Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blinkx and other Redirects

Started by cezar1234 , Jul 08 2010 05:50 PM

  • This topic is locked This topic is locked

#16
cezar1234
Posted 09 July 2010 - 09:13 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here is the maleware scan.
When i restarted i got a popup.

Should i run it agein?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4298

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2010 7:42:27 PM
mbam-log-2010-07-09 (19-42-27).txt

Scan type: Quick scan
Objects scanned: 121395
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Cezar\Application Data\SystemProc\lsass.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Cezar\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Cezar\Application Data\SystemProc\lsass.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
  • 0

Advertisements

#17
mitch8
Posted 10 July 2010 - 10:34 AM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/07/09 08:46:55 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Cezar\Application Data\SystemProc\lsass.exe (Jznof)
[2010/07/09 08:46:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Cezar\Application Data\SystemProc

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Run another quick scan with Malwarebytes' Anti-Malware and post the log here.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#18
cezar1234
Posted 10 July 2010 - 05:38 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Running a quick scann now and then malwear
All processes killed
========== OTL ==========
Folder C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\RTHDBPL not found.
File C:\Documents and Settings\Cezar\Application Data\SystemProc\lsass.exe not found.
Folder C:\Documents and Settings\Cezar\Application Data\SystemProc\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cezar
->Temp folder emptied: 12752 bytes
->Temporary Internet Files folder emptied: 492380 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 182381575 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9536 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39874092 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 212.00 mb


[EMPTYFLASH]

User: All Users

User: Cezar
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07102010_093855

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AQB79Z8Z\cotv_lr_nt[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AQB79Z8Z\Rediscovering_China_20090615_part_1[1].flv moved successfully.
C:\WINDOWS\temp\fla1E.tmp moved successfully.
C:\WINDOWS\temp\fla1F.tmp moved successfully.
C:\WINDOWS\temp\fla21.tmp moved successfully.
C:\WINDOWS\temp\fla27.tmp moved successfully.
C:\WINDOWS\temp\flaA.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#19
cezar1234
Posted 10 July 2010 - 05:42 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
This is the quick scan from itl doing mal weara now.
OTL logfile created on: 7/10/2010 4:38:20 PM - Run 3
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Cezar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 47.65 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CEZAR-6122A34D3
Current User Name: Cezar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 09:36:15 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:36:14 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:36:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:35:41 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:35:40 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/07 08:02:12 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\steam.exe
PRC - [2010/03/12 10:50:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:49:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
MOD - [2008/04/14 03:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 10:50:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 10:49:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 09:36:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:36:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 10:49:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/24 17:51:43 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/07/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe File not found
O4 - HKCU..\Run: [Steam] c:\program files\valve\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cezar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cezar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 19:33:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/09 19:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\Application Data\Malwarebytes
[2010/07/09 19:36:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 19:36:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 19:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/09 19:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/09 19:24:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/09 08:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/09 03:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 16:55:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
[2010/07/08 07:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 07:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 22:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/23 22:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/17 08:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\Local Settings\Application Data\Identities
[2010/04/11 17:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\My Documents\TurboTax
[2010/04/11 17:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/11 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\Local Settings\Application Data\Intuit
[2010/04/11 16:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\Application Data\Intuit
[2010/04/11 16:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/11 16:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/04/11 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/04/11 16:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit

========== Files - Modified Within 90 Days ==========

[2010/07/10 09:47:53 | 061,821,997 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/10 09:42:00 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/10 09:40:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 09:40:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 09:39:30 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Cezar\NTUSER.DAT
[2010/07/09 19:42:40 | 004,291,676 | -H-- | M] () -- C:\Documents and Settings\Cezar\Local Settings\Application Data\IconCache.db
[2010/07/09 19:36:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 03:31:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 18:05:07 | 000,029,727 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\When the scan completes.docx
[2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
[2010/07/08 16:53:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\646yqpkv.exe
[2010/07/08 10:24:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/08 09:59:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 20:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 14:31:52 | 000,011,581 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\gil.docx
[2010/06/24 14:31:43 | 000,013,123 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Camping List.docx
[2010/06/23 22:55:13 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/20 18:11:54 | 000,024,073 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\Summer Calendar.docx
[2010/06/02 09:36:14 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:36:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/21 14:55:47 | 000,189,692 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\The%2520Corn%2520Tortilla[1][1].docx
[2010/05/17 16:23:24 | 000,046,104 | ---- | M] () -- C:\Documents and Settings\Cezar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/08 16:52:39 | 000,010,491 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\biography.docx
[2010/05/04 19:34:21 | 000,010,324 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Cezar Rossel.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 15:45:51 | 000,076,297 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\The%20Corn%20Tortilla[1].docx
[2010/04/23 11:16:30 | 000,024,402 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Maize work.docx
[2010/04/22 18:29:33 | 000,154,902 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Tortilla 1234.pdf
[2010/04/20 09:18:55 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/17 11:23:16 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Adress labels.doc
[2010/04/17 11:22:38 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\Adress labels.doc
[2010/04/15 21:10:12 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 17:35:04 | 000,146,442 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\2009 Rossel A Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/13 13:59:42 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\U-0087-02_P.doc
[2010/04/12 22:55:17 | 000,014,350 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Origins.docx
[2010/04/12 14:47:47 | 000,057,963 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\Train Save The Date.pdf
[2010/04/12 14:45:52 | 001,107,844 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\The Corn Tortilla Second.pptx
[2010/04/12 14:17:44 | 000,040,082 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\The Corn Tortilla.docx

========== Files Created - No Company Name ==========

[2010/07/09 19:36:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 17:46:02 | 000,029,727 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\When the scan completes.docx
[2010/07/08 16:53:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\646yqpkv.exe
[2010/06/24 14:31:51 | 000,011,581 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\gil.docx
[2010/06/23 22:55:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/23 22:49:26 | 000,013,123 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Camping List.docx
[2010/06/20 18:11:53 | 000,024,073 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\Summer Calendar.docx
[2010/05/20 17:00:48 | 000,189,692 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\The%2520Corn%2520Tortilla[1][1].docx
[2010/05/08 16:52:39 | 000,010,491 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\biography.docx
[2010/05/04 19:34:20 | 000,010,324 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Cezar Rossel.docx
[2010/04/23 10:02:38 | 000,024,402 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Maize work.docx
[2010/04/22 18:29:33 | 000,154,902 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Tortilla 1234.pdf
[2010/04/17 11:23:15 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Adress labels.doc
[2010/04/17 11:22:07 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\Adress labels.doc
[2010/04/14 17:35:04 | 000,146,442 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\2009 Rossel A Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/12 22:55:17 | 000,014,350 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Origins.docx
[2010/04/12 14:47:47 | 000,057,963 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\Train Save The Date.pdf
[2010/04/12 14:12:07 | 001,107,844 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\The Corn Tortilla Second.pptx
[2010/04/11 16:53:11 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/02/24 16:03:55 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/11/24 19:57:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/11/24 20:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/31 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/28 22:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/06 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cezar\Application Data\E-centives

========== Purity Check ==========


< End of report >
  • 0

#20
cezar1234
Posted 10 July 2010 - 05:55 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Malewear reaport
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4298

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2010 4:47:06 PM
mbam-log-2010-07-10 (16-47-06).txt

Scan type: Quick scan
Objects scanned: 121797
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#21
mitch8
Posted 10 July 2010 - 07:45 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Good. :) Now just post the kaspersky log when it is finished.

Also, how is your computer running?
  • 0

#22
cezar1234
Posted 10 July 2010 - 07:54 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It looks like it is running better but i think something still might be on the copmputer. This site is great by the way thanks for all the help. I ran the internet scane you ask me to do and i could not find the report. running it ageain.
  • 0

#23
cezar1234
Posted 10 July 2010 - 09:45 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 10, 2010 20:43:12
Records in database: 4241289
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 42060
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:48:14

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#24
mitch8
Posted 11 July 2010 - 08:41 AM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts

but i think something still might be on the computer


Does your computer have some symptoms for example: redirects, popus, ect? Why do you think your computer is still infected?
  • 0

#25
cezar1234
Posted 11 July 2010 - 08:47 AM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I have gotten two pop ups yeater day and one right know to yellowpages.lycos.com could it just be pop ups or still the trojen? thanks fo the help. i see the scans are cumming up clean.
  • 0

Advertisements

#26
mitch8
Posted 11 July 2010 - 12:01 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Do these pop-ups come from a certain website or does it come from all websites?
  • 0

#27
cezar1234
Posted 11 July 2010 - 12:39 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Not really. For example the last time i was on Geekstogo the popup appered. Not sure if any spacific website is causeing it.
  • 0

#28
mitch8
Posted 11 July 2010 - 02:40 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Do you use a router? If so follow the instructions here. Your routers DNS settings my have been hijacked.
  • 0

#29
cezar1234
Posted 11 July 2010 - 03:52 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I have fios and i use the modem/ router they proied? Same thing?
  • 0

#30
cezar1234
Posted 11 July 2010 - 03:58 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
where would i find the router?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP