Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

[Solved]HOTXXX Dialler - Need to get rid of!!!!

2552 Views 5 Replies 3 Participants Last post by  $teve
Got real problem of a dialler that has got onto my laptop. Its called HotXXX and changes my homepage to www.pureseeker.com and disconnects my web link. When you try to delete it, it looks to have gone away but then all of a sudden you get a pop up to porn site, installs a shortcut on your desktop and changes homepage again. CAN Somebody please help me???

My Ad-Aware 6 log file is:-

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :23 July 2004 15:55:25
Created with Ad-aware Personal, free for private use.
Using reference-file :01R333 18.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

23-07-2004 15:55:25 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 23-07-2004 14:39:25
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 23-07-2004 14:39:29
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 23-07-2004 14:39:30
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:32:08
Last modified : 23/08/2001 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 23-07-2004 14:39:30
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:32:08
Last modified : 29/08/2002 03:41:26

#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 23-07-2004 14:39:30
BasePriority : Normal
FileSize : 376 KB
Created on : 13/11/2003 22:36:54
Last accessed : 23/07/2004 13:58:45
Last modified : 13/11/2003 22:36:54

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 23-07-2004 14:39:30
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:32:11
Last modified : 23/08/2001 12:00:00

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 23-07-2004 14:39:30
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:32:11
Last modified : 23/08/2001 12:00:00

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 23-07-2004 14:39:32
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:36:53
Last modified : 23/08/2001 12:00:00

#:9 [ntrtscan.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 23-07-2004 14:39:32
BasePriority : Normal
FileSize : 352 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 11:01:40
Last accessed : 23/07/2004 13:58:45
Last modified : 06/07/2004 19:57:58

#:10 [ofcpfwsvc.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 23-07-2004 14:39:33
BasePriority : Normal
FileSize : 220 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : OfcPfwSvc
InternalName : OfcPfwSvc
OriginalFilename : OfcPfwSvc.exe
ProductName : Trend Micro OfficeScan
Created on : 22/07/2004 09:55:32
Last accessed : 23/07/2004 13:58:45
Last modified : 06/07/2004 20:07:44

#:11 [tmlisten.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 23-07-2004 14:39:33
BasePriority : Normal
FileSize : 444 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 10:57:30
Last accessed : 23/07/2004 14:30:13
Last modified : 06/07/2004 19:57:50

#:12 [yldc60.exe]
FilePath : C:\WINDOWS\TEMP\
ThreadCreationTime : 23-07-2004 14:39:35
BasePriority : Normal
FileSize : 168 KB
Created on : 23/07/2004 14:39:35
Last accessed : 23/07/2004 14:39:35
Last modified : 06/07/2004 20:07:14

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 23-07-2004 14:39:42
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 20:12:10
Last accessed : 23/07/2004 14:41:01
Last modified : 11/05/2003 20:12:10

#:14 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5062
ProductVersion : 6.14.10.5062
Copyright : Copyright (C) 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 19/03/2004 12:04:48
Last accessed : 23/07/2004 14:39:44
Last modified : 13/11/2003 21:10:00

#:15 [pccntmon.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
OriginalFilename : PCCNTMON.EXE
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 11:01:42
Last accessed : 23/07/2004 14:39:47
Last modified : 06/07/2004 20:11:38

#:16 [gsicon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 88 KB
FileVersion : 3.1.1
ProductVersion : 3.1.1
Copyright : Copyright
CompanyName : BT, Inc.
FileDescription : DSL Modem Monitor
InternalName : GSICON.EXE
OriginalFilename : GSICON.EXE
ProductName : BT Voyager ADSL Modem
Created on : 04/05/2004 18:13:54
Last accessed : 23/07/2004 14:39:44
Last modified : 12/12/2002 13:21:00

#:17 [dslagent.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 16 KB
Created on : 04/05/2004 18:13:53
Last accessed : 23/07/2004 14:39:25
Last modified : 12/12/2002 13:21:00

#:18 [network adapter manager.exe]
FilePath : C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 148 KB
FileVersion : 2, 5, 3, 3
ProductVersion : 2, 5, 3, 3
CompanyName : Sierra Wireless Inc.
FileDescription : Network Adapter Manager
InternalName : Network Adapter Manager
OriginalFilename : Network Adapter Manager.exe
ProductName : Sierra Wireless Inc. Network Adapter Manager
Created on : 24/05/2004 10:49:00
Last accessed : 23/07/2004 14:40:00
Last modified : 16/04/2003 09:21:14

#:19 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 23/07/2004 14:41:01
Last modified : 23/08/2001 12:00:00

#:20 [ssvr.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 23-07-2004 14:39:44
BasePriority : Normal
FileSize : 30 KB
Created on : 21/07/2004 23:41:44
Last accessed : 23/07/2004 14:39:25
Last modified : 21/07/2004 23:41:45

#:21 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 23-07-2004 14:39:45
BasePriority : Normal
FileSize : 1476 KB
FileVersion : 4.7.0041
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 11/03/2004 09:33:43
Last accessed : 23/07/2004 14:39:53
Last modified : 29/08/2002 03:41:26

#:22 [cinetray.exe]
FilePath : C:\Program Files\Common Files\Sonic Shared\
ThreadCreationTime : 23-07-2004 14:39:47
BasePriority : ?
FileSize : 96 KB
FileVersion : 2.0.00.0040
ProductVersion : 2.0.00.0000
Copyright : Copyright
CompanyName : Sonic Solutions
InternalName : CineTray
OriginalFilename : CineTray.exe
ProductName : CineTray 2.0
Created on : 18/09/2002 13:16:30
Last accessed : 23/07/2004 14:39:49
Last modified : 18/09/2002 13:16:30

#:23 [mpbtn.exe]
FilePath : C:\Program Files\BT Broadband\Help\bin\
ThreadCreationTime : 23-07-2004 14:39:54
BasePriority : Normal
FileSize : 168 KB
Created on : 04/05/2004 18:13:20
Last accessed : 23/07/2004 13:58:48
Last modified : 08/10/2002 18:03:14

#:24 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 23-07-2004 14:41:34
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 19/03/2004 11:55:21
Last accessed : 23/07/2004 14:41:36
Last modified : 29/08/2002 03:41:26

#:25 [analsex.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 23-07-2004 14:43:05
BasePriority : Normal
FileSize : 9 KB
Created on : 23/07/2004 14:43:05
Last accessed : 23/07/2004 14:43:05
Last modified : 23/07/2004 14:43:05

#:26 [svchostrs.exe]
FilePath : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
ThreadCreationTime : 23-07-2004 14:53:40
BasePriority : Normal
FileSize : 50 KB
Created on : 23/07/2004 14:53:40
Last accessed : 23/07/2004 14:53:40
Last modified : 23/07/2004 14:53:40

#:27 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 23-07-2004 14:54:53
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/07/2004 13:24:22
Last accessed : 23/07/2004 13:55:23
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "about:blank"

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:44:20
Last accessed : 23/07/2004 14:44:21
Last modified : 23/07/2004 14:44:21

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:42:31
Last accessed : 23/07/2004 14:42:31
Last modified : 23/07/2004 14:42:31

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:49:09
Last accessed : 23/07/2004 14:49:09
Last modified : 23/07/2004 14:49:09

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:51:23
Last accessed : 23/07/2004 14:51:23
Last modified : 23/07/2004 14:51:23

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:50:02
Last accessed : 23/07/2004 14:50:02
Last modified : 23/07/2004 14:50:02

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:41:42
Last accessed : 23/07/2004 14:41:46
Last modified : 23/07/2004 14:41:46

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:50:47
Last accessed : 23/07/2004 14:50:47
Last modified : 23/07/2004 14:50:47

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:50:47
Last accessed : 23/07/2004 14:50:47
Last modified : 23/07/2004 14:50:47

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:49:09
Last accessed : 23/07/2004 14:49:09
Last modified : 23/07/2004 14:49:09

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 23/07/2004 14:42:31
Last accessed : 23/07/2004 14:42:31
Last modified : 23/07/2004 14:42:31

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 11

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 11

15:57:35 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:09:336
Objects scanned :42229
Objects identified :11
Objects ignored :0
New objects :11

my Hijack This log file is:-

Logfile of HijackThis v1.98.0
Scan saved at 16:00:00, on 23/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\YLDC60.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\ssvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AirCardEnabler] C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\ssvr.exe /i
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NNL.CO.UK
O17 - HKLM\Software\..\Telephony: DomainName = NNL.CO.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NNL.CO.UK

Can somebody please advise as to how to get rid of this dialler.

Many thanks in advance.
See less See more
Status
Not open for further replies.
1 - 6 of 6 Posts
Hi and welcome to TSG,

Please download and run the following programs:

CWSHREDDER

http://www.majorgeeks.com/download4086.html

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

Then restart your computer and post another log.

IMPORTANT! To help prevent this from happening again, you should install all the Microsoft security patches and critical updates.

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right-hand corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window: Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right click the window and choose select all from the drop down menu and click Next)

Restart your computer

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

Then, after rebooting, please post another log and we’ll see what’s left to get rid of.
See less See more
Have done as requested, please find below logs:-

CWShredder - Came back clean report.

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\System32
AppData folder: C:\Documents and Settings\Administrator\Application Data
Username: Administrator

Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (734 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Found Win.ini file: C:\WINDOWS\win.ini (600 bytes, -)
Found System.ini file: C:\WINDOWS\system.ini (231 bytes, -)

- END OF REPORT -

Ad Aware Log:-

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :24 July 2004 11:52:00
Created with Ad-aware Personal, free for private use.
Using reference-file :01R333 18.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R333 18.07.2004
Internal build : 265
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1314436 Bytes
Signature data size : 1293449 Bytes
Reference data size : 20923 Bytes
Signatures total : 28676
Target categories : 10
Target families : 526

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:68 %
Total physical memory:261488 kb
Available physical memory:177224 kb
Total page file size:1026692 kb
Available on page file:885752 kb
Total virtual memory:2097024 kb
Available virtual memory:2057092 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

24-07-2004 11:52:00 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 24-07-2004 10:41:49
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 24-07-2004 10:41:52
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 24-07-2004 10:41:52
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 24/07/2004 09:57:03
Last modified : 23/08/2001 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 24-07-2004 10:41:52
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 24/07/2004 09:57:03
Last modified : 29/08/2002 03:41:26

#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 24-07-2004 10:41:53
BasePriority : Normal
FileSize : 376 KB
Created on : 13/11/2003 22:36:54
Last accessed : 24/07/2004 09:57:03
Last modified : 13/11/2003 22:36:54

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 24-07-2004 10:41:53
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 24/07/2004 09:57:03
Last modified : 23/08/2001 12:00:00

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 24-07-2004 10:41:53
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 24/07/2004 09:57:03
Last modified : 23/08/2001 12:00:00

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 24-07-2004 10:41:54
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 24/07/2004 09:57:03
Last modified : 23/08/2001 12:00:00

#:9 [ntrtscan.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 24-07-2004 10:41:54
BasePriority : Normal
FileSize : 352 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 11:01:40
Last accessed : 24/07/2004 09:57:03
Last modified : 06/07/2004 19:57:58

#:10 [ofcpfwsvc.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 24-07-2004 10:41:54
BasePriority : Normal
FileSize : 220 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : OfcPfwSvc
InternalName : OfcPfwSvc
OriginalFilename : OfcPfwSvc.exe
ProductName : Trend Micro OfficeScan
Created on : 22/07/2004 09:55:32
Last accessed : 24/07/2004 09:57:03
Last modified : 06/07/2004 20:07:44

#:11 [tmlisten.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 24-07-2004 10:41:54
BasePriority : Normal
FileSize : 444 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 10:57:30
Last accessed : 24/07/2004 09:57:03
Last modified : 06/07/2004 19:57:50

#:12 [rh9b95.exe]
FilePath : C:\WINDOWS\TEMP\
ThreadCreationTime : 24-07-2004 10:41:57
BasePriority : Normal
FileSize : 168 KB
Created on : 24/07/2004 10:41:57
Last accessed : 24/07/2004 10:41:57
Last modified : 06/07/2004 20:07:14

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 24-07-2004 10:42:01
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 20:12:10
Last accessed : 24/07/2004 10:44:32
Last modified : 11/05/2003 20:12:10

#:14 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 24-07-2004 10:47:47
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5062
ProductVersion : 6.14.10.5062
Copyright : Copyright (C) 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 19/03/2004 12:04:48
Last accessed : 24/07/2004 10:42:06
Last modified : 13/11/2003 21:10:00

#:15 [pccntmon.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 24-07-2004 10:47:48
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
OriginalFilename : PCCNTMON.EXE
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 11:01:42
Last accessed : 24/07/2004 10:41:49
Last modified : 06/07/2004 20:11:38

#:16 [gsicon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 24-07-2004 10:47:48
BasePriority : Normal
FileSize : 88 KB
FileVersion : 3.1.1
ProductVersion : 3.1.1
Copyright : Copyright
CompanyName : BT, Inc.
FileDescription : DSL Modem Monitor
InternalName : GSICON.EXE
OriginalFilename : GSICON.EXE
ProductName : BT Voyager ADSL Modem
Created on : 04/05/2004 18:13:54
Last accessed : 24/07/2004 10:42:06
Last modified : 12/12/2002 13:21:00

#:17 [dslagent.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 24-07-2004 10:47:48
BasePriority : Normal
FileSize : 16 KB
Created on : 04/05/2004 18:13:53
Last accessed : 24/07/2004 10:41:49
Last modified : 12/12/2002 13:21:00

#:18 [network adapter manager.exe]
FilePath : C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\
ThreadCreationTime : 24-07-2004 10:47:49
BasePriority : Normal
FileSize : 148 KB
FileVersion : 2, 5, 3, 3
ProductVersion : 2, 5, 3, 3
CompanyName : Sierra Wireless Inc.
FileDescription : Network Adapter Manager
InternalName : Network Adapter Manager
OriginalFilename : Network Adapter Manager.exe
ProductName : Sierra Wireless Inc. Network Adapter Manager
Created on : 24/05/2004 10:49:00
Last accessed : 24/07/2004 10:42:06
Last modified : 16/04/2003 09:21:14

#:19 [ssvr.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 24-07-2004 10:47:49
BasePriority : Normal
FileSize : 30 KB
Created on : 21/07/2004 23:41:44
Last accessed : 24/07/2004 10:41:49
Last modified : 21/07/2004 23:41:45

#:20 [pccntupd.exe]
FilePath : C:\Program Files\Trend Micro\OfficeScan Client\
ThreadCreationTime : 24-07-2004 10:47:57
BasePriority : Normal
FileSize : 116 KB
FileVersion : 6.5.0.1030
ProductVersion : 6.5
Copyright : Copyright (C) 1999-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 08/01/2003 11:01:44
Last accessed : 24/07/2004 09:57:03
Last modified : 06/07/2004 20:11:48

#:21 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 24-07-2004 10:50:06
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 19/03/2004 11:55:21
Last accessed : 24/07/2004 10:50:06
Last modified : 29/08/2002 03:41:26

#:22 [analsex.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 24-07-2004 10:51:12
BasePriority : Normal
FileSize : 9 KB
Created on : 24/07/2004 10:00:52
Last accessed : 24/07/2004 10:51:11
Last modified : 24/07/2004 10:51:11

#:23 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 24-07-2004 10:51:52
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/07/2004 13:24:22
Last accessed : 24/07/2004 10:28:49
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "about:blank"

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 24/07/2004 10:50:22
Last accessed : 24/07/2004 10:50:23
Last modified : 24/07/2004 10:50:23

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 24/07/2004 10:50:23
Last accessed : 24/07/2004 10:50:23
Last modified : 24/07/2004 10:50:23

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 24/07/2004 10:29:50
Last accessed : 24/07/2004 10:29:50
Last modified : 24/07/2004 10:29:50

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 4

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4

12:00:53 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:08:53:146
Objects scanned :92918
Objects identified :4
Objects ignored :0
New objects :4

Got rid of the objects that were detected.

Done Spybot search. Got rid of everything apart from something called WildTangent.

Can you please let me know what I need to do to get rid of this annoying problem..
See less See more
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows including this one and "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\ssvr.exe /i
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank


Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Locate and delete:
C:\WINDOWS\ssvr.exe /i
C:\WINDOWS\System32\msmc.exe


==============================
Empty the Recycle Bin.

Open internet Explorer Click on "Tools">"Internet Options">And delete temp internet files.
And clean out your %Userprofile%\Local Settings\Temp
folder. [It's a good idea to do that regularly.]
==============================
Go to Internet Options>Programs
Click the "Reset Web Settings" Button to reset your prefered home and search pages.
==============================
Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

;)
See less See more
Thanks for that. Seems to have solved the problem.
Your welcome,ill mark this [solved]:up:
1 - 6 of 6 Posts
Status
Not open for further replies.
Top