I have been trying to clean up my computer utilizing MS Antispyware,
Pestpatrol, Spysweeper and a couple of others including McAffee suite.
Two problems include a O18 - Filter hijack: text/webviewhtml - (no CLSID) -
(no file) that failed removal with BHOdemon and aboutbuster. How to rid this
bugger?
The second problem is a repeated bsod, three to four times a day caused by
antiak.sys, supposingly an antikeylogger virus. Discussed by another poster
here: http://forums.spywareinfo.com/lofive...hp/t62313.html, a
solution is pointed to here: http://r-1.ch/antiak.html but I cannot "mass"
confirmation and approval of its safety and legitimacy. How to rid this
bugger? I otherwise believe my computeri s clean as I do multiple av and spy
sweeps in safemode every Sunday. Thank to all who help.

Hi Rick

For the first Protocol Filter problem open notepad and copy this next part
into it making REGEDIT4 the top line in notepad:

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

Goto file on the top bar and choose Save As, name it fix.reg and on the save
as type area change it to All Files then save it to your desktop. Double
click fix.reg and allow it to be merged into the registry,

For the ANTIAK.SYS file this is maybe connected to a commercial
Anti-keylogging program which installed as a trial version and left some
files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
they have now doesnt create that file so I cannot be sure) Its unlikely to be
a Virus/Trojan file as there would be some record of it on security sites,
The fix tool you post a link to seems clean when scanned at AV sites but it
does make a registry change in this area:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters

I cannot say how well it works as I don't have the ANTIAK.SYS file to test
with but noticed it was used over at SpywareInfo without any obvious
negative results so will leave that for you to decide .

I think you may be able to remove this using F-Secures beta blacklight by
renaming 2 files if they are found then reboot and delete the files as they
will then appear because they have been renamed to a .ren extention.

Download Blacklight beta

http://www.f-secure.com/blacklight/try.shtml

Run the program, accept statement > click next then scan

If these files are detected have blacklite rename them

C:\Windows\DFSLKI5A.O9U

C:\Windows\SYSTEM32\ANTIAK.SYS

Do not rename "wbemtest.exe" as its a windows file. If there are any other
files you THINK may be valid don't rename them for now as Blacklight will
create a log that can be post back if needed called fsbl-<date/time>.log
..The tool will ask you to reboot, choose yes.

When the system reboot's check for these files and delete them:

C:\Windows\DFSLKI5A.O9U.ren

C:\Windows\SYSTEM32\ANTIAK.SYS.ren

If you cannot delete them reboot into safe mode then remove the files
(Reboot and keep tapping F8 then choose safe mode from the list)

Let us know if you have any problems

Regards

Andy

I just received a email from 'Raytown Corporation LLC' which I'd gave a link
to as a possible cause of this file, They have said the file 'ANTIAK.SYS'
belongs to Advanced AntiKeylogger (h**p://www.anti-keylogger.net/) and not
them.

Thanks to Raytown Corp for making that clear

I sincerely appreciate your repair suggestions for my computer. Both worked
and I have since not seen the bsod either. I waited to reply as I wanted to
see if any other problems would occur. Things were fast for a few day and now
I have experienced a slow start up to IE which if I shut off Spysweeper,
clears. Thank you very much

Hey Rick

Glad it solved your problems, I don't have SpySweeper installed but here's a
link that may help as it seems some other users are having the same issue.

http://www.dslreports.com/forum/remark,14557500

If you goto the last page the latest response from SpySweeper which was made
last week is this:

"From our knowledge base:

When Spy Sweeper is running why does Internet Explorer take so long to start?

A specific BHO (Browser Helper Object) included in a recent Java platform
update installed on your computer may be causing this issue.

This BHO registers itself with your computer almost two hundred times every
time Internet Explorer is started. This causes the ActiveX Shield in Spy
Sweeper to perform a check against this BHO multiple times before it can
allow IE to load. This behavior is not typical of a BHO.

There are two ways to resolve this issue.

1) Webroot recommends disabling the Java BHO. This resolution will not
reduce the level of protection provided to you by Spy Sweeper. Steps to
disable the Java BHO are listed below.

1) Open Spy Sweeper and click Shields on the left hand side of the screen.

2) Click the ‘Browser Add-ons’ tab near the top of the Spy Sweeper Screen.

3) Select the option to Edit BHOs used by Internet Explorer.

4) Clear the checkbox in front of the ‘Java (TM) 2 Platform…"BHO on the list.

5) Click ‘Yes’ for the question pop-up that Spy Sweeper generates.

6) Click ‘Save Changes’ in Spy Sweeper.

Note: Once you click ‘Save Changes,’ it can take a few moments for Windows
to unload and deactivate this BHO. Please be patient.

2) The other way is to disable the ActiveX Shield in Spy Sweeper. If this is
the option you choose, please follow the instructions below to do so.
Important: If you disable the ActiveX Shield, you may be vulnerable to
spyware attempting to install through this method.

1) Open Spy Sweeper and click Shields on the left hand side of the screen.

2) Click on the ‘Windows System’ tab near the top of the Spy Sweeper screen.

3) Clear the checkbox in front of the ‘ActiveX Shield’ option.

Whichever method you choose to rectify this problem, please note that
Webroot Software is in contact with Sun Microsystems concerning this issue
and is working towards a permanant solution."


Hope That Helps

Regards

Andy

KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
picking up advanced keylogger and quarantining. But it comes back evry day
often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.

Second ran search microsoft information and complex article on HIDDEN files
says Keyloggers can be in hidden files so cannot see them Mindblowing
explanation of new method of removal. Please help.
--
hampshire chris


"AndyManchesta" wrote:

>
> Hi Rick
>
> For the first Protocol Filter problem open notepad and copy this next part
> into it making REGEDIT4 the top line in notepad:
>
> REGEDIT4
>
> [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
> @="WebView MIME Filter"
> "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
>
> Goto file on the top bar and choose Save As, name it fix.reg and on the save
> as type area change it to All Files then save it to your desktop. Double
> click fix.reg and allow it to be merged into the registry,
>
> For the ANTIAK.SYS file this is maybe connected to a commercial
> Anti-keylogging program which installed as a trial version and left some
> files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
> they have now doesnt create that file so I cannot be sure) Its unlikely to be
> a Virus/Trojan file as there would be some record of it on security sites,
> The fix tool you post a link to seems clean when scanned at AV sites but it
> does make a registry change in this area:
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
>
> I cannot say how well it works as I don't have the ANTIAK.SYS file to test
> with but noticed it was used over at SpywareInfo without any obvious
> negative results so will leave that for you to decide .
>
> I think you may be able to remove this using F-Secures beta blacklight by
> renaming 2 files if they are found then reboot and delete the files as they
> will then appear because they have been renamed to a .ren extention.
>
> Download Blacklight beta
>
> http://www.f-secure.com/blacklight/try.shtml
>
> Run the program, accept statement > click next then scan
>
> If these files are detected have blacklite rename them
>
> C:\Windows\DFSLKI5A.O9U
>
> C:\Windows\SYSTEM32\ANTIAK.SYS
>
> Do not rename "wbemtest.exe" as its a windows file. If there are any other
> files you THINK may be valid don't rename them for now as Blacklight will
> create a log that can be post back if needed called fsbl-<date/time>.log
> .The tool will ask you to reboot, choose yes.
>
> When the system reboot's check for these files and delete them:
>
> C:\Windows\DFSLKI5A.O9U.ren
>
> C:\Windows\SYSTEM32\ANTIAK.SYS.ren
>
> If you cannot delete them reboot into safe mode then remove the files
> (Reboot and keep tapping F8 then choose safe mode from the list)
>
> Let us know if you have any problems
>
> Regards
>
> Andy
>

Hi Chris

I'd suggest running F-Secure Blanklight which you will find a link to in my
first reply. It really depends on who else has access to your pc and where
AOL is finding the Keylogger files to determine if its a real threat, They
can be easily hidden if another user installs them so you will not find any
of the files unless you know the hot key combination to bring it out of
hidden mode, Its a commercial keylogger so Id assume it has to be manually
installed so again this depends on who has access to your pc, The hotkey
combination can be configured so its difficult to know what it will be, on
some you can just type a word anywhere on the desktop to make it show itself
but again that can be changed by whoever put it on. Run F-Secure Blacklight
and post back the log it produces (fsbl-date/time.log) and we can take it
from there and also see if you can get a log from AOL to show what its
detecting if not then make a note of the file.

Regards

Andy

"chris hampshire" wrote:

> KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
> picking up advanced keylogger and quarantining. But it comes back evry day
> often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.
>
> Second ran search microsoft information and complex article on HIDDEN files
> says Keyloggers can be in hidden files so cannot see them Mindblowing
> explanation of new method of removal. Please help.
> --
> hampshire chris
>
>
> "AndyManchesta" wrote:
>
> >
> > Hi Rick
> >
> > For the first Protocol Filter problem open notepad and copy this next part
> > into it making REGEDIT4 the top line in notepad:
> >
> > REGEDIT4
> >
> > [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
> > @="WebView MIME Filter"
> > "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
> >
> > Goto file on the top bar and choose Save As, name it fix.reg and on the save
> > as type area change it to All Files then save it to your desktop. Double
> > click fix.reg and allow it to be merged into the registry,
> >
> > For the ANTIAK.SYS file this is maybe connected to a commercial
> > Anti-keylogging program which installed as a trial version and left some
> > files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
> > they have now doesnt create that file so I cannot be sure) Its unlikely to be
> > a Virus/Trojan file as there would be some record of it on security sites,
> > The fix tool you post a link to seems clean when scanned at AV sites but it
> > does make a registry change in this area:
> >
> > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
> >
> > I cannot say how well it works as I don't have the ANTIAK.SYS file to test
> > with but noticed it was used over at SpywareInfo without any obvious
> > negative results so will leave that for you to decide .
> >
> > I think you may be able to remove this using F-Secures beta blacklight by
> > renaming 2 files if they are found then reboot and delete the files as they
> > will then appear because they have been renamed to a .ren extention.
> >
> > Download Blacklight beta
> >
> > http://www.f-secure.com/blacklight/try.shtml
> >
> > Run the program, accept statement > click next then scan
> >
> > If these files are detected have blacklite rename them
> >
> > C:\Windows\DFSLKI5A.O9U
> >
> > C:\Windows\SYSTEM32\ANTIAK.SYS
> >
> > Do not rename "wbemtest.exe" as its a windows file. If there are any other
> > files you THINK may be valid don't rename them for now as Blacklight will
> > create a log that can be post back if needed called fsbl-<date/time>.log
> > .The tool will ask you to reboot, choose yes.
> >
> > When the system reboot's check for these files and delete them:
> >
> > C:\Windows\DFSLKI5A.O9U.ren
> >
> > C:\Windows\SYSTEM32\ANTIAK.SYS.ren
> >
> > If you cannot delete them reboot into safe mode then remove the files
> > (Reboot and keep tapping F8 then choose safe mode from the list)
> >
> > Let us know if you have any problems
> >
> > Regards
> >
> > Andy
> >

Hi ANDY, thanks so far. First no one has access only me. I have aol spyware
()comes with them as my ISP. Alos McAfee firewall and virus scan for viruses.
Recently installed SPYWARE DOCTOR recommended by PC WOrld UK and in US. Aol
detects advance Keylogger. Spyware Doctor does not. But friend says because
aol spywarte grabs first and quarantines. He says then the Doctor can't see
it. Askeds aol tech help but useless. Asked Dell: they ran hardware check
but that's all. e-mailed spyware doctor. Can't get reply. HELP!!!+
--
hampshire chris


"AndyManchesta" wrote:

>
> Hi Chris
>
> I'd suggest running F-Secure Blanklight which you will find a link to in my
> first reply. It really depends on who else has access to your pc and where
> AOL is finding the Keylogger files to determine if its a real threat, They
> can be easily hidden if another user installs them so you will not find any
> of the files unless you know the hot key combination to bring it out of
> hidden mode, Its a commercial keylogger so Id assume it has to be manually
> installed so again this depends on who has access to your pc, The hotkey
> combination can be configured so its difficult to know what it will be, on
> some you can just type a word anywhere on the desktop to make it show itself
> but again that can be changed by whoever put it on. Run F-Secure Blacklight
> and post back the log it produces (fsbl-date/time.log) and we can take it
> from there and also see if you can get a log from AOL to show what its
> detecting if not then make a note of the file.
>
> Regards
>
> Andy
>
> "chris hampshire" wrote:
>
> > KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
> > picking up advanced keylogger and quarantining. But it comes back evry day
> > often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.
> >
> > Second ran search microsoft information and complex article on HIDDEN files
> > says Keyloggers can be in hidden files so cannot see them Mindblowing
> > explanation of new method of removal. Please help.
> > --
> > hampshire chris
> >
> >
> > "AndyManchesta" wrote:
> >
> > >
> > > Hi Rick
> > >
> > > For the first Protocol Filter problem open notepad and copy this next part
> > > into it making REGEDIT4 the top line in notepad:
> > >
> > > REGEDIT4
> > >
> > > [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
> > > @="WebView MIME Filter"
> > > "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
> > >
> > > Goto file on the top bar and choose Save As, name it fix.reg and on the save
> > > as type area change it to All Files then save it to your desktop. Double
> > > click fix.reg and allow it to be merged into the registry,
> > >
> > > For the ANTIAK.SYS file this is maybe connected to a commercial
> > > Anti-keylogging program which installed as a trial version and left some
> > > files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
> > > they have now doesnt create that file so I cannot be sure) Its unlikely to be
> > > a Virus/Trojan file as there would be some record of it on security sites,
> > > The fix tool you post a link to seems clean when scanned at AV sites but it
> > > does make a registry change in this area:
> > >
> > > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
> > >
> > > I cannot say how well it works as I don't have the ANTIAK.SYS file to test
> > > with but noticed it was used over at SpywareInfo without any obvious
> > > negative results so will leave that for you to decide .
> > >
> > > I think you may be able to remove this using F-Secures beta blacklight by
> > > renaming 2 files if they are found then reboot and delete the files as they
> > > will then appear because they have been renamed to a .ren extention.
> > >
> > > Download Blacklight beta
> > >
> > > http://www.f-secure.com/blacklight/try.shtml
> > >
> > > Run the program, accept statement > click next then scan
> > >
> > > If these files are detected have blacklite rename them
> > >
> > > C:\Windows\DFSLKI5A.O9U
> > >
> > > C:\Windows\SYSTEM32\ANTIAK.SYS
> > >
> > > Do not rename "wbemtest.exe" as its a windows file. If there are any other
> > > files you THINK may be valid don't rename them for now as Blacklight will
> > > create a log that can be post back if needed called fsbl-<date/time>.log
> > > .The tool will ask you to reboot, choose yes.
> > >
> > > When the system reboot's check for these files and delete them:
> > >
> > > C:\Windows\DFSLKI5A.O9U.ren
> > >
> > > C:\Windows\SYSTEM32\ANTIAK.SYS.ren
> > >
> > > If you cannot delete them reboot into safe mode then remove the files
> > > (Reboot and keep tapping F8 then choose safe mode from the list)
> > >
> > > Let us know if you have any problems
> > >
> > > Regards
> > >
> > > Andy
> > >

I ran Blanklight as you suggested. It found no hidden files.
--
hampshire chris


"AndyManchesta" wrote:

>
> Hi Chris
>
> I'd suggest running F-Secure Blanklight which you will find a link to in my
> first reply. It really depends on who else has access to your pc and where
> AOL is finding the Keylogger files to determine if its a real threat, They
> can be easily hidden if another user installs them so you will not find any
> of the files unless you know the hot key combination to bring it out of
> hidden mode, Its a commercial keylogger so Id assume it has to be manually
> installed so again this depends on who has access to your pc, The hotkey
> combination can be configured so its difficult to know what it will be, on
> some you can just type a word anywhere on the desktop to make it show itself
> but again that can be changed by whoever put it on. Run F-Secure Blacklight
> and post back the log it produces (fsbl-date/time.log) and we can take it
> from there and also see if you can get a log from AOL to show what its
> detecting if not then make a note of the file.
>
> Regards
>
> Andy
>
> "chris hampshire" wrote:
>
> > KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
> > picking up advanced keylogger and quarantining. But it comes back evry day
> > often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.
> >
> > Second ran search microsoft information and complex article on HIDDEN files
> > says Keyloggers can be in hidden files so cannot see them Mindblowing
> > explanation of new method of removal. Please help.
> > --
> > hampshire chris
> >
> >
> > "AndyManchesta" wrote:
> >
> > >
> > > Hi Rick
> > >
> > > For the first Protocol Filter problem open notepad and copy this next part
> > > into it making REGEDIT4 the top line in notepad:
> > >
> > > REGEDIT4
> > >
> > > [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
> > > @="WebView MIME Filter"
> > > "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
> > >
> > > Goto file on the top bar and choose Save As, name it fix.reg and on the save
> > > as type area change it to All Files then save it to your desktop. Double
> > > click fix.reg and allow it to be merged into the registry,
> > >
> > > For the ANTIAK.SYS file this is maybe connected to a commercial
> > > Anti-keylogging program which installed as a trial version and left some
> > > files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
> > > they have now doesnt create that file so I cannot be sure) Its unlikely to be
> > > a Virus/Trojan file as there would be some record of it on security sites,
> > > The fix tool you post a link to seems clean when scanned at AV sites but it
> > > does make a registry change in this area:
> > >
> > > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
> > >
> > > I cannot say how well it works as I don't have the ANTIAK.SYS file to test
> > > with but noticed it was used over at SpywareInfo without any obvious
> > > negative results so will leave that for you to decide .
> > >
> > > I think you may be able to remove this using F-Secures beta blacklight by
> > > renaming 2 files if they are found then reboot and delete the files as they
> > > will then appear because they have been renamed to a .ren extention.
> > >
> > > Download Blacklight beta
> > >
> > > http://www.f-secure.com/blacklight/try.shtml
> > >
> > > Run the program, accept statement > click next then scan
> > >
> > > If these files are detected have blacklite rename them
> > >
> > > C:\Windows\DFSLKI5A.O9U
> > >
> > > C:\Windows\SYSTEM32\ANTIAK.SYS
> > >
> > > Do not rename "wbemtest.exe" as its a windows file. If there are any other
> > > files you THINK may be valid don't rename them for now as Blacklight will
> > > create a log that can be post back if needed called fsbl-<date/time>.log
> > > .The tool will ask you to reboot, choose yes.
> > >
> > > When the system reboot's check for these files and delete them:
> > >
> > > C:\Windows\DFSLKI5A.O9U.ren
> > >
> > > C:\Windows\SYSTEM32\ANTIAK.SYS.ren
> > >
> > > If you cannot delete them reboot into safe mode then remove the files
> > > (Reboot and keep tapping F8 then choose safe mode from the list)
> > >
> > > Let us know if you have any problems
> > >
> > > Regards
> > >
> > > Andy
> > >

Hey Chris

Excuse the spelling mistake in my last post I meant to put use F-Secure
Blacklight and not Blanklight , I was posting to Ewido about them failing
with removing SurfSideKick which causes its scanner to run at 100% CPU usage
, Ive not tested MS Antispyware but I dont think its worth it as its loading
via the AppInit_DLLs registry key which means its pretty much loaded into
every running process even in safe mode, Im suggesting they run the uninstall
command and reboot the system as its impossible to touch the dll that causing
it otherwise. Cannot rename, remove, delete use killbox etc.. , I was also
posting on the Ccleaner forums helping someone who filled their pc with Virus
and Spyware junk by running cracked software so I was abit sidetracked. I
think you have sent me emails as I noticed a AOL address so will check them
now and offer some solutions if I can

Chat later

Andy

"chris hampshire" wrote:

> Hi ANDY, thanks so far. First no one has access only me. I have aol spyware
> ()comes with them as my ISP. Alos McAfee firewall and virus scan for viruses.
> Recently installed SPYWARE DOCTOR recommended by PC WOrld UK and in US. Aol
> detects advance Keylogger. Spyware Doctor does not. But friend says because
> aol spywarte grabs first and quarantines. He says then the Doctor can't see
> it. Askeds aol tech help but useless. Asked Dell: they ran hardware check
> but that's all. e-mailed spyware doctor. Can't get reply. HELP!!!+
> --
> hampshire chris
>
>
> "AndyManchesta" wrote:
>
> >
> > Hi Chris
> >
> > I'd suggest running F-Secure Blanklight which you will find a link to in my
> > first reply. It really depends on who else has access to your pc and where
> > AOL is finding the Keylogger files to determine if its a real threat, They
> > can be easily hidden if another user installs them so you will not find any
> > of the files unless you know the hot key combination to bring it out of
> > hidden mode, Its a commercial keylogger so Id assume it has to be manually
> > installed so again this depends on who has access to your pc, The hotkey
> > combination can be configured so its difficult to know what it will be, on
> > some you can just type a word anywhere on the desktop to make it show itself
> > but again that can be changed by whoever put it on. Run F-Secure Blacklight
> > and post back the log it produces (fsbl-date/time.log) and we can take it
> > from there and also see if you can get a log from AOL to show what its
> > detecting if not then make a note of the file.
> >
> > Regards
> >
> > Andy
> >
> > "chris hampshire" wrote:
> >
> > > KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
> > > picking up advanced keylogger and quarantining. But it comes back evry day
> > > often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.
> > >
> > > Second ran search microsoft information and complex article on HIDDEN files
> > > says Keyloggers can be in hidden files so cannot see them Mindblowing
> > > explanation of new method of removal. Please help.
> > > --
> > > hampshire chris
> > >
> > >
> > > "AndyManchesta" wrote:
> > >
> > > >
> > > > Hi Rick
> > > >
> > > > For the first Protocol Filter problem open notepad and copy this next part
> > > > into it making REGEDIT4 the top line in notepad:
> > > >
> > > > REGEDIT4
> > > >
> > > > [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
> > > > @="WebView MIME Filter"
> > > > "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
> > > >
> > > > Goto file on the top bar and choose Save As, name it fix.reg and on the save
> > > > as type area change it to All Files then save it to your desktop. Double
> > > > click fix.reg and allow it to be merged into the registry,
> > > >
> > > > For the ANTIAK.SYS file this is maybe connected to a commercial
> > > > Anti-keylogging program which installed as a trial version and left some
> > > > files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
> > > > they have now doesnt create that file so I cannot be sure) Its unlikely to be
> > > > a Virus/Trojan file as there would be some record of it on security sites,
> > > > The fix tool you post a link to seems clean when scanned at AV sites but it
> > > > does make a registry change in this area:
> > > >
> > > > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
> > > >
> > > > I cannot say how well it works as I don't have the ANTIAK.SYS file to test
> > > > with but noticed it was used over at SpywareInfo without any obvious
> > > > negative results so will leave that for you to decide .
> > > >
> > > > I think you may be able to remove this using F-Secures beta blacklight by
> > > > renaming 2 files if they are found then reboot and delete the files as they
> > > > will then appear because they have been renamed to a .ren extention.
> > > >
> > > > Download Blacklight beta
> > > >
> > > > http://www.f-secure.com/blacklight/try.shtml
> > > >
> > > > Run the program, accept statement > click next then scan
> > > >
> > > > If these files are detected have blacklite rename them
> > > >
> > > > C:\Windows\DFSLKI5A.O9U
> > > >
> > > > C:\Windows\SYSTEM32\ANTIAK.SYS
> > > >
> > > > Do not rename "wbemtest.exe" as its a windows file. If there are any other
> > > > files you THINK may be valid don't rename them for now as Blacklight will
> > > > create a log that can be post back if needed called fsbl-<date/time>.log
> > > > .The tool will ask you to reboot, choose yes.
> > > >
> > > > When the system reboot's check for these files and delete them:
> > > >
> > > > C:\Windows\DFSLKI5A.O9U.ren
> > > >
> > > > C:\Windows\SYSTEM32\ANTIAK.SYS.ren
> > > >
> > > > If you cannot delete them reboot into safe mode then remove the files
> > > > (Reboot and keep tapping F8 then choose safe mode from the list)
> > > >
> > > > Let us know if you have any problems
> > > >
> > > > Regards
> > > >
> > > > Andy
> > > >