1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Can't ID virus / no internet / kills Malwarebytes / HJT posted

Discussion in 'Virus & Other Malware Removal' started by dyb, Oct 2, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    Your help is apprciated.

    I have a Dell Latitude C-840 running Win XP SP-2. Whatever has infected the machine has shut down internet access via IE or Firefox. Preinstalled Comodo Firewall and Anti Virus will not run scan. I downloaded and ran from a thumb drive the following: Malwarebytes Anti-Malware; Super Antispyware and Dr Web Cure It. Super Antisw nor Dr Web found anything; however, Malwarebytes stops responding at the point an infection is found. In windows task manager - processes, DRWTSN32.EXE & dwwin.exe are running in many multiples - see HJT log.

    Again, your help is appreciated.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:18:43 PM, on 10/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\COMODO\Firewall\cfpupdat.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://www.afjrotc.net/Dashboard/msddsc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144017426552
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...ce/&filename=jinstall-6u7-windows-i586-jc.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    --
    End of file - 11970 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
     
  3. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    okay. be back shortly.
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  5. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    First off; thanks for responding and for your time helping others on this forum.

    I have run ATF Cleaner as well as Mbam (in safe mode) and have posted the Mbabm and hijackthis logs below.

    In the time since the original post, I have run AntiSpywareBot and seem to be infected with at least Kolabc (W32.Spybot.Worm - Symantec) and Obfuscated trojan. I have yet to disinfect the machine through the software (will do on your instruction) so don't have any sort of log for you to view.

    I have disabled Dr Watson as it would flood the machine when counteractive measures were attempted. The machine has internet access only through safe mode but is still not able to perform certain functions such as on line scans through Kaspersky or Trend, etc. For the most part, I keep the wireless radio disabled to limit any unwanted transmission and have another machine (not infected) that I am able to download apps to and then transfer to infected machine via thumb drive.

    Here are the logs and thanks again. dyb

    Mbam

    Malwarebytes' Anti-Malware 1.27
    Database version: 1203
    Windows 5.1.2600 Service Pack 2
    10/5/2008 3:21:12 PM
    mbam-log-2008-10-05 (15-21-12).txt
    Scan type: Quick Scan
    Objects scanned: 46354
    Time elapsed: 5 minute(s), 5 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 3
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 15
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Program Files\AntispywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Program Files\AntispywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Program Files\AntispywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\Program Files\AntiSpywareBot (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\colond\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Documents and Settings\colond\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Documents and Settings\colond\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Program Files\AntiSpywareBot\AntiSpywareBot.url (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareBot\DataBase.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareBot\license.rtf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Program Files\AntiSpywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Program Files\AntiSpywareBot\unins000.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareBot\unins000.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntiSpywareBot on the Web.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntiSpywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\Uninstall AntiSpywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\colond\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\colond\Application Data\AntispywareBot\Log\2008 Oct 05 - 12_39_22 PM_185.log (Rogue.AntiSpywareBot) -> Delete on reboot.
    C:\Documents and Settings\colond\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.



    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:25:41 PM, on 10/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://www.afjrotc.net/Dashboard/msddsc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144017426552
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    --
    End of file - 6189 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    AntiSpywareBot is a rogue program.

    Can you get the machine into Normal mode?
     
  7. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    Yes.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Post a new log in normal mode after you fix that one.

    Tell me what types of problems you are having also.
     
  9. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    Done; the log is below.

    Regarding other problems; following is a list of known problems so far:

    At startup

    CAVASM.EXE - Application Error
    The instruction at "0x000000000" referenced memory at "0x000000000", the memory could not be "read". Click Ok to terminate the program.

    At startup and trying to open certain email

    SVSHOST.EXE - Application Error
    The instruction at "0x57d8f698" referenced memory at "0x000000000", the memory could not be "written". Click Ok to terminate the program.

    When trying to open Firefox

    FIREFOX.EXE - Bad Image
    The application of dll C:\program files\mozilla fire fox\js3250.dll is not a valid windows image. Please check this against your install diskette.

    Misc

    I cannot cofirm right now as I have the machine at work but don't an internet connection, but I suspect that IE is still not able to connect. I can open the program but it stalls on "Connecting".

    Unable to run any online scans - Java does not work.

    Thanks, dyb


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:42:30 PM, on 10/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://www.afjrotc.net/Dashboard/msddsc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144017426552
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    --
    End of file - 6761 bytes
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please go to add/remove programs and remove it.

    I would also suggest you remove FireFox and delete all folders associated with it after backing up your bookmarks if you want to keep them.

    Restart the machine.
    Resinstall FF and see if it works after that.
     
  11. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    AntiSpywareBot is removed and FF reinstalled.

    FF now opens; will have to wait until home to see if I have connectivity.

    Next steps?
     
  12. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    Have connectivity through FF.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Try in Safe Mode with Networking to see if it works.
     
  14. dyb

    dyb Thread Starter

    Joined:
    Oct 2, 2008
    Messages:
    13
    I have connectivity through IE and FF in safe mode. In normal mode only FF (reinstalled) works. I have the machine at work now so no connectivity regardless. I can download apps and transfer via thumbdrive. Still many svchost.exe - Application Errors as well.
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/755506

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice