Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intrusion Attack attmep alerts, notified by norton

Started by dantheman718 , Feb 08 2011 12:00 PM

  • This topic is locked This topic is locked

#31
dantheman718
Posted 11 February 2011 - 10:34 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hey Mailprog, the AVP scan just completed here is the report copied and pasted below:

Autoscan: completed 1 minute ago (events: 8, objects: 263357, time: 01:51:16)
11.02.2011 09:42:46 Task started
11.02.2011 11:34:05 Task completed
11.02.2011 11:19:48 Detected Virus HEUR:Trojan-Downloader.Win32.Generic High Probably C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004443.exe/data0002/host32c.exe
11.02.2011 11:19:40 Detected Virus HEUR:Trojan-Downloader.Win32.Generic High Probably C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004499.exe/data0002/host32c.exe
11.02.2011 11:18:03 Detected Trojans Trojan-Downloader.NSIS.Agent.cm High Exact C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004443.exe/data0002/wclean.exe/data0001
11.02.2011 11:18:02 Detected Trojans Trojan-Downloader.NSIS.Agent.cm High Exact C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004499.exe/data0002/wclean.exe/data0001
11.02.2011 11:19:48 Deleted Virus HEUR:Trojan-Downloader.Win32.Generic High Probably C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004443.exe
11.02.2011 11:19:40 Deleted Virus HEUR:Trojan-Downloader.Win32.Generic High Probably C:\System Volume Information\_restore{47179A68-FB4B-4628-9F9E-B5911960328D}\RP6\A0004499.exe
  • 0

Advertisements

#32
dantheman718
Posted 11 February 2011 - 10:38 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I did read them 1 time, but it would be wise to read them twice, because the first time I tend to overlook things. No offense, I'm just a little slow minded you know? Like when I writes stuff, i have to re-read what I wrote to catch the mistakes I made. I suppose reading instructions goes the same way, it's always better to re-read them at least a second time so you're clear on what's going on. Again nothing personal to you , this is my fault, i'm just saying, well I usually scan stuff over the first time i read it. But i should pay more attention to detail. :D :D

Dan
  • 0

#33
dantheman718
Posted 11 February 2011 - 10:40 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
by the way mailprog, should i close the avp tool b4 I go to step 3? it says if i close it it will uninstall. But do i still need it right now? i already ran the scan? and I suppose i will have to close it at somepoint. Should i cloes it now b4 i dot the second otl scan or leave it open?
  • 0

#34
dantheman718
Posted 11 February 2011 - 11:40 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hello Mailprog. Here is the log of the second OTL Scan I ran Afer running the AVP tool.

OTL logfile created on: 11.02.2011 12:36:56 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd.MM.yyyy

1 022,00 Mb Total Physical Memory | 433,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,31 Gb Total Space | 14,05 Gb Free Space | 9,74% Space Free | Partition Type: NTFS
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
PRC - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.25 15:48:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.08.22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009.08.19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.19 11:00:44 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005.03.22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2002.03.19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
MOD - [2009.07.19 10:59:05 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010.12.16 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110210.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.12.16 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110210.020\NAVENG.SYS -- (NAVENG)
DRV - [2010.11.08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110210.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010.05.26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\75735452.sys -- (75735452)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\7573545.sys -- (setup_9.0.0.722_11.02.2011_16-11drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\75735451.sys -- (75735451)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 08:08:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.22 03:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009.08.22 03:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009.08.22 03:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009.08.22 03:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 03:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.22 03:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009.08.22 03:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009.08.22 03:14:09 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009.08.22 03:14:09 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009.08.22 03:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009.08.22 03:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008.04.14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.11.16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80415
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.22 19:54:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.09 14:45:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.10 15:23:56 | 000,000,000 | ---D | M]

[2009.09.22 18:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Extensions
[2011.02.11 11:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\extensions
[2010.10.02 07:46:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.11.17 12:33:41 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\moksel77.default\searchplugins\mywebsearch.xml
[2011.02.11 11:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.10 15:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.04.22 19:54:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011.02.11 09:28:58 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010.11.10 17:31:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.02.10 15:23:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.10 17:31:16 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.02.10 15:23:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011.02.05 12:08:05 | 000,000,778 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 93.158.110.139 http://static.ak.fbcdn.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] File not found
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\setup_9.0.0.722_11.02.2011_16-11.lnk = C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Virus Removal Tool\setup_9.0.0.722_11.02.2011_16-11\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.20 18:33:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.11 09:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.02.11 09:40:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7573545.sys
[2011.02.11 09:40:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\75735451.sys
[2011.02.11 09:40:04 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\75735452.sys
[2011.02.11 09:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Virus Removal Tool
[2011.02.11 09:19:28 | 091,400,016 | ---- | C] ( ) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\setup_9.0.0.722_11.02.2011_16-11.exe
[2011.02.10 17:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\.purple
[2011.02.10 15:28:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.10 15:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.02.10 15:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011.02.10 15:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011.02.09 18:06:07 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
[2011.02.05 11:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Malwarebytes
[2011.02.05 11:43:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.05 11:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.05 11:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011.02.05 11:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.05 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.29 11:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\gtk-2.0
[2011.01.16 17:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\My Documents\My Scans

========== Files - Modified Within 30 Days ==========

[2011.02.11 12:32:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-776561741-842925246-1003UA.job
[2011.02.11 12:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.02.11 11:55:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.11 11:18:37 | 000,000,202 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_11.02.2011_16-11drv.spi
[2011.02.11 09:41:49 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\setup_9.0.0.722_11.02.2011_16-11.lnk
[2011.02.11 09:27:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.11 09:27:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.11 09:27:28 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.11 09:19:32 | 091,400,016 | ---- | M] ( ) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\setup_9.0.0.722_11.02.2011_16-11.exe
[2011.02.11 03:06:09 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.10 17:32:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-776561741-842925246-1003Core.job
[2011.02.10 16:01:21 | 001,246,857 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\tdsskiller.zip
[2011.02.10 13:45:25 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\JavaRa.zip
[2011.02.10 03:08:25 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\TDSSKiller.exe
[2011.02.09 18:19:46 | 000,296,448 | ---- | M] () -- C:\lgo724ko.exe
[2011.02.09 18:06:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.scr
[2011.02.08 19:51:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.08 18:33:51 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Google Chrome.lnk
[2011.02.08 18:33:51 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.02.06 02:49:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2011.02.05 19:35:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.02.05 14:01:20 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\.recently-used.xbel
[2011.02.05 11:43:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.04 12:35:17 | 000,012,288 | ---- | M] () -- C:\coverletter.doc

========== Files Created - No Company Name ==========

[2011.02.11 11:18:37 | 000,000,202 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_11.02.2011_16-11drv.spi
[2011.02.11 09:41:49 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Start Menu\Programs\Startup\setup_9.0.0.722_11.02.2011_16-11.lnk
[2011.02.10 16:01:20 | 001,246,857 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\tdsskiller.zip
[2011.02.10 13:45:23 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\JavaRa.zip
[2011.02.09 18:19:45 | 000,296,448 | ---- | C] () -- C:\lgo724ko.exe
[2011.02.05 14:01:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\.recently-used.xbel
[2011.02.05 11:43:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.04 12:32:36 | 000,012,288 | ---- | C] () -- C:\coverletter.doc
[2010.08.24 21:40:59 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2009.09.26 16:45:51 | 000,005,148 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009.09.22 18:17:17 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.22 18:10:49 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.22 18:10:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.22 18:10:46 | 002,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.09.22 18:10:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.22 18:10:45 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.22 18:10:45 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.22 18:10:43 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.22 12:48:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.20 18:44:01 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.07.19 11:11:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2009.09.26 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2009.09.26 01:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM Toolbar
[2010.08.24 21:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALLPlayer
[2010.05.29 06:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WorldWinner
[2010.10.24 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.23 08:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2011.02.11 11:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\.purple
[2009.09.26 01:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\acccore
[2010.02.21 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Blackberry Desktop
[2010.03.21 01:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Blitware
[2009.09.22 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Foxit
[2009.11.22 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\GameRanger
[2009.09.22 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\GetRightToGo
[2011.02.05 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\gtk-2.0
[2009.11.22 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\InterTrust
[2010.12.06 01:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\OpenOffice.org
[2010.12.19 02:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Orbit
[2009.12.07 17:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Qualcomm
[2010.02.22 10:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Research In Motion
[2010.11.15 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Search Settings
[2011.02.10 10:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\uTorrent
[2010.06.17 03:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\YouTube Downloader
[2011.02.06 02:49:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2011.02.11 12:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

#35
maliprog
Posted 11 February 2011 - 11:58 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can close AVP and uninstall it. Before we continue....how is your system now?
  • 0

#36
dantheman718
Posted 11 February 2011 - 12:04 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
It's pretty good, haven't had any problems. Yet. Am I safe now? Is the process complete? If anything arises in the future I will come back and let you know. But if we are done here I owe you a great debt of grattitude. If you ever need me for anything let me know.

Dan :D :D
  • 0

#37
maliprog
Posted 11 February 2011 - 12:23 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK! Good to hear that :D ! Please use your PC normally now and tomorrow I will post you final instruction and let you go :D. So please stay with me one more day.
  • 0

#38
dantheman718
Posted 11 February 2011 - 12:48 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Ok thanks Mail prog, and since you helped me I will help you buy your cup of coffee. IT will just take me a bit of time to get add funds to my paypal acct.. do you take paypal?

i will buy a money pak so i can send funds today..


Thanks again brother.

Fight the power!!lol

i mean fight the hackers..

you are like the priest of computers, evicting all evil spirts and chasing bad demons off people's pcs. I like that.

Dan :D
  • 0

#39
dantheman718
Posted 11 February 2011 - 12:54 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
i see u take alert pay. no problem i have an acct with them.. with love (not in a gay way ,)



Dan
  • 0

#40
dantheman718
Posted 11 February 2011 - 01:07 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Gosh darn, alert pay takes 3-5 days to add funds with ur bank acct. is there a quicker way? with paypal you can buy a moneypak and add funds. :D
  • 0

Advertisements

#41
maliprog
Posted 11 February 2011 - 01:36 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes there is. Click on my link below and just write your credit card information (left side) and you will make donation instantly. Don't need to login (right side) and you don't need to open account :D.
  • 0

#42
dantheman718
Posted 11 February 2011 - 10:17 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
you mean click on that link that says fight malware? i clicked on it but i dont see antying about donating on the side
all it says is links to other pagest and some other stuff. I think it talks about the UNITE program. is that the page you're talking about?
  • 0

#43
maliprog
Posted 12 February 2011 - 01:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi dantheman718,

OK. We sort this donation over PM. Your system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#44
dantheman718
Posted 12 February 2011 - 03:15 AM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hey Mailprog, I am not infront of the computer we were working on right now, but as soon as I get on it I will continue with your final instructions.

Thanks,
Dan
  • 0

#45
dantheman718
Posted 12 February 2011 - 09:34 PM

dantheman718

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hey Mailprog here is the log from the OTL scan you told me to run in your previous post. By the way I just wanted to mention, I noticed that my computer loads up allot faster when I reboot it now then it did before. Before after the initial Windows screen came up there would be a long, long pause before the mouse cursor actually appeared and the programs where available to use. It almsot seemed like my computer would freeze during start up, but it just took a really long time to load, now it loads pretty quick. Hardly any wait at all. So whatever you helped me do, I think it did have a positive effect on my computer. Anyway here is the log of the OTL scan from step 1 in your last post. The notepad file is titled 02122011_221625.log and the body is pasted here as follows:

->Flash cache emptied: 0 bytes

User: OWNER~1~ANO

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02122011_221625

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\WJD0LCZM\search[1].htm moved successfully.
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\TP33V2P4\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\OAMO9O8P\like[1].htm moved successfully.
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\OAMO9O8P\search[1].htm moved successfully.
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\6Y2MN71Y\page__st__30[1].htm moved successfully.
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\1H3SU080\search[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\JET1B65.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_160.dat moved successfully.

Registry entries deleted on Reboot...


:D

I will now proceed to step 2 and report the results. Thank you so far though, Mailprog, you have been really helpful and really easy to work with.

Dan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP