Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Malware Virtumonde I Think


  • This topic is locked This topic is locked
5 replies to this topic

#1 JohnRinFL

JohnRinFL

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 15 May 2008 - 06:35 AM

A couple of weeks ago I noticed some garbage happening on my computer that kept getting worse and after reading this and some other forums I tried some things that seemed to kill my infection (spy sweeper and combofix) - put apparently it's back.

Summary of system: WinXP (Home) service pack 2, running spysweeper (recently installed) windows defender and mcafee antivirus/firewall (though I think the license is expired).

Summary of current problems: cannot run windows update, cannot go to certain websites (this one, kaspersky, windows update, mcafee, any reputable internet security site, and some others I think are random - bank of america, american express) and while running internet explorer i get pop-ups "you are infected, click OK for a free scan", I cannot manually load any updates from microsoft's site and sometimes internet explorer crashes on me completely (C++ overrun or something like that).

I went through the 'before you post instructions' and here are the main and extra txt files

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-14 18:37:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-05-14 22:37:19 UTC - RP2224 - Deckard's System Scanner Restore Point
64: 2008-05-14 22:14:03 UTC - RP2223 - Windows Defender Checkpoint
63: 2008-05-13 23:37:38 UTC - RP2222 - Windows Defender Checkpoint
62: 2008-05-13 23:05:44 UTC - RP2221 - Software Distribution Service 3.0
61: 2008-05-13 23:05:00 UTC - RP2220 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-04-18 22:10:28 UTC - RP2160 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:58 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Caradas Smart Card Update\SmartCardUpdate.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dovetail\dovetail.exe
C:\WINNT\system32\javaw.exe
C:\WINNT\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\winself.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CF88424F-9B6F-4DE8-B408-E32F932A6F91} - C:\WINNT\system32\efcAPIBs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Speed racer] "C:\Program Files\Creative\PlayCenter\CTSRReg.exe"
O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SmartCardUpdate] "C:\Program Files\Caradas Smart Card Update\SmartCardUpdate.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BMb72c9a1b] Rundll32.exe "C:\WINNT\system32\meltlbnm.dll",s
O4 - HKCU\..\Run: [SFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Start Dovetail.lnk = C:\Program Files\Dovetail\dovetail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/...GamesLoader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casin...sic/FlashAX.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...7207/MILive.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\winself.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINNT\system32\nsysrunex.exe (file missing)
O23 - Service: svchost - Unknown owner - C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\svchost.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12408 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\winnt\system32\drivers\cinemsup.sys <Not Verified; Divicore Inc.; Software CineMaster NT 4/Win2K>
R1 MPFIREWL - c:\winnt\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 FTDIBUS (USB Serial Converter Driver) - c:\winnt\system32\drivers\ftdibus.sys (file missing)
S3 FTSER2K (USB Serial Port Driver) - c:\winnt\system32\drivers\ftser2k.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\winnt\system32\drivers\stmp3rec.sys <Not Verified; Microsoft Corporation; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winnt\winself.exe service

S2 PlugPlayRPC (Plug and Play (RPC)) - c:\winnt\system32\nsysrunex.exe service (file missing)
S2 svchost - c:\recycler\s-1-5-21-606747145-1085031214-725345543-500\svchost.exe
S3 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 18:06:18 256 --a------ C:\WINNT\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-14 17:39:21 330 --ah----- C:\WINNT\Tasks\MP Scheduled Scan.job
2008-05-14 17:35:56 414 --a------ C:\WINNT\Tasks\McAfee.com Scan for Viruses - My Computer (RINER-Owner).job
2008-05-12 17:53:12 1512 --a------ C:\WINNT\Tasks\wrSpySweeperTrialSweep.job
2008-05-10 03:22:16 252 --a------ C:\WINNT\Tasks\Disk Cleanup.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 18:23:51 92224 --a------ C:\WINNT\system32\jlolqnkh.dll
2008-05-14 18:17:51 2112 --a------ C:\WINNT\system32\qjlvrmhw.exe
2008-05-14 18:14:51 101440 --a------ C:\WINNT\system32\gdtaulsh.dll
2008-05-14 18:11:52 96832 --a------ C:\WINNT\system32\meltlbnm.dll
2008-05-14 18:08:56 3648 --a------ C:\WINNT\system32\lcgfucrv.dll
2008-05-13 22:07:53 0 d-------- C:\Program Files\Trend Micro
2008-05-13 18:41:48 0 d-------- C:\VundoFix Backups
2008-05-13 18:25:00 100928 --a------ C:\WINNT\system32\ylyxuqoh.dll
2008-05-13 18:22:00 90688 --a------ C:\WINNT\system32\yqpiavmu.dll
2008-05-13 18:15:45 2112 --a------ C:\WINNT\system32\utycewug.exe
2008-05-13 18:09:45 100928 --a------ C:\WINNT\system32\xxxpejynfii.dll
2008-05-13 18:07:48 3648 --a------ C:\WINNT\system32\fchfmwfd.dll
2008-05-12 20:11:52 294 ---hs---- C:\WINNT\system32\rexrbbfb.ini2
2008-05-12 17:56:24 101440 --a------ C:\WINNT\system32\xxmfsduq.dll
2008-05-12 17:53:24 90688 --a------ C:\WINNT\system32\bfbbrxer.dll
2008-05-12 17:51:25 2112 --a------ C:\WINNT\system32\qkisojxo.exe
2008-05-12 15:12:02 3648 --a------ C:\WINNT\system32\ybrocppq.dll
2008-05-12 15:11:41 100416 --a------ C:\WINNT\system32\kjryasvy.dll
2008-05-12 15:08:43 90688 --a------ C:\WINNT\system32\uejjpsfq.dll
2008-05-12 15:07:44 100416 --a------ C:\WINNT\system32\isarcuxq.dll
2008-05-11 11:47:17 2112 --a------ C:\WINNT\system32\hstxontt.exe
2008-05-11 11:44:52 101952 --a------ C:\WINNT\system32\gihhccrk.dll
2008-05-11 11:41:32 91712 --a------ C:\WINNT\system32\nkulitgd.dll
2008-05-11 11:41:10 98368 --a------ C:\WINNT\system32\kefwiaqx.dll
2008-05-10 13:43:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-10 13:43:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-10 13:43:58 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-10 13:43:58 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-10 13:43:58 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-10 13:43:58 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-10 13:43:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-10 13:43:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-10 13:43:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-10 11:55:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-05-10 11:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-10 11:42:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-10 11:42:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-10 11:42:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-10 11:42:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-10 11:42:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-10 11:42:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-10 11:42:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-10 11:42:53 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-10 11:37:36 0 d-------- C:\WINNT\pss
2008-05-09 17:01:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-09 11:46:57 2112 --a------ C:\WINNT\system32\ooxyuivn.exe
2008-05-09 11:43:57 93248 --a------ C:\WINNT\system32\hlwxyimf.dll
2008-05-09 11:40:57 102976 --a------ C:\WINNT\system32\cdoatqmn.dll
2008-05-09 11:38:44 98368 --a------ C:\WINNT\system32\poihfdew.dll
2008-05-08 11:42:06 2112 --a------ C:\WINNT\system32\onynanqr.exe
2008-05-08 11:39:06 97856 --a------ C:\WINNT\system32\kwrwbmlh.dll
2008-05-08 11:36:09 106048 --a------ C:\WINNT\system32\wymvngjn.dll
2008-05-08 11:34:19 105024 --a------ C:\WINNT\system32\tnjjosln.dll
2008-05-07 07:26:39 106560 --a------ C:\WINNT\system32\yoestviq.dll
2008-05-07 07:24:20 2112 --a------ C:\WINNT\system32\osxynvbb.exe
2008-05-07 07:20:01 96832 --a------ C:\WINNT\system32\kdgvpfjn.dll
2008-05-07 07:17:29 105024 --a------ C:\WINNT\system32\vsbhhmnb.dll
2008-05-06 20:12:09 36648 --a------ C:\WINNT\hosts
2008-05-06 17:57:24 0 d-------- C:\Program Files\Webroot
2008-05-06 17:57:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-05-06 17:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-06 17:56:42 164 --a------ C:\install.dat
2008-05-06 07:19:52 95808 --a------ C:\WINNT\system32\lxmnkbtk.dll
2008-05-06 07:17:29 105536 --a------ C:\WINNT\system32\kyshvoyi.dll
2008-05-06 06:18:24 95808 --a------ C:\WINNT\system32\ehambxdb.dll
2008-05-06 06:15:31 105536 --a------ C:\WINNT\system32\dilhybio.dll
2008-05-05 06:15:15 96832 --a------ C:\WINNT\system32\wavbchcu.dll
2008-05-05 06:14:16 107584 --a------ C:\WINNT\system32\wymxrrsn.dll
2008-05-05 06:14:07 104000 --a------ C:\WINNT\system32\kxlnkmob.dll
2008-05-04 09:35:52 1203739 --ahs---- C:\WINNT\system32\sBIPAcfe.ini2
2008-05-04 09:35:48 281088 --a------ C:\WINNT\system32\efcAPIBs.dll
2008-05-04 09:31:56 0 d-------- C:\Program Files\?ymantec
2008-05-04 09:31:45 0 d-------- C:\Program Files\?ppPatch
2008-05-04 09:30:38 20992 --a------ C:\WINNT\winself.exe
2008-05-03 12:49:46 8780 --a------ C:\WINNT\system32\000080.exe
2008-05-03 12:48:00 270709 --a------ C:\WINNT\system32\000060.exe
2008-05-02 16:45:04 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-02 15:45:08 229518 --a------ C:\WINNT\system32\000090.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-11 17:19:10 0 d-------- C:\Program Files\Absolute Poker
2008-05-11 15:37:02 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-10 13:43:39 0 d-------- C:\Program Files\PassAlong
2008-05-07 20:48:57 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-06 20:01:42 0 d-------- C:\Program Files\Common Files
2008-05-05 17:11:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-05-04 09:32:39 0 d-------- C:\Program Files\?ymantec
2008-05-04 09:31:45 0 d-------- C:\Program Files\?ppPatch
2008-04-26 20:27:31 0 d-------- C:\Program Files\InterCasino $$$
2008-04-10 11:46:16 0 d-------- C:\Program Files\Common Files\Motive
2008-04-02 14:43:22 0 d-------- C:\Program Files\DeductionPro 2007
2008-03-28 17:56:33 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-03-23 11:34:46 0 d-------- C:\Program Files\Java
2008-03-17 18:47:48 0 d-------- C:\Program Files\OmegaDarts CorkIt!
2008-03-16 20:12:44 0 d-------- C:\Program Files\stc
2008-03-16 20:12:43 21248 --a------ C:\WINNT\voiceip.dll
2008-03-16 20:12:43 12800 --a------ C:\WINNT\swin32.dll
2008-03-16 20:12:43 21248 --a------ C:\WINNT\mssvr.exe
2008-03-16 20:12:43 18432 --a------ C:\WINNT\cdsm32.dll
2008-03-16 20:12:43 15616 --a------ C:\WINNT\bokja.exe
2008-03-16 20:12:42 29952 --a------ C:\WINNT\mspphe.dll
2008-03-16 20:12:41 29184 --a------ C:\WINNT\2020search2.dll
2008-03-16 20:12:41 18432 --a------ C:\WINNT\2020search.dll
2008-03-16 20:12:39 31744 --a------ C:\WINNT\system32\WER8274.DLL
2008-03-16 20:12:39 21504 --a------ C:\WINNT\system32\MSIXU.DLL
2008-03-16 20:12:38 31744 --a------ C:\WINNT\salm.exe
2008-03-16 20:12:38 16896 --a------ C:\WINNT\180ax.exe
2008-03-16 20:12:37 18688 --a------ C:\WINNT\updatetc.exe
2008-03-16 20:12:36 30976 --a------ C:\WINNT\saiemod.dll
2008-03-16 20:12:35 30464 --a------ C:\WINNT\system32\MSNSA32.dll
2008-03-16 20:12:34 29184 --a------ C:\WINNT\msapasrc.dll
2008-03-16 20:12:33 23808 --a------ C:\WINNT\msa64chk.dll
2008-03-16 20:12:32 13824 --a------ C:\WINNT\system32\SIPSPI32.dll
2008-03-16 20:12:32 30976 --a------ C:\WINNT\system32\shdocpe.dll
2008-03-16 20:12:31 32512 --a------ C:\WINNT\system32\ntnut32.exe
2008-03-16 20:12:31 15104 --a------ C:\WINNT\shdocpl.dll
2008-03-16 20:12:31 31232 --a------ C:\WINNT\ntnut.exe
2008-03-16 20:12:30 9216 --a------ C:\WINNT\winsb.dll
2008-03-16 20:12:30 14336 --a------ C:\WINNT\shdocpe.dll
2008-03-16 20:12:30 21248 --a------ C:\WINNT\browserad.dll
2008-03-16 20:12:30 0 d-------- C:\Program Files\Sysmnt
2008-03-16 20:12:29 28672 --a------ C:\WINNT\aviwrap32.dll
2008-03-16 20:12:29 9216 --a------ C:\WINNT\avisynthex32.dll
2008-03-16 20:12:29 14336 --a------ C:\WINNT\avifile32.dll
2008-03-16 20:12:29 12032 --a------ C:\WINNT\autodisc32.dll
2008-03-16 20:12:29 8704 --a------ C:\WINNT\audiosrv32.dll
2008-03-16 20:12:29 22784 --a------ C:\WINNT\ati2dvag32.dll
2008-03-16 20:12:29 27648 --a------ C:\WINNT\ati2dvaa32.dll
2008-03-16 20:12:28 24064 --a------ C:\WINNT\changeurl_30.dll
2008-03-16 20:12:28 21504 --a------ C:\WINNT\athprxy32.dll
2008-03-16 20:12:28 18688 --a------ C:\WINNT\asycfilt32.dll
2008-03-16 20:12:28 17152 --a------ C:\WINNT\asferror32.dll
2008-03-16 20:12:28 12544 --a------ C:\WINNT\apphelp32.dll
2008-03-16 19:57:27 4 --a------ C:\WINNT\system32\winfrun32.bin
2008-03-14 12:24:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Snapfish
2008-03-02 15:14:58 249856 --a------ C:\WINNT\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-02 15:14:58 51716 --a------ C:\WINNT\system32\pdf995mon.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF88424F-9B6F-4DE8-B408-E32F932A6F91}]
05/04/2008 09:35 AM 281088 --a------ C:\WINNT\system32\efcAPIBs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [01/03/2001 03:50 PM C:\WINNT\system32\SK9910DM.EXE]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 03:56 AM C:\WINNT\system32\rundll32.exe]
"GWMDMMSG"="GWMDMMSG.exe" [03/06/2002 11:08 AM C:\WINNT\GWMDMMSG.exe]
"Speed racer"="C:\Program Files\Creative\PlayCenter\CTSRReg.exe" [11/16/1999 02:00 AM]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [08/17/2001 02:52 PM]
"UpdReg"="C:\WINNT\Updreg.exe" [11/12/1999 02:00 AM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [01/23/2002 10:20 AM]
"SmartCardUpdate"="C:\Program Files\Caradas Smart Card Update\SmartCardUpdate.exe" [06/10/2003 12:44 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 01:05 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [03/02/2005 07:19 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [03/18/2005 08:28 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [04/05/2005 02:41 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" [01/28/2007 12:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2007 07:34 PM]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [10/30/2006 12:00 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]
"BMb72c9a1b"="C:\WINNT\system32\meltlbnm.dll" [05/14/2008 06:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [09/05/2003 04:30 PM]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/21/2007 09:32 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\efcAPIBs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"C:\WINNT\system32\winupdate.exe"




-- End of Deckard's System Scanner: finished at 2008-05-14 18:42:14 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 510.8 MiB / 100.08 MiB
Pagefile Memory (total/avail): 1248.48 MiB / 824.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 45.56 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD800BB-53CAA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - JUNGSOFT NEXDISK USB Device - 54.91 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 62.33 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RINER
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\RINER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=RINER
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SBLiveXP.isu"
--> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Arcade95 --> C:\WINNT\uninst.exe -f"C:\Program Files\Elpin Systems\Arcade95\DeIsL1.isu"
Bally Slots --> C:\BallySlots\uninstall.exe "Bally Slots.ilg"
Bally Slots - Green Stamps --> C:\Program Files\Masque\BallyOnline\Green Stamps\uninstall.exe "Bally Slots - Green Stamps.ilg"
Bally Slots - HotShot --> C:\Program Files\Masque\BallyOnline\uninstall.exe "Bally Slots - HotShot.ilg"
BellSouth Application Management --> C:\WINNT\Motive\BellSouth\UninstallAppManagement.exe
BellSouth Internet Security - Alert Manager 1.5.11 --> "C:\Program Files\BellSouth\AM\unins000.exe"
BellSouth® FastAccess® DSL Help Center 4.0 --> "C:\Program Files\Bellsouth\HelpCenter\unins000.exe"
Blackjack Counter - Speed Count Limited --> "C:\Program Files\BJ Counter - Ltd. Speed Count\unins000.exe"
Consumer Input Software (remove only) --> "C:\Program Files\Consumer Input\uninstall.exe"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative PlayCenter --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
Creative Recorder --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
Crystal Ball Pro 4.0 --> C:\WINNT\IsUninst.exe -f"c:\program files\microsoft office\office10\CB\Uninst.isu"
DeductionPro 2007 --> "C:\Program Files\InstallShield Installation Information\{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}\setup.exe" -runfromtemp -l0x0009 -removeonly
Diablo II --> C:\WINNT\DIIUnin.exe C:\WINNT\DIIUnin.dat
DivX Codec --> C:\WINNT\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
DivX Player --> C:\WINNT\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
Do More - Home --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
Dovetail --> "C:\Program Files\Dovetail\Uninstall_Dovetail\Uninstall Dovetail.exe"
DVDPlay --> C:\WINNT\IsUninst.exe -fC:\DVDPlay\Uninst.isu
Easy CD Creator 5 Platinum --> MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Full Tilt Poker.Net --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hoyle Casino 2003 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F5FA055-84C1-459B-B0B6-D48D210AE50A}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterCasino $$$ --> C:\WINNT\system32\UnCasino5.exe InterCasinoV8
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 2000 --> MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft Picture It! Express 9 --> C:\WINNT\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINNT\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MUSICMATCH Jukebox --> C:\WINNT\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Network Play System (Patching) --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
OmegaDarts CorkIt! --> C:\WINNT\st6unst.exe -n "C:\Program Files\OmegaDarts CorkIt!\ST6UNST.LOG"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PC-Doctor for Windows --> C:\WINNT\UNWISE32.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Pdf995 (installed by TaxCut) --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut) --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PHStat Statistical Add-in --> C:\WINNT\uninst.exe -f"C:\Program Files\Prentice Hall\PHStat\DeIsL1.isu" -c"C:\Program Files\Prentice Hall\PHStat\_ISREG32.DLL"
Pinnacle Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2158698-9937-4546-85A9-1064E82350F7}\Setup.exe" -l0x9 UNINSTALLUNINSTALL
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PS/2 Millennium Keyboard --> SKUninst.exe SK_PS2MillenniumKeyboard
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Seven Kingdoms II --> C:\WINNT\IsUninst.exe -f"C:\Seven Kingdoms II\Uninst.isu"
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9
smart Card Reader Update --> MsiExec.exe /X{190364A7-00B4-46E2-96E0-D6BDEA3FB539}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Software CineMaster 99 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Ravisent\DVD Player\Uninst.isu"
Sound Blaster Live! Value --> C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Starcraft --> C:\WINNT\SCunin.exe C:\WINNT\SCunin.dat
TaxCut North Carolina 2007 --> MsiExec.exe /X{1AC0D592-7F2C-4BBF-B823-EEECD74F097B}
TaxCut Premium + State 2007 --> MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
The Sims --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type9329 / Warning
Event Submitted/Written: 05/13/2008 10:18:09 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9328 / Error
Event Submitted/Written: 05/13/2008 10:10:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module efcapibs.dll, version 0.0.0.0, fault address 0x00062ed3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type9323 / Warning
Event Submitted/Written: 05/13/2008 09:39:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9318 / Warning
Event Submitted/Written: 05/13/2008 07:27:23 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9304 / Error
Event Submitted/Written: 05/13/2008 06:14:39 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3408.0, P3 unspecified, P4 1.31.9487.0, P5 b496f847-ba3a-45fe-b58c-2770511af6ee, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27726 / Warning
Event Submitted/Written: 05/14/2008 06:40:28 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%RINER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %RINER27 can't undo changes that you allow.

For more information please see the following:
%RINER275

Scan ID: {CBA46092-675C-4641-9632-ED2EB7EA5D28}

User: RINER\Owner

Name: %RINER271

ID: %RINER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %RINER276

Alert Type: %RINER278

Detection Type: 1.1.1593.02

Event Record #/Type27725 / Warning
Event Submitted/Written: 05/14/2008 06:40:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%RINER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %RINER27 can't undo changes that you allow.

For more information please see the following:
%RINER275

Scan ID: {F2541F48-FA78-4817-B008-029C0792BD93}

User: RINER\Owner

Name: %RINER271

ID: %RINER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %RINER276

Alert Type: %RINER278

Detection Type: 1.1.1593.02

Event Record #/Type27724 / Warning
Event Submitted/Written: 05/14/2008 06:40:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%RINER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %RINER27 can't undo changes that you allow.

For more information please see the following:
%RINER275

Scan ID: {FEA887A3-D86B-4786-ACE3-63529AA9708D}

User: RINER\Owner

Name: %RINER271

ID: %RINER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %RINER276

Alert Type: %RINER278

Detection Type: 1.1.1593.02

Event Record #/Type27723 / Warning
Event Submitted/Written: 05/14/2008 06:40:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%RINER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %RINER27 can't undo changes that you allow.

For more information please see the following:
%RINER275

Scan ID: {52958C7A-AA3D-46EA-AD16-242D2F02A12B}

User: RINER\Owner

Name: %RINER271

ID: %RINER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %RINER276

Alert Type: %RINER278

Detection Type: 1.1.1593.02

Event Record #/Type27722 / Warning
Event Submitted/Written: 05/14/2008 06:40:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%RINER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %RINER27 can't undo changes that you allow.

For more information please see the following:
%RINER275

Scan ID: {B9E95B5C-9682-4A93-B743-D3C3F189CE0A}

User: RINER\Owner

Name: %RINER271

ID: %RINER272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %RINER276

Alert Type: %RINER278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-14 18:42:14 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:05 AM

Posted 16 May 2008 - 09:54 AM

Hello JohnRinFL and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 JohnRinFL

JohnRinFL
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 16 May 2008 - 10:36 AM

Thanks OT!

The IT system here at work isn't letting me download the OTScanIt from your link and I can't get on the bleepingcomputer site at work - is there another way I can get the file? (I've been downloading things at work, putting them on a flash drive and taking home to install). - John

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:05 AM

Posted 16 May 2008 - 11:35 AM

Hi JohnRinFL. The link I listed is the only place it is available. I guess waining until you're home is what the company wants lol.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 JohnRinFL

JohnRinFL
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 19 May 2008 - 06:29 AM

The OTScanIt didn't do anything when I double clicked it - anyways, my wife's been harassing me about not being able to get to the internet that I just went for the clean install of windowsXP yesterday. Thanks for all your help, but we can consider this issue closed. Thanks again OT!

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:05 AM

Posted 19 May 2008 - 08:32 AM

Hi JohnRinFL. that's always a sure fire method to clean anything!

I will close this topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users