Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intrusion Attack attmep alerts, notified by norton

Started by dantheman718 , Feb 08 2011 12:00 PM

  • This topic is locked This topic is locked

#1
dantheman718
Posted 08 February 2011 - 12:00 PM

dantheman718

    Member

  • Member
  • PipPip
  • 53 posts
Intrusion attack alerts notified by norton mailprog please help! I started recieving these messages by norton anti virus that there were attempted attacks on my comptuer but norton blocked them. I brought this topic up on the Norton community forum, and another member who had the same problem said he came here and got help. He said he got help from someone name Mailprog. I can give more details about what the description of the attack was but i'll wait for a response. Also the user who directed me to this website said that it took several hours to fix the problem and he ended up find a virus called trojan.siggen2.16874. That sounds bad. especially if it's a trojan. I'm wondering if any of my information is being stolen. Mailprog if ur out there i believe you've dealt with this b4, but if anyone else can walk me through this problem, It would be much appreciated. Thanks,

Dan
  • 0

Advertisements

#2
dantheman718
Posted 08 February 2011 - 12:11 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Well so far I heard that this originated from facebook apps, which really blows my mind. I though face book was trust worthy, guess I was wrong. Anyway does anyone know what this malware can do to your computer, or what it is intended to do?

Dan
  • 0

#3
maliprog
Posted 08 February 2011 - 03:25 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello dantheman718 and welcome to G2G! :D

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within three days or your topic will be closed

Usually we don't take threads like this but since you ask me so nicely... :D

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#4
dantheman718
Posted 08 February 2011 - 03:47 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Thanks Mailprog! Unfortunately I am not at home where my computer is so I cannot start this process yet, but I will start the process and follow your instructions when I get home. Thank you for accepting my request for help. I deeply appreciate it.

Sincerley,
Dan O.
  • 0

#5
dantheman718
Posted 09 February 2011 - 05:15 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OK Mailprog, I am just about done with step one. Here is the log of OTL.txt:

OTL logfile created on: 09.02.2011 18:07:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd.MM.yyyy

1 022,00 Mb Total Physical Memory | 446,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,31 Gb Total Space | 5,17 Gb Free Space | 3,58% Space Free | Partition Type: NTFS
Drive D: | 465,65 Gb Total Space | 10,14 Gb Free Space | 2,18% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
PRC - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.10.22 16:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010.10.22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.25 15:48:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.03.10 02:22:04 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009.08.22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009.08.19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.19 11:00:44 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005.03.22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2002.03.19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
MOD - [2009.07.19 10:59:05 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.10.22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010.12.16 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.12.16 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110209.002\NAVENG.SYS -- (NAVENG)
DRV - [2010.11.08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110208.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010.05.26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 08:08:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.22 03:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009.08.22 03:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009.08.22 03:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009.08.22 03:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 03:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.22 03:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009.08.22 03:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009.08.22 03:14:09 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009.08.22 03:14:09 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009.08.22 03:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009.08.22 03:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008.04.14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.11.16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80415
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.22 19:54:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.09 14:45:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.06 17:24:58 | 000,000,000 | ---D | M]

[2009.09.22 18:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Extensions
[2011.02.09 13:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\extensions
[2010.10.02 07:46:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.11.17 12:33:41 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\searchplugins\mywebsearch.xml
[2011.02.09 13:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.22 19:54:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011.02.08 19:52:12 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010.11.10 17:31:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.12.05 20:19:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.10 17:31:16 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF

O1 HOSTS File: ([2011.02.05 12:08:05 | 000,000,778 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 93.158.110.139 http://static.ak.fbcdn.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} http://www.worldwinn...dslamtrivia.cab (GrandSlamTrivia Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.20 18:33:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011.02.09 18:06:07 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
[2011.02.05 11:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Malwarebytes
[2011.02.05 11:43:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.05 11:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.05 11:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011.02.05 11:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.05 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.29 11:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\gtk-2.0
[2011.01.16 17:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\My Documents\My Scans
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
[2011.02.09 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.02.09 17:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.09 17:32:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-776561741-842925246-1003UA.job
[2011.02.09 17:32:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-776561741-842925246-1003Core.job
[2011.02.09 16:55:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.08 19:51:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.08 19:51:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.08 19:50:55 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.08 18:33:51 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Google Chrome.lnk
[2011.02.08 18:33:51 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.02.06 02:49:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2011.02.05 19:35:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.02.05 14:01:20 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\.recently-used.xbel
[2011.02.05 11:43:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.04 12:35:17 | 000,012,288 | ---- | M] () -- C:\coverletter.doc
[2011.02.04 09:47:25 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.05 14:01:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\.recently-used.xbel
[2011.02.05 11:43:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.04 12:32:36 | 000,012,288 | ---- | C] () -- C:\coverletter.doc
[2010.08.24 21:40:59 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2009.09.26 16:45:51 | 000,005,148 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009.09.22 18:17:17 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.22 18:10:49 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.22 18:10:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.22 18:10:46 | 002,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.09.22 18:10:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.22 18:10:45 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.22 18:10:45 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.22 18:10:43 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.22 12:48:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.20 18:44:01 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.07.19 11:11:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2009.09.26 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2009.09.26 01:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM Toolbar
[2010.08.24 21:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALLPlayer
[2010.05.29 06:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WorldWinner
[2010.10.24 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.23 08:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2011.02.09 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\.purple
[2009.09.26 01:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\acccore
[2010.02.21 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Blackberry Desktop
[2010.03.21 01:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Blitware
[2009.09.22 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Foxit
[2009.11.22 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\GameRanger
[2009.09.22 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\GetRightToGo
[2011.02.05 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\gtk-2.0
[2009.11.22 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\InterTrust
[2010.12.06 01:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\OpenOffice.org
[2010.12.19 02:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Orbit
[2009.12.07 17:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Qualcomm
[2010.02.22 10:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Research In Motion
[2010.11.15 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Search Settings
[2011.02.09 18:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\uTorrent
[2010.06.17 03:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\YouTube Downloader
[2011.02.06 02:49:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2011.02.09 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009.09.22 18:53:37 | 074,949,864 | ---- | M] (Symantec Corporation) -- C:\N360S300EN1.exe


< MD5 for: EXPLORER.EXE >
[2009.07.19 11:00:44 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009.07.19 11:02:24 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.19 11:02:45 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#6
dantheman718
Posted 09 February 2011 - 05:16 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Here is the log of Extras.txt:


OTL Extras logfile created on: 09.02.2011 18:07:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd.MM.yyyy

1 022,00 Mb Total Physical Memory | 446,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,31 Gb Total Space | 5,17 Gb Free Space | 3,58% Space Free | Partition Type: NTFS
Drive D: | 465,65 Gb Total Space | 10,14 Gb Free Space | 2,18% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader -- (Orbitdownloader.com)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\downloads\Heroes of Might and Magic III Complete\Heroes3.exe" = C:\downloads\Heroes of Might and Magic III Complete\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III
"C:\Program Files\Digsby\lib\digsby-app.exe" = C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby IM -- (dotSyntax, LLC)
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE" = C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{156E82CB-20F2-46cf-BCEA-40E4F23DC4A3}" = YouTube Downloader Toolbar v4.1
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.13.0.164
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDD4EA-9D68-11D5-8A28-005004D37F93}" = Wolfenstein 3D
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EFD8F730-A09A-4A26-A319-7DE172993485}" = Eudora
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ALLPlayer_is1" = ALLPlayer V4.X
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"Digsby" = Digsby
"ExtractNow_is1" = ExtractNow
"Foxit Reader" = Foxit Reader
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ie8" = Windows Internet Explorer 8
"Kali II" = Kali II
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master of Orion 3" = Master of Orion 3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"N360" = Norton 360
"Pidgin" = Pidgin
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.13 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01.02.2011 00:14:21 | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.22867, fault address 0x00029a4e.

[ System Events ]
Error - 02.02.2011 13:18:34 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 02.02.2011 13:18:34 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = SRTSP | ID = 524292
Description =

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = SRTSP | ID = 524293
Description =

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 04.02.2011 12:14:19 | Computer Name = ANONYMOUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 04.02.2011 12:15:27 | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 06.02.2011 01:58:07 | Computer Name = ANONYMOUS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >
  • 0

#7
dantheman718
Posted 09 February 2011 - 05:43 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hey Mailprog, when I was trying to run Gmer, step 2, my computer foze. I got that blue scree that says windows is shutting down to protect ur computer, begin physical dump of memory.. something like that. I'm pretty sure I followed all of your instructions, shut down all programs ,and dsiasbled norton for 5 hours. But still my computer froze. any idea why? I haven't tried to run the GMer scan again yet. What do you think?

Dan
  • 0

#8
maliprog
Posted 10 February 2011 - 01:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi dantheman718,

Leave GMER for now.

Step 1

IMPORTANT I notice there are signs of P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

I would ask that you uninstall uTorrent.

Here is a good reason to remove them:

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Step 2

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 3

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    FF - prefs.js..extensions.enabledItems: [email protected]:4.1
    FF - prefs.js..extensions.enabledItems: [email protected]:4.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
    O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
    O16 - DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} http://www.worldwinn...dslamtrivia.cab (GrandSlamTrivia Control)
    [2011.02.09 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\.purple

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 4

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#9
dantheman718
Posted 10 February 2011 - 09:43 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hey Mailprog, thanks to for they reply, but the thing about it is my brother owns this computer and he insatlled utorent. I don't agree with that myself, but he might be mad at me if I unistall it without his permission. Is there a safe way to use ustorrent? if not I'll try my best to expelain to him why its bad. I had a feeling all along that it was a bad program. AndI don't endorse software piracy.

Dan
  • 0

#10
dantheman718
Posted 10 February 2011 - 09:44 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
oh yeah Mailprog I forgot to say, I will follow your new instructions and report back to you when u requesed that I do. Ok? thanks man, I appreciate your help.

Dan
  • 0

Advertisements

#11
dantheman718
Posted 10 February 2011 - 09:54 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
hey Mailprog, how do I uninstall U torrent? there are no options to uninstall it. I am doing a basic websearch to try to figure out how to uninstall this program.

Dan
  • 0

#12
dantheman718
Posted 10 February 2011 - 09:59 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OK Mailprog, nevermind I think i figured out how to uninstall it. Bascially it says just delete the utorent.exe file where if it is installed. I found it in my program files and I deleted it. thanks,

Dan
  • 0

#13
dantheman718
Posted 10 February 2011 - 10:20 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
It's funny , i went to the Utorrent site and I read through a forum thread, and the guy who created the program, I believe his name was Animorc, was basically saying why would anyone want to uninstall this program? he made it seem like you would have to be retarded to want to uninstall his program. this is the link i read: http://forum.utorren...pic.php?id=1487

Not sure if i completely got rid of utorrent, I deleteed the exe file and the regitstry files from the app folder it's saved in, i also deleted the desktop shortcut manually. That guy who was posting in that forum was right, they should have added an uninstall feature to Utorrent, but I guess they want to keep their conduit to your computer open.
  • 0

#14
maliprog
Posted 10 February 2011 - 12:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi dantheman718,

It's very, very dangerous to remove registry entries. Please leave uTorrent step for now and move to next step.
  • 0

#15
dantheman718
Posted 10 February 2011 - 12:24 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
i already deleted those registries buti'm not sure if those are really registries or not. but i hope i didnt damage my pc.. lol. anyway i'll skip that step for now and follow the next ones. Dan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP