0122.1518.27310)
CCC Help French (Version: 2008.0122.1518.27310)
CCC Help German (Version: 2008.0122.1518.27310)
CCC Help Greek (Version: 2008.0122.1518.27310)
CCC Help Hungarian (Version: 2008.0122.1518.27310)
CCC Help Italian (Version: 2008.0122.1518.27310)
CCC Help Japanese (Version: 2008.0122.1518.27310)
CCC Help Korean (Version: 2008.0122.1518.27310)
CCC Help Norwegian (Version: 2008.0122.1518.27310)
CCC Help Polish (Version: 2008.0122.1518.27310)
CCC Help Portuguese (Version: 2008.0122.1518.27310)
CCC Help Russian (Version: 2008.0122.1518.27310)
CCC Help Spanish (Version: 2008.0122.1518.27310)
CCC Help Swedish (Version: 2008.0122.1518.27310)
CCC Help Thai (Version: 2008.0122.1518.27310)
CCC Help Turkish (Version: 2008.0122.1518.27310)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CutePDF Writer 2.8
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
GearDrvs (Version: 1)
getPlus® for Adobe (Version: 1.5.2.35)
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Color LaserJet 2820/2830/2840 2.0 (Version: 2.0)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Software Update (Version: 3.0.2.991)
hpp2800usg (Version: 002.000.00004)
hppCLJ2800 (Version: 002.000.00004)
hppDustDevil (Version: 002.000.00004)
hppFaxDrv (Version: 002.000.00004)
hppFonts (Version: 002.000.00004)
hppIOFiles (Version: 002.000.00004)
hppManuals2800 (Version: 002.000.00004)
hppscan2800 (Version: 002.000.00004)
hppScanTo (Version: 002.000.00004)
hppSendFax (Version: 002.000.00004)
hppTooCool (Version: 002.000.00004)
HPSystemDiagnostics (Version: 1.6.0.0)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
InstantShare (Version: 45.4.157.000)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.568)
Jasc Paint Shop Pro Studio (Version: 1.00.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 3 (Version: 1.6.0.30)
LTCM Client
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2 (Version: 9.00.2720)
Microsoft Office 2000 Small Business (Version: 9.00.2720)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
OpenMG AAC Add-on Module 1.0.00 (Version: 1.0.00.04270)
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01 (Version: 4.5.01.04270)
PDF Manual NW-E000 Series (Version: 1.0)
PhotoGallery (Version: 45.4.157.000)
Picasa 2 (Version: 2.0)
QFolder (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5559)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
RFFlow
Samsung Master (Version: 1.1.14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
Scan (Version: 4.9.0.0)
Secure Online Account Numbers (Version: 2.0.2.0)
Secure Online Account Numbers (Version: 2.3.14.0)
Skins (Version: 2008.0122.1519.27310)
SkinsHP1 (Version: 45.4.157.000)
SonicStage 4.0 (Version: 4.0)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.08)
TOSHIBA Controls (Version: v3.32.4101)
TOSHIBA Direct Disc Writer (Version: 1.1.0.0a)
TOSHIBA Disc Creator (Version: 2.0.1.1a)
TOSHIBA Hotkey Utility (Version: 1.00.01)
TOSHIBA PC Diagnostic Tool (Version: 3.2.6)
TOSHIBA Power Saver (Version: 7.04.02.I)
TOSHIBA Recovery Disc Creator (Version: 1.0.0.6c)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01)
TOSHIBA Utilities (Version: 1.00.05)
TOSHIBA Zooming Utility (Version: 2.00.00.24c)
TrayApp (Version: 45.4.157.000)
TrueForms Online
TrueForms Online (Version: 4.5.1.37)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPoker 6

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 1917.55 MB
Available physical RAM: 1510.06 MB
Total Pagefile: 2280.81 MB
Available Pagefile: 2107.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.99 MB

========================= Partitions: =====================================

1 Drive c: (SQ004704P03) (Fixed) (Total:103.38 GB) (Free:59.85 GB) NTFS
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: (Cruzer) (Removable) (Total:7.47 GB) (Free:2.13 GB) FAT32

========================= Users: ========================================

User accounts for \\CL-LAPTOP

Administrator ASPNET Chris Laboon
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 31 January 2012 - 01:02 PM

The laptop is still sitting here in safemode, connected to the router/internet, hasn't rebooted since the first MBam scan reuired it.

Restart the PC into normal mode.Post the MBAM clean log in normal mode

Should I permanently delete the other 3 files that were in the directory of 2nibp8XEHfakKx.exe?

When you refer to a directory,do you refer to application data folder? what are the file names?

DOwnload

http://go.microsoft.com/?linkid=9668866

Run the fixit

Let me know how it went

#11 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 January 2012 - 02:43 PM

Hello narenxp,

I guess I'm showing my age, by directory(I think that was Dos!) I mean folder, and it is the Application Data folder. The Remove.bat you wrote and I ran removed one file (2nibp8XEHfakKx.exe) from there, but 3 other similarly named still exist. Their names are:

2nibp8XEHfakKx
~2nibp8XEHfakKx
2nibp8XEHfakKxr

I'll wait to hear back to proceed, in case I need to delete them in safe mode.
After scanning MBam in normal mode and running the fixit, do you think we're getting close?

Thanks again,
rpsupporter

#12 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 January 2012 - 08:37 PM

Hello narenxp,

I deleted the 3 files.
Rebooted in normal & ran MBam again, no problems. The log is below.
Ran the fixit with no problems, it appeared to work normally & it asked for (and got) a reboot.

All appears well.
Anything else to do?
rpsupporter

*******************************
MBam log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris Laboon :: CL-LAPTOP [administrator]

1/31/2012 6:30:23 PM
mbam-log-2012-01-31 (18-30-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280663
Time elapsed: 1 hour(s), 36 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 31 January 2012 - 10:08 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 01 February 2012 - 12:02 AM

Hello narenxp,

Almost, but I felt one more challenge for you would be about right!

I saved the TFC to the desktop and then, so that I could close everything out, I copied the shortcut for the restore point and attempted to paste it on my desktop and instead got this vertical rectangle on the left side of the screen that looks like part of windows explorer. The top section is "Folder Tasks" and has an expandable menu that contains 4 commands: Rename this item; Save this item; Copy this item; Delete this item.

Then there are 2 more sections with expandble menus, Other Places & Details.

I can't figure out how to get rid of it! Right clicking does nothing. Any clues? I looked at it in Explorer but see nothing like an icon for it. Searched through some menus but no luck.

Also, any preferences for security? I've tried a few, Norton & McAfee (long time ago - when both were processor hogs), Kasperky, and I think Micro but I have had good experiences with AVG free (don't mind paying if I have to). I'm thinking more for other users (like this laptop).

Lastly, I have used bleepingcomputer forums at least a few times and wondered if they have some sort of donation system in place? It would be more than fair.

I appreciate all the help, very smooth.
Thanks,
rpsupporter

#15 rpsupporter

rpsupporter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 01 February 2012 - 12:20 AM

Hello narenxp,

One more thing...after I got that panel on the leftside of the desktop, I can't open windows explorer, or access folders options or start/task bar through ccontrol panel.

Pretty funny.
Thanks,
rpsupporter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users