Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post bitcoin miner infected on my PC
Go to first new post Ransomware encrypted my files. All files ...
Go to first new post After virus: CMD loads before desktop
Go to first new post YellowMoxie Redirect
Go to first new post Firefox -> google -> url hijack
Go to first new post Browser & other programs running slo ...
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post Not sure if my computer is infected
Go to first new post Laptop is acting weird
Go to first new post How many free anti-virus programs are ne ...
Go to first new post Fubar virus?
Go to first new post Windows Vista Home
Go to first new post Trojan virus
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Unwanted audio in my PC


(!)

Reply
Page 1 of 2 1 2
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
31-Oct-2008, 06:58 AM #1
Unwanted audio in my PC
I have audio coming through my computer than includes interviews, commercials, and other various weird sounds:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:12 AM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\macidwe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\noytcyr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\WServing.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\sohrab\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .BMP: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyrivercommunications.com
O17 - HKLM\Software\..\Telephony: DomainName = skyrivercommunications.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyrivercommunications.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AFinding - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: afisicx Manages messages (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdxdowkc - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: WServing - Unknown owner - C:\WINDOWS\system32\WServing.exe
O23 - Service: wsldoekd Event propagation service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 49,378 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
31-Oct-2008, 10:24 AM #2
You're using a very old version(1.99.1) of HijackThis. Get rid of it and then install the current version(2.0.2) from here. Post a new log with the new version.

----------------------------------------------------------------

Open Internet Explorer, click Tools - Internet Options - General(tab), then delete all cookies and temporary internet files.

Go to Privacy(tab), click Advanced(button), then select "Override automatic cookie handling", accept first-party cookies, block third-party cookies, "Allow session cookies". Click Apply - OK afterwards.

----------------------------------------------------------------

The O23 services list is showing several suspicious entries. Click the "Report" link in the lower right and then request your thread be moved to the malware/hijackthis section.

----------------------------------------------------------------
Last edited by flavallee; 31-Oct-2008 at 10:34 AM..
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
31-Oct-2008, 12:11 PM #3
Logfile of Trend Micro HijackThis v2.0.2
Thank you,

I did what you recomended and this is the new logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:27 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\macidwe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\noytcyr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\WServing.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .BMP: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyrivercommunications.com
O17 - HKLM\Software\..\Telephony: DomainName = skyrivercommunications.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyrivercommunications.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFinding - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: afisicx Manages messages (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdxdowkc - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: WServing - Unknown owner - C:\WINDOWS\system32\WServing.exe
O23 - Service: wsldoekd Event propagation service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
--
End of file - 8270 bytes
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 49,378 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
31-Oct-2008, 05:15 PM #4
Sohrab:

Thanks for posting an updated log.

I've sent a request to have this thread moved to the "malware/hijackthis" section.

I'm not a log expert in this area.

----------------------------------------------------------------
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
31-Oct-2008, 06:09 PM #5
This looks like a business machine.

Skyriver Communication’s is an internet provider.

You should let your IT department take care of this.
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
01-Nov-2008, 03:13 AM #6
it is private
It is a private machin, but years ago when I work for Skyriver I had Thier Soft ware on my Computer.
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
01-Nov-2008, 04:33 PM #7
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
02-Nov-2008, 10:30 AM #8
scan result
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 02, 2008 07:40:08
Records in database: 1367023
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 62708
Threat name: 29
Infected objects: 56
Suspicious objects: 0
Duration of the scan: 02:06:35

File name / Threat name / Threats count
AFinding.exe\AFinding.exe/AFinding.exe\AFinding.exe Infected: Trojan-Downloader.Win32.Delf.lwl 1
C:\WINDOWS\system32\AFinding.exe/C:\WINDOWS\system32\AFinding.exe Infected: Trojan-Downloader.Win32.Delf.lwl 1
C:\WINDOWS\system32\afisicx.exe/C:\WINDOWS\system32\afisicx.exe Infected: Trojan.Win32.Agent.abdf 1
C:\WINDOWS\system32\macidwe.exe/C:\WINDOWS\system32\macidwe.exe Infected: Trojan.Win32.Agent.zem 1
C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan.Win32.Agent.yxr 1
C:\WINDOWS\system32\noxtcyr.exe/C:\WINDOWS\system32\noxtcyr.exe Infected: Trojan.Win32.Agent.abav 1
noytcyr.exe\noytcyr.exe/noytcyr.exe\noytcyr.exe Infected: Trojan.Win32.Agent.acnd 1
C:\WINDOWS\system32\noytcyr.exe/C:\WINDOWS\system32\noytcyr.exe Infected: Trojan.Win32.Agent.acnd 1
C:\WINDOWS\system32\perfs.exe/C:\WINDOWS\system32\perfs.exe Infected: Trojan-Downloader.Win32.Delf.lmu 1
routing.exe\routing.exe/routing.exe\routing.exe Infected: Trojan.Win32.Agent.yrj 1
C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1
C:\WINDOWS\system32\roxtctm.exe/C:\WINDOWS\system32\roxtctm.exe Infected: Trojan.Win32.Agent.abys 1
roytctm.exe\roytctm.exe/roytctm.exe\roytctm.exe Infected: Trojan.Win32.Agent.acne 1
C:\WINDOWS\system32\roytctm.exe/C:\WINDOWS\system32\roytctm.exe Infected: Trojan.Win32.Agent.acne 1
C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan.Win32.Agent.zbc 1
C:\WINDOWS\system32\sotpeca.exe/C:\WINDOWS\system32\sotpeca.exe Infected: Trojan.Win32.Agent.adfl 1
C:\WINDOWS\system32\tdxdowkc.exe/C:\WINDOWS\system32\tdxdowkc.exe Infected: Trojan.Win32.Agent.zen 1
tdydowkc.exe\tdydowkc.exe/tdydowkc.exe\tdydowkc.exe Infected: Trojan.Win32.Agent.acni 1
C:\WINDOWS\system32\tdydowkc.exe/C:\WINDOWS\system32\tdydowkc.exe Infected: Trojan.Win32.Agent.acni 1
WServing.exe\WServing.exe/WServing.exe\WServing.exe Infected: Trojan-Downloader.Win32.Delf.lwl 1
C:\WINDOWS\system32\WServing.exe/C:\WINDOWS\system32\WServing.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1
C:\WINDOWS\system32\wsldoekd.exe/C:\WINDOWS\system32\wsldoekd.exe Infected: Trojan.Win32.Agent.abay 1
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\URK54DT0\no[1].bin Infected: Trojan.Win32.Agent.yxr 1
C:\WINDOWS\system32\AFinding.exe Infected: Trojan-Downloader.Win32.Delf.lwl 1
C:\WINDOWS\system32\afisicx.exe Infected: Trojan.Win32.Agent.abdf 1
C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.bmu 1
C:\WINDOWS\system32\fduvfct.sys Infected: Trojan-Clicker.Win32.VB.btt 1
C:\WINDOWS\system32\macidwe.exe Infected: Trojan.Win32.Agent.zem 1
C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan.Win32.Agent.yxr 1
C:\WINDOWS\system32\noxtcyr.exe Infected: Trojan.Win32.Agent.abav 1
C:\WINDOWS\system32\noytcyr.exe Infected: Trojan.Win32.Agent.acnd 1
C:\WINDOWS\system32\oduxftw.sys Infected: Trojan-Clicker.Win32.VB.buu 1
C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev 1
C:\WINDOWS\system32\perfs.exe Infected: Trojan-Downloader.Win32.Delf.lmu 1
C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1
C:\WINDOWS\system32\roxtctm.exe Infected: Trojan.Win32.Agent.abys 1
C:\WINDOWS\system32\roytctm.exe Infected: Trojan.Win32.Agent.acne 1
C:\WINDOWS\system32\sobicyt.exe Infected: Trojan.Win32.Agent.zbc 1
C:\WINDOWS\system32\sotpeca.exe Infected: Trojan.Win32.Agent.adfl 1
C:\WINDOWS\system32\tdxdowkc.exe Infected: Trojan.Win32.Agent.zen 1
C:\WINDOWS\system32\tdydowkc.exe Infected: Trojan.Win32.Agent.acni 1
C:\WINDOWS\system32\tmp0_254332384051.bk.old Infected: Trojan.Win32.DNSChanger.ipe 1
C:\WINDOWS\system32\tmp0_323666460364.bk.old Infected: Trojan-Downloader.Win32.Delf.obj 1
C:\WINDOWS\system32\tmp0_485796469254.bk.old Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\tmp0_501176706123.bk.old Infected: Trojan-Downloader.Win32.Delf.obj 1
C:\WINDOWS\system32\tmp0_698869722893.bk.old Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\tmp0_740244122237.bk.old Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\tmp0_838601134601.bk.old Infected: Trojan-Downloader.Win32.Delf.nzm 1
C:\WINDOWS\system32\tmp0_856405466243.bk.old Infected: Trojan.Win32.DNSChanger.gyk 1
C:\WINDOWS\system32\tmpxr_52232601921.bk Infected: Trojan.Win32.Agent.afzn 1
C:\WINDOWS\system32\udxfytw.sys Infected: Trojan.Win32.Agent.akyy 1
C:\WINDOWS\system32\WServing.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1
C:\WINDOWS\system32\wsldoekd.exe Infected: Trojan.Win32.Agent.abay 1
C:\WINDOWS\system32\xdufytw.sys Infected: Trojan-Clicker.Win32.VB.byk 1
C:\WINDOWS\Temp\TMP0000000166246E5F3D529340 Infected: Trojan.Win32.Small.ev 1
C:\WINDOWS\x8e91e2450.tmp Infected: not-a-virus:FraudTool.Win32.InfeStopRemover.h 1
The selected area was scanned.
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2008, 11:17 AM #9
Download SDFix and save it to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a new HijackThis log.
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
02-Nov-2008, 01:49 PM #10
I have ClamWin antivirus and Advanced WindosCare and I do not know how disable them.

I did not understand the last piont:
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a new HijackThis log.
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2008, 02:19 PM #11
In safe mode those programs should not be running.

After you run SDFix there will be a file Report.txt that you need to copy the contents of and paste it back here.
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
02-Nov-2008, 03:15 PM #12
My password does not work for safe mode. Probebly there is diffrerent password than my usual and I do not kow what it is.
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2008, 03:18 PM #13
Try to log on as administrator, no password.
Sohrab's Avatar
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Oct 2008
03-Nov-2008, 02:27 AM #14
SDFix: Version 1.238
Run by Administrator on Mon 11/03/2008 at 08:05 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
afinding
macidwe
nobicyt
routing
sobicyt
tdxdowkc
wserving
Path :
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\WServing.exe
afinding - Deleted
macidwe - Deleted
nobicyt - Deleted
routing - Deleted
sobicyt - Deleted
tdxdowkc - Deleted
wserving - Deleted

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\AFinding.exe - Deleted
C:\WINDOWS\system32\atsxyzd.sys - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\macidwe.exe - Deleted
C:\WINDOWS\system32\Nobicyt.exe - Deleted
C:\WINDOWS\system32\perfs.exe - Deleted
C:\WINDOWS\system32\routing.exe - Deleted
C:\WINDOWS\system32\sobicyt.exe - Deleted
C:\WINDOWS\system32\tdxdowkc.exe - Deleted
C:\WINDOWS\system32\WServing.exe - Deleted


Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 08:13:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Key s\000a94021c13]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00 0a94021c13]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Program Files\\AP Manager Utility\\APB01.exe"="C:\\Program Files\\AP Manager Utility\\APB01.exe:*:Enabled:APB01"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 20 Dec 2005 1,306,112 A..H. --- "C:\WINDOWS\x8e91e2450.tmp"
Sun 4 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 28 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 25 Sep 2006 43,008 ...H. --- "C:\Documents and Settings\sohrab\Desktop\sohrab\~WRL0003.tmp"
Tue 26 Sep 2006 44,544 ...H. --- "C:\Documents and Settings\sohrab\Desktop\sohrab\~WRL0124.tmp"
Mon 25 Sep 2006 43,008 ...H. --- "C:\Documents and Settings\sohrab\Desktop\sohrab\~WRL2148.tmp"
Mon 25 Sep 2006 43,008 ...H. --- "C:\Documents and Settings\sohrab\Desktop\sohrab\~WRL2906.tmp"
Tue 26 Sep 2006 45,056 ...H. --- "C:\Documents and Settings\sohrab\Desktop\sohrab\~WRL3924.tmp"
Thu 26 Jan 2006 491,008 ...H. --- "C:\Documents and Settings\sohrab\Application Data\Microsoft\Word\~WRL2352.tmp"
Finished!
cybertech's Avatar
Moderator with 69,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2008, 12:26 PM #15
Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from [urpts.tp://www.malwarebytes.org/mbam/database/mbam-rules.exe]here[/url] and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply with a new hijackthis log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
  5. Now click the Run Scan button on the toolbar.
  6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  7. When the scan is complete Notepad will open with the report file loaded in it.
  8. Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 03:47 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑