Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Overinfo And Some Misc. Stuff Lurking


  • Please log in to reply
1 reply to this topic

#1 Greg In Arizona

Greg In Arizona

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 08 May 2008 - 08:26 AM

I've cleaned my system with multiple passes
using both Spyware Search and Destory and a boot scan using Avast!

Both found / removed numerous entries and things are running much better, but I can tell there are still elements lurking.

I'm still getting occasional overinfo advertisements popping up, even though S&D claims to have removed it. There's no 'removal' option in my add / delete programs.

S&D fails to remove something called Wind32.Rbot, saying it's still in memory.

I get two nag boxes when I first boot up saying the following two programs can't be found: (fvfabdko.dll and xnxwshdb.dll)

Another box will occasionally pop up saying "Action cannot be completed because other program is busy . . . switch to or retry?"

Here's my Hijackthis log. Thanks in advance for your help. . . .

Deckard's System Scanner v20071014.68
Run by Dad on 2008-05-08 06:06:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-05-08 13:06:50 UTC - RP783 - Deckard's System Scanner Restore Point
5: 2008-05-08 07:10:40 UTC - RP782 - System Checkpoint
4: 2008-05-07 06:53:43 UTC - RP781 - System Checkpoint
3: 2008-05-06 05:50:25 UTC - RP780 - System Checkpoint
2: 2008-05-05 05:05:31 UTC - RP779 - System Checkpoint


-- First Restore Point --
1: 2008-05-05 04:19:42 UTC - RP778 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:23 AM, on 5/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINNT\winself.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\PROGRA~1\YMANTE~1\mshta.exe
C:\Documents and Settings\Dad\Application Data\F?nts\s?rvices.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=internetpln.eds.com:81;gopher=internetpln.eds.com:80;http=internetpln.eds.com:80;https=internetpln.eds.com:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eds.com;<local>
O1 - Hosts: 216.239.39.99 www.newsleecher.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49436718-B21B-410A-ABAF-077F70942E82} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {714ADB5E-4FCC-4A97-82D3-C0AE2523507D} - C:\WINNT\System32\qoMfdeFx.dll (file missing)
O2 - BHO: (no name) - {82D1AFDE-AA93-48CF-8041-E99FAD8E3B76} - (no file)
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar4.dll (file missing)
O2 - BHO: (no name) - {FF6CD2DB-BEC5-4962-8BA0-80F5D36AC96B} - C:\WINNT\System32\pmnljGaX.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar4.dll (file missing)
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINNT\System32\lsasss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [a442ede1] rundll32.exe "C:\WINNT\System32\xnxwshdb.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMa771de7d] Rundll32.exe "C:\WINNT\System32\fvfabdko.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\YMANTE~1\mshta.exe" -vt yazb
O4 - HKCU\..\Run: [Iarzrcjf] "C:\Documents and Settings\Dad\Application Data\F?nts\s?rvices.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINNT\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINNT\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WD Anywhere Backup Launcher.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: WD Anywhere Backup Launcher.lnk = ? (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://collaboration.coe.eds.com/eRoomSetup/client.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_myweb...bex/ieatgpc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\winself.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 13742 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\winnt\system32\drivers\bantext.sys
R1 DVDVRRdr_xp - c:\winnt\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 axsaki - c:\winnt\system32\drivers\axsaki.sys
R3 axskbus - c:\winnt\system32\drivers\axskbus.sys

S3 C-Dilla - c:\winnt\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 DCamUSBSvis (Sound Vision Stream Driver) - c:\winnt\system32\drivers\svstream.sys <Not Verified; Sound Vision Inc.; Sound Vision Stream Class Minidriver>
S3 iscFlash - c:\winnt\system32\drivers\iscflash.sys (file missing)
S3 ossrv (Creative OS Services Driver) - c:\winnt\system32\drivers\ctoss2k.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\winnt\system32\drivers\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)
S3 pfc (PADUS ASPI SHELL) - c:\winnt\system32\drivers\pfc.sys (file missing)
S3 WWASHER - c:\program files\webwasher\wwasher.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaSrv - c:\winnt\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winnt\winself.exe service
R2 WDBtnMgrSvc.exe (WD Drive Manager Service) - "c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" <Not Verified; WDC; WD Drive Manager>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_AXV&PROD_CD/DVD-ROM&REV_2.2A\2&2B0EBB52&0&000
Manufacturer: (Standard CD-ROM drives)
Name: AXV CD/DVD-ROM SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_AXV&PROD_CD/DVD-ROM&REV_2.2A\2&2B0EBB52&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 21:38:02 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 06:13:08 0 d-------- C:\Program Files\Trend Micro
2008-05-05 19:33:13 0 d-------- C:\WINNT\?ystem32
2008-05-05 07:00:43 0 d-------- C:\Program Files\Alwil Software
2008-05-05 06:54:31 406761 --ahs---- C:\WINNT\System32\xFedfMoq.ini2
2008-05-04 18:29:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 17:55:04 0 d-------- C:\Program Files\JavaCore
2008-05-04 17:50:15 0 d-------- C:\Program Files\Spcron
2008-05-04 17:44:58 0 d-------- C:\Program Files\Svconr
2008-05-04 17:44:56 0 d-------- C:\Program Files\Temporary
2008-05-04 17:44:51 0 d-------- C:\Program Files\RcvSystem
2008-05-04 17:41:00 1695 --a------ C:\WINNT\System32\clbinit.dll
2008-05-04 14:06:07 0 d-------- C:\Program Files\Spyware Doctor
2008-05-03 22:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-03 16:34:45 4173824 --a------ C:\Documents and Settings\Mom\ntuser.dat
2008-05-03 16:34:36 684032 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-05-03 16:34:36 7077888 --a------ C:\Documents and Settings\Dad\ntuser.dat
2008-05-03 16:32:00 545392 --ahs---- C:\WINNT\System32\XaGjlnmp.ini2
2008-05-03 16:28:15 0 d-------- C:\Program Files\Outerinfo
2008-05-03 16:28:13 0 d-------- C:\Documents and Settings\Dad\Application Data\F?nts
2008-05-03 16:27:25 0 d-------- C:\Program Files\?ymantec
2008-05-03 16:27:08 0 d-------- C:\Program Files\QdrPack
2008-05-03 16:26:45 0 d-------- C:\Program Files\QdrModule
2008-05-03 16:26:44 0 d-------- C:\Program Files\QdrDrive
2008-05-03 16:26:43 0 d-------- C:\Program Files\ISM
2008-05-03 16:26:39 6656 --a------ C:\WINNT\System32\drivers\clbdriver.sys
2008-05-03 16:26:38 35328 --a------ C:\WINNT\System32\clbdll.dll
2008-05-03 16:26:22 20992 --a------ C:\WINNT\winself.exe
2008-05-03 09:48:00 270709 --a------ C:\WINNT\System32\000060.exe
2008-05-02 12:45:08 229518 --a------ C:\WINNT\System32\000090.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-05 19:33:14 0 d-------- C:\Documents and Settings\Dad\Application Data\F?nts
2008-05-05 06:41:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-05 06:41:42 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-05 06:30:04 0 d-------- C:\Program Files\Symantec
2008-05-05 06:24:59 0 d-a------ C:\Program Files\Common Files
2008-05-04 17:36:05 0 d-------- C:\Documents and Settings\Dad\Application Data\MSN6
2008-05-04 00:00:26 0 d-------- C:\Program Files\Greetings Workshop
2008-05-03 22:52:53 0 d-------- C:\Program Files\Lavasoft
2008-05-03 16:27:26 0 d-------- C:\Program Files\?ymantec
2008-04-20 20:02:45 7235 --a------ C:\WINNT\mozver.dat
2008-04-14 21:33:05 0 d-------- C:\Documents and Settings\Dad\Application Data\Intuit
2008-03-08 15:58:50 0 d-------- C:\Program Files\Western Digital Technologies
2008-03-08 15:54:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-08 15:53:55 0 d-------- C:\Program Files\Common Files\eSellerate
2008-03-08 15:53:46 0 d-------- C:\Program Files\WD
2008-03-08 15:50:59 0 d-------- C:\Program Files\Western Digital


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49436718-B21B-410A-ABAF-077F70942E82}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{714ADB5E-4FCC-4A97-82D3-C0AE2523507D}]
C:\WINNT\System32\qoMfdeFx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82D1AFDE-AA93-48CF-8041-E99FAD8E3B76}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
04/03/2008 01:05 PM 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6CD2DB-BEC5-4962-8BA0-80F5D36AC96B}]
C:\WINNT\System32\pmnljGaX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [01/03/2001 12:50 PM C:\WINNT\system32\SK9910DM.EXE]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [03/09/2006 03:29 PM]
"nwiz"="nwiz.exe" [03/09/2006 03:29 PM C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [03/09/2006 03:29 PM]
"Lexmark_X79-55"="C:\WINNT\System32\lsasss.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [01/30/2008 04:50 AM]
"a442ede1"="C:\WINNT\System32\xnxwshdb.dll" []
"KernelFaultCheck"="C:\WINNT\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM]
"BMa771de7d"="C:\WINNT\System32\fvfabdko.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\System32\ctfmon.exe" [08/29/2002 03:41 AM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [04/25/2008 11:23 AM]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [04/25/2008 11:33 AM]
"Ltho"="C:\PROGRA~1\YMANTE~1\mshta.exe" [05/03/2008 04:27 PM]
"Iarzrcjf"="C:\Documents and Settings\Dad\Application Data\F?nts\s?rvices.exe" [04/11/2008 10:52 AM]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [05/04/2008 05:44 PM]
"JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"!CleanupNetMeetingDispDriver"="C:\WINNT\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]
PowerReg Scheduler.exe [5/25/2003 6:57:25 PM]
WD Anywhere Backup Launcher.lnk - C:\Documents and Settings\Dad\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [3/8/2008 3:54:07 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/11/2004 12:39:35 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
VPN Client.lnk - C:\WINNT\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2/10/2006 9:04:13 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\System32\qoMfdeFx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

216.239.39.99 www.newsleecher.com


-- End of Deckard's System Scanner: finished at 2008-05-08 06:14:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1800MHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 511.3 MiB / 133.71 MiB
Pagefile Memory (total/avail): 865.55 MiB / 509.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 22.94 GiB free.
D: is Fixed (NTFS) - 189.92 GiB total, 2.16 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 172.55 GiB total, 15.91 GiB free.
G: is CDROM (No Media)
H: is Fixed (FAT32) - 465.65 GiB total, 447.46 GiB free.

\\.\PHYSICALDRIVE1 - IC35L180AVV207-1 - 172.56 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 172.55 GiB - F:

\\.\PHYSICALDRIVE2 - Maxtor 6L200R0 - 189.92 GiB - 1 partition
\PARTITION0 - Installable File System - 189.92 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800BB-53CCB0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE3 - WD My Book IEEE 1394 SBP2 Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dad\Application Data
CLASSPATH=.;C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CX1218363-A
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
LOGONSERVER=\\CX1218363-A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;MGISHAREDDIR;C:\ATF;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=000a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
USERDOMAIN=CX1218363-A
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Dad (admin)
Mom (admin)
Whitney
Rachel
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SBLiveXP.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
--> C:\WINNT\IsUninst.exe -fC:\WINNT\System32\Uninst.isu
--> C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINNT\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINNT\UNNeroShowTime.exe /UNINSTALL
--> C:\WINNT\UNNeroVision.exe /UNINSTALL
--> C:\WINNT\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINNT\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Album Creator --> C:\Program Files\FirmTools\Album Creator\uninstall.exe
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
American Greetings® Art & More Store --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BroadJump Client Foundation --> C:\WINNT\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
Calendar Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}\setup.exe" -l0x9 anything
Canon S600 --> C:\WINNT\System32\CNMCP2V.EXE -@C:\WINNT\IsUninst.exe -f"C:\BJPrinter\CNMWINNT\Canon S600 Installer\Inst\DeIsL1.isu" -pCanon S600-c"C:\BJPrinter\CNMWINNT\Canon S600 Installer\Inst\bjinst.dll
Cinema Craft Encoder SP Version 2.50 --> C:\PROGRA~1\CUSTOM~1\CINEMA~1\cctsp.exe -uninstall
Cisco Systems VPN Client 4.0.5 (D) --> MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
Click'N Design 3D (V4.78) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Commandos 2: Men of Courage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Cut & Copy for Computer CD Clip Art --> C:\DJInkers\DJUninst.EXE C:\DJInkers\INSTALL.LOG
dBpowerAMP FLAC Codec --> "C:\WINNT\System32\SpoonUninstall.exe" <uninstall>C:\WINNT\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
dBpowerAMP Music Converter --> "C:\WINNT\System32\SpoonUninstall.exe" <uninstall>C:\WINNT\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
Draw Cartoons Today! --> "C:\Program Files\Draw Cartoons Today!\unins000.exe"
DreamStation DXi2 --> C:\WINNT\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD-CLONER V4.20 Build 917 --> "C:\Program Files\Dvd-cloner\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Rebuilder --> "C:\Program Files\DVD-RB PRO\unins000.exe"
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe"
EAX Unified --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EDS EIM --> "C:\Program Files\Jabber\Messenger\setup.exe" /c:"setup.exe /u"
eRoom 7 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\eRoom 7\Uninst.isu" -c"C:\Program Files\eRoom 7\eRClientUninstall.dll"
EZface ActiveX 88 --> C:\Program Files\EZFace\ActiveX\uninst.bat 88 C:\Program Files\EZFace\ActiveX
Flash Decompiler --> "C:\Program Files\Flash Decompiler\unins000.exe"
Flash Saving Plugin --> "C:\Program Files\UnH Solutions\Flash Saving Plugin\uninstall.exe"
Flashation Menu Builder --> "C:\Program Files\Flashation Menu Builder\unins000.exe"
FoneSync --> C:\WINNT\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
FTP Voyager --> C:\WINNT\IsUninst.exe -f"C:\Program Files\RhinoSoft.com\FTP Voyager\Uninst.isu" -c"C:\Program Files\RhinoSoft.com\FTP Voyager\FVUninstall.dll"
Gateway Download Assistant --> MsiExec.exe /I{A2A73632-BBAA-43EB-A337-ADF43F905A1C}
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\winnt\downloaded program files\googletoolbar4.dll"
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
greenstreet Font Manager --> C:\WINNT\IsUninst.exe -f"C:\Program Files\greenstreet\UnFont.isu"
Greetings Workshop --> C:\Program Files\Greetings Workshop\SETUP\setup.exe
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
Handy Recovery 1.0 --> C:\PROGRA~1\SOFTLO~1\HANDYR~1.0\UNWISE.EXE C:\PROGRA~1\SOFTLO~1\HANDYR~1.0\INSTALL.LOG
Home Studio 2004 --> C:\PROGRA~1\Cakewalk\HOMEST~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\HOMEST~1\INSTALL.LOG
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\HUFFYUV.INF
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iPod for Windows 2005-01-11 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3476E8FA-00F1-48AF-8771-236C84FC7CB8} /l1033
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Updater 2004-08-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
K-Lite Codec Pack 2.50 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kazaa Lite v2.4.0 [K++ Edition] --> "C:\Program Files\Kazaa Lite\unins000.exe"
Keynote Connector --> C:\WINNT\DOWNLO~1\CONNEC~1.EXE /Uninstall
Kimmunicator Screen Saver --> MsiExec.exe /X{490FF89D-33BD-4E88-A710-7CAE90D523D9}
ListZapper --> c:\PROGRA~1\zapper\LISTZA~1.EXE /uninstall
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
MAGIX audio cleaning lab 10 --> C:\MAGIX\aclab10\instslct.exe
MAGIX Media Manager 2004 silver --> C:\MAGIX\Media_Manager_2004\instslct.exe
MaxBlast 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Meeting Service Player --> C:\WINNT\DOWNLO~1\atcliun.exe
MGI PhotoSuite --> MsiExec.exe /I{A11BF78C-D690-4663-8491-3101BC9ED243}
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2001 --> MsiExec.exe /I{01001202-5D65-445A-B3B4-3DCE72BA0C6C}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{DF930075-1C01-45CA-B023-993BF4118096}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Add-in for Windows Messenger --> rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NAIC Investor's Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A42BEC4-1E85-4CEC-BBF6-07E4523DE872}\setup.exe"
Nero 7 Premium --> MsiExec.exe /I{F9469799-696F-427D-B314-79E7AA681033}
NewsLeecher --> "C:\Program Files\NewsLeecher\uninstall.exe"
NVIDIA Drivers --> C:\WINNT\System32\nvudisp.exe UninstallGUI
OLYMPUS CAMEDIA Master 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
Ordix Mpack LE 1.0 --> "C:\Program Files\Ordix\Mpack LE\unins000.exe"
Outlook Express Q823353 --> C:\WINNT\oeuninst.exe C:\WINNT\INF\Q823353.inf
PaperPort 7.02 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PC-Doctor for Windows --> C:\WINNT\UNWISE32.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PC HugWare Fun Fonts --> C:\HugWare\UNWISE.EXE C:\HugWare\INSTALL.LOG
PerformanceTest v4.0 --> "C:\Program Files\PerformanceTest\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PM FASTrack --> "C:\Program Files\PM FASTrack\uninstall.exe" C:\PROGRA~1\PMFAST~1\install.log
Print Workshop Heartfelt Greetings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEAA4AF0-3783-11D7-AD8E-0050DA87D0EB}\SETUP.EXE" -l0x9
PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
PS-Utility --> C:\WINNT\uninst.exe -f"C:\Program Files\PS Utility\DeIsL1.isu"
PS/2 Millennium Keyboard --> skuninst.exe SK_PS2MillenniumKeyboard
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Serif DrawPlus 3.0 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\INSTALL.LOG
Simply COOL FTP! --> C:\WINNT\st6unst.exe -n "C:\Program Files\Simply COOL FTP\ST6UNST.LOG"
Sound Blaster Live! Value --> C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINNT\scunin.exe C:\WINNT\scunin.dat
Studio 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c
Super GameHouse Solitaire --> C:\PROGRA~1\GAMEHO~1\SOLITA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SOLITA~1\INSTALL.LOG
SureThing CD Labeler - Stomper Edition 32 bit --> C:\WINNT\MVUNINST\App1\unwise.exe C:\WINNT\MVUNINST\APP1\INSTALL.LOG "SureThing CD Labeler - Stomper Edition Uninstall"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
SWiSHmax --> C:\WINNT\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Teach Me Piano Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80F6C967-CCE7-4AE3-9244-481187928E18}\setup.exe"
The Font Factory --> C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\INSTALL.LOG
TurboTax 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Ulead DVD MovieFactory 3 Disc Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}\setup.exe" -l0x9
Ulead VideoStudio 7 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\SETUP.EXE" -l0x9
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
WD Anywhere Backup --> C:\Program Files\InstallShield Installation Information\{B9A81070-616D-4E93-BE02-CEE651343204}\setup.exe -runfromtemp -l0x0409
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86) --> MsiExec.exe /X{51B833D8-66B0-4E72-92B9-4E4977EF37F2}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 1a --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll


-- Application Event Log -------------------------------------------------------

Event Record #/Type27940 / Error
Event Submitted/Written: 05/07/2008 06:21:48 AM
Event ID/Source: 2002 / Perflib
Event Description:
The open procedure for service ".NET CLR Data" in DLL "C:\WINNT\System32\netfxperf.dll" has taken longer than
the established wait time to complete. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Event Record #/Type27668 / Error
Event Submitted/Written: 05/06/2008 01:47:31 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type27651 / Error
Event Submitted/Written: 05/06/2008 00:26:23 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type27642 / Error
Event Submitted/Written: 05/05/2008 11:45:13 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type27623 / Error
Event Submitted/Written: 05/05/2008 07:28:07 PM
Event ID/Source: 2002 / Perflib
Event Description:
The open procedure for service ".NET CLR Data" in DLL "C:\WINNT\System32\netfxperf.dll" has taken longer than
the established wait time to complete. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type504808 / Error
Event Submitted/Written: 05/08/2008 06:11:07 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type504807 / Error
Event Submitted/Written: 05/08/2008 06:11:07 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type504806 / Error
Event Submitted/Written: 05/08/2008 06:11:07 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type504805 / Error
Event Submitted/Written: 05/08/2008 06:11:07 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type504804 / Error
Event Submitted/Written: 05/08/2008 06:11:07 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding



-- End of Deckard's System Scanner: finished at 2008-05-08 06:14:23 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:23 AM

Posted 10 May 2008 - 05:13 PM

Hello Greg In Arizona and welcome to BC. Let's see what else we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users