Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispy Spider, Red Background On Desktop.


  • Please log in to reply
1 reply to this topic

#1 grouse

grouse

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 June 2008 - 05:45 AM

hi all,

First time for me here at bleeping computer usually use other tech forums but this infection has made it pretty much impossible for me to acces those, So I thought I'd give bleeping computer a try.


I've seen a couple of other threads discussing the same infection on here, I've got the same symptoms as described in those posts; Loads of pop ups, browser highjacking, changing of background on desktop, fake spyware warnings....

It's driving me crazy hope you guys can help me get rid of this :thumbsup:



Deckard's System Scanner v20071014.68
Run by slash on 2008-06-16 12:23:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-06-16 10:23:41 UTC - RP489 - Deckard's System Scanner Restore Point
29: 2008-06-15 16:27:51 UTC - RP488 - Controlepunt van systeem
28: 2008-06-14 15:51:34 UTC - RP487 - Controlepunt van systeem
27: 2008-06-13 15:35:18 UTC - RP486 - Controlepunt van systeem
26: 2008-06-12 15:22:35 UTC - RP485 - Controlepunt van systeem


-- First Restore Point --
1: 2008-05-19 11:16:48 UTC - RP460 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as slash.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:06, on 16-6-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\calc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\slash\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\slash.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 171.66.3.181:3127
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\slash\Mijn documenten\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {f5fdfe62-8c19-8b09-a294-450bff0b12b9} - {9b21b0ff-b054-492a-90b8-91c826efdf5f} - C:\WINDOWS\System32\syajouix.dll (file missing)
O2 - BHO: (no name) - {A1DB602A-FB11-4ACA-AC8E-5FD425A92098} - C:\WINDOWS\System32\ddccc.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech-productregistratie.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\slash\Mijn documenten\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\slash\Mijn documenten\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\slash\Mijn documenten\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: www.sgnappo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180286688703
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://amersfoortcam.vedor.nl/AxisCamControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...252/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F997C1C-E1E8-450F-9A90-1FF840A83D58}: NameServer = 62.94.144.232,151.13.150.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{64108FB9-F2AB-4ED8-8EB4-E0B15C58162E}: NameServer = 62.94.144.232,151.13.150.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{85C216FB-63B3-4959-AD4C-31080FB728C2}: NameServer = 62.94.144.232,151.13.150.22
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: awtsssp - awtsssp.dll (file missing)
O20 - Winlogon Notify: mljgghi - mljgghi.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Ibnkacla.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)
O23 - Service: Windows_real - Unknown owner - C:\Program Files\realbbs.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/slash/LOCALS~1/Temp/msoclip1/01/clip_image001.gif

--
End of file - 9217 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >

S2 Wvlr59 - c:\windows\system32\wvlr59.sys (file missing)
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aspimgr (Microsoft ASPI Manager) - c:\windows\system32\aspimgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 vwservice - c:\windows\system32\vwsrv.exe (file missing)
S2 Windows_real - c:\program files\realbbs.exe
S3 iPod Service (iPod-service) - c:\program files\ipod\bin\ipodservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI T200 Unified AVStream Driver
Device ID: DISPLAY\NTATIVRV01\5&F7C21CD&0&80000008&01&00
Manufacturer: ATI Technologies
Name: ATI T200 Unified AVStream Driver
PNP Device ID: DISPLAY\NTATIVRV01\5&F7C21CD&0&80000008&01&00
Service: ATIAVAIW

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI-modem
Device ID: PCI\VEN_163C&DEV_3052&SUBSYS_3052163C&REV_03\3&61AAA01&0&68
Manufacturer:
Name: PCI-modem
PNP Device ID: PCI\VEN_163C&DEV_3052&SUBSYS_3052163C&REV_03\3&61AAA01&0&68
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&61AAA01&0&78
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&61AAA01&0&78
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 11:03:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 12:26:00 0 d-------- C:\Program Files\Trend Micro
2008-06-16 11:40:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 10:36:07 32768 --a------ C:\WINDOWS\System32\sockins32.dll <Not Verified; ThinkPad; ThinkPad repl>
2008-06-13 19:30:55 86016 --a------ C:\WINDOWS\System32\aspimgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-05 12:53:55 0 d-------- C:\Documents and Settings\slash\Application Data\Creative
2008-06-05 12:08:27 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-06-05 12:06:26 25088 -----n--- C:\WINDOWS\System32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-06-05 12:06:26 44032 -----n--- C:\WINDOWS\System32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-06-05 12:06:14 0 d--h----- C:\Program Files\Creative Installation Information
2008-06-05 12:06:14 0 d-------- C:\Program Files\Common Files\Creative
2008-06-05 12:04:36 0 d-------- C:\Program Files\Creative
2008-05-18 14:57:34 0 d-------- C:\Program Files\TVAnts


-- Find3M Report ---------------------------------------------------------------

2008-06-16 10:35:58 28 --a------ C:\Program Files\paramstr.txt
2008-06-05 12:07:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 12:06:14 0 d-------- C:\Program Files\Common Files
2008-05-27 18:58:36 0 d-------- C:\Program Files\mIRC
2008-05-22 17:43:00 0 d-------- C:\Program Files\Google
2008-05-13 22:26:40 0 d-------- C:\Documents and Settings\slash\Application Data\mIRC
2008-05-01 14:20:29 0 d-------- C:\Program Files\Java
2008-04-23 20:25:41 0 d-------- C:\Documents and Settings\slash\Application Data\Adobe
2008-03-30 11:05:59 364330 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-30 11:05:59 53418 --a------ C:\WINDOWS\System32\perfc013.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b21b0ff-b054-492a-90b8-91c826efdf5f}]
C:\WINDOWS\System32\syajouix.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1DB602A-FB11-4ACA-AC8E-5FD425A92098}]
C:\WINDOWS\System32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [12-08-2003 22:10]
"SoundMan"="SOUNDMAN.EXE" [05-08-2003 14:59 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="D:\QuickTime\qttask.exe" [16-02-2007 11:54]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 16:32 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 16:32 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [11-09-2002 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12-11-2006 12:48]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [20-08-2002 16:08]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

C:\Documents and Settings\slash\Menu Start\Programma's\Opstarten\
Logitech-productregistratie.lnk - C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe [9-4-2007 12:23:34]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [19-3-2007 19:21:35]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [15-1-2008 20:58:30]
Microsoft Office.lnk - D:\Office\Office\OSA9.EXE [17-2-1999 19:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Ibnkacla.dll [ ]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsssp]
awtsssp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgghi]
mljgghi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ddccc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
"C:\Program Files\MP4 Player\mp4Player.exe" hmw

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\slash\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Program Files\ProxyWay\proxyway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\slash\Mijn documenten\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]
v7


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a113f10e-c434-11db-9b5a-00e04c415758}]
AutoRun\command- G:\autorun.exe
directx\command- G:\DirectX9\dxsetup.exe
setup\command- G:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-06-16 12:26:41 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: Dutch

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.48 MiB / 260.58 MiB
Pagefile Memory (total/avail): 1250.15 MiB / 1055.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 11.75 GiB total, 2.91 GiB free.
D: is Fixed (NTFS) - 137.3 GiB total, 58.45 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00REA0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 11.75 GiB - C:
\PARTITION1 - Installable File System - 137.3 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\slash\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CC86980-A
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\slash
LOGONSERVER=\\CC86980-A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI-CPanel;D:\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\slash\LOCALS~1\Temp
TMP=C:\DOCUME~1\slash\LOCALS~1\Temp
USERDOMAIN=CC86980-A
USERNAME=slash
USERPROFILE=C:\Documents and Settings\slash
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

slash (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0013
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0013
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x13 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x13 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x13 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x13 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -fD:\adobe\Uninst.isu -cD:\adobe\Uninst.dll
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BitComet 0.84 --> C:\Documents and Settings\slash\Mijn documenten\BitComet\uninst.exe
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Creative-systeeminformatie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x13 /remove
Creative MuVo V100 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}\SETUP.EXE" -l0x13 /remove
DHCP-conversieprogramma --> C:\WINDOWS\IsUn0413.exe -fC:\DOCUME~1\slash\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\..\..\Uninst.isu
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ffdshow [rev 967] [2007-02-26] --> "C:\Program Files\ffdshow\unins000.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Foxit Reader --> D:\foxit\Foxit Reader\Uninstall.exe
GameShadow --> MsiExec.exe /I{ADC9D2AC-5ADC-491E-81E7-1F7B4344DE98}
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Kudos Rock Legend --> "C:\Program Files\Kudos Rock Legend\ReflexiveArcade\unins000.exe"
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0013 -removeonly
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
MicroAdobe Free MP4 Player (Free) --> C:\PROGRA~1\MICROA~1\MICROA~1\UNWISE.EXE C:\PROGRA~1\MICROA~1\MICROA~1\INSTALL.LOG
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000413-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\slash\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MP4 Player 4.0 --> "C:\WINDOWS\unins000.exe"
NewsLeecher v3.8 Final --> "D:\NewsLeecher\unins000.exe"
OpenAL --> "C:\Program Files\OpenAL\RunMeFirst (Open AL 2006-12-12).exe" /U
PowerISO --> "C:\Documents and Settings\slash\Mijn documenten\PowerISO\uninstall.exe"
ProxyWay Extra --> MsiExec.exe /X{620797B0-A022-4B57-A95E-DD7DD0321034}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SopCast 1.1.1 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wolfenstein - Enemy Territory --> D:\ET\Uninstall\Unwise.exe /u D:\ET\Uninstall\Install.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type1175 / Error
Event Submitted/Written: 06/12/2008 02:18:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 6.0.2800.1106, vastgelopen module: mshtml.dll, versie: 6.0.2800.1106, vastgelopen op: 0x000a6014.

Event Record #/Type1164 / Error
Event Submitted/Written: 06/07/2008 00:08:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 6.0.2800.1106, vastgelopen module: mshtml.dll, versie: 6.0.2800.1106, vastgelopen op: 0x0006cd12.

Event Record #/Type1152 / Error
Event Submitted/Written: 06/04/2008 11:09:18 AM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 6.0.2800.1106, vastgelopen module: mshtml.dll, versie: 6.0.2800.1106, vastgelopen op: 0x0006cd12.

Event Record #/Type1151 / Error
Event Submitted/Written: 06/04/2008 10:52:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 6.0.2800.1106, vastgelopen module: mshtml.dll, versie: 6.0.2800.1106, vastgelopen op: 0x000f2fd5.

Event Record #/Type1141 / Error
Event Submitted/Written: 05/27/2008 00:05:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: notepad.exe, versie: 5.1.2600.0, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24875 / Error
Event Submitted/Written: 06/16/2008 00:04:59 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
De Creative Service for CDROM Access-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Event Record #/Type24853 / Error
Event Submitted/Written: 06/16/2008 10:37:23 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
De Intelligente achtergrondsoverdrachtservice-service is bij het starten vastgelopen.

Event Record #/Type24852 / Error
Event Submitted/Written: 06/16/2008 10:37:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De Wvlr59-service kan vanwege de volgende fout niet worden gestart:
%%2

Event Record #/Type24851 / Error
Event Submitted/Written: 06/16/2008 10:37:21 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows_real.

Event Record #/Type24850 / Error
Event Submitted/Written: 06/16/2008 10:37:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De ATI WDM Specialized MVD Codec-service kan vanwege de volgende fout niet worden gestart:
%%1058



-- End of Deckard's System Scanner: finished at 2008-06-16 12:26:41 ------------

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 PM

Posted 17 June 2008 - 12:34 AM

Hello grouse and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users