this pc was stored away because of problems.

Hi,

You have a few things that need to be removed. Crawler Toolbar, if you don't use or need this than uninstall it via Add Remove Programs in the Control Panel.


Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

:Services

:Reg

:Files



:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
ok, something triggered zone alarm to repetedly ask to configure network. i ok it and it it pops up asking same. removing crawler asked to reboot and i clicked ok but the screen saver uninstall froze.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Documents and Settings\Patty\My Documents\Mіcrosoft.NET folder moved successfully.
C:\Documents and Settings\Patty\My Documents\Міcrosoft.NET folder moved successfully.
C:\Documents and Settings\Patty\My Documents\ѕymbols folder moved successfully.
C:\Documents and Settings\Patty\My Documents\Τasks folder moved successfully.
C:\Documents and Settings\Patty\My Documents\WіnSxS folder moved successfully.
C:\Documents and Settings\Patty\Application Data\Οracle folder moved successfully.
C:\Documents and Settings\Patty\Application Data\ѕеcurity folder moved successfully.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59717501 bytes
->Flash cache emptied: 871 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2054616 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes

User: MATT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 7442831 bytes
->Flash cache emptied: 3673 bytes

User: MATT.D1FTPKB1

User: NetworkService
->Temp folder emptied: 1987480 bytes
->Temporary Internet Files folder emptied: 582082 bytes

User: Patty
->Temp folder emptied: 6226904 bytes
->Temporary Internet Files folder emptied: 10043143 bytes
->Java cache emptied: 150796098 bytes
->FireFox cache emptied: 82873595 bytes
->Flash cache emptied: 1477835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22613448 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12966422 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4506256 bytes

Total Files Cleaned = 347.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_151800

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF1F0A.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF1F6E.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2114.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2124.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2234.tmp not found!
File\Folder C:\Documents and Settings\Patty\Local Settings\Temp\~DF2244.tmp not found!
C:\Documents and Settings\Patty\Local Settings\Temp\~DF6D16.tmp moved successfully.
C:\Documents and Settings\Patty\Local Settings\Temporary Internet Files\Content.IE5\LFYP4LWE\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.
C:\Documents and Settings\Patty\Local Settings\Temporary Internet Files\Content.IE5\9L0IU10R\showthread[6].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT00328.TMP not found!

Registry entries deleted on Reboot...
 
ok. it did every start up before. but would go away. its the new network found box. "zone alarm has found a new connectoin between your computer and the internet or another computer" option 1) please selecta security level for this network. [x]keep in internet zone:for use with public or questionable access points
[]allow into trusted zone: for trusted, secure locations only

2) name this network (optional)

[x]automaticlly configure this network if i add it to the trusted zone

the [x] are what i used before when it would go away

(ive tried other tik options)

the ip its showing 192.168.1.0 is not the correct ip (192.168.1.1)
type: private wireless network detected.

if i cancel it a second smaller popup

zona alarm security alert
za has detected a new wireless network with ip (192.168.1.0/255.255.255.0) and added it to the internet zone.
name this network (optional)
name:______

to share files and assets with this network, assign it to the trustedzone.
zone______

any choices here, just brings up first box. i am useing a neighbors router to access internet. netgear.
 
This is what I would do. This forum is for malware removal only and your clean now so you need to post in one of these other forums for help with Zone Alarm and or your network issue.

Like Safer these forums are free but you will have to register
http://forums.zonealarm.com/index.php
http://forums.whatthetech.com/index.php?showforum=128


When you get that straightened out you can post in WTTs windows forum and they can help you sort through your start ups and weed out unwanted programs
http://forums.whatthetech.com/index.php?showforum=119


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups





Safe Surfn
Ken



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • WinPatrol Keep this fine program activated to block a lot of threats
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
I am sure its ok but we can check it
http://answers.yahoo.com/question/index?qid=20071218201954AAh3KWz



You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\WINDOWS\system32\WhoisCL.exe

If the site is busy you can try this one
http://virusscan.jotti.org/en
 
Great :bigthumb:

You had many infections on this system, got to watch those kids , they all think there infallible.


Take Care,
Ken :)
 
You must log in or register to reply here.
Back
Top