Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blinkx and other Redirects

Started by cezar1234 , Jul 08 2010 05:50 PM

  • This topic is locked This topic is locked

#61
cezar1234
Posted 18 July 2010 - 06:15 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL logfile created on: 7/18/2010 5:10:39 PM - Run 6
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Cezar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 51.65 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 488.00 Mb Total Space | 210.77 Mb Free Space | 43.19% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CEZAR-6122A34D3
Current User Name: Cezar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/16 10:41:29 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 10:41:20 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 10:41:19 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 10:41:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 10:40:51 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 10:40:49 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 10:40:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 08:02:12 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\steam.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
MOD - [2008/04/14 03:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/16 10:41:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/16 10:40:51 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Start_Pending] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/07/16 10:41:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 10:40:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:36:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/24 17:51:43 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



IE - HKU\S-1-5-21-1708537768-507921405-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1708537768-507921405-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-507921405-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/07/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [powrbvim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\fqryhlfbm\emrgvoxtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [Pqaxuzupijafero] C:\WINDOWS\aqcasc.DLL ()
O4 - HKU\S-1-5-18..\Run: [powrbvim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\fqryhlfbm\emrgvoxtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [Pqaxuzupijafero] C:\WINDOWS\aqcasc.DLL ()
O4 - HKU\S-1-5-21-1708537768-507921405-1177238915-1003..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe File not found
O4 - HKU\S-1-5-21-1708537768-507921405-1177238915-1003..\Run: [Steam] c:\program files\valve\steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-507921405-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1708537768-507921405-1177238915-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cezar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cezar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 19:33:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/17 09:58:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/16 10:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 10:41:19 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/09 19:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cezar\Application Data\Malwarebytes
[2010/07/09 19:36:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 19:36:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 19:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/09 19:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/09 19:24:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/09 08:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/09 03:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 16:55:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
[2010/07/08 07:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 07:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 22:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/23 22:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2010/07/18 14:40:55 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/18 14:40:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 14:40:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 14:40:07 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Cezar\NTUSER.DAT
[2010/07/18 14:39:55 | 003,759,474 | -H-- | M] () -- C:\Documents and Settings\Cezar\Local Settings\Application Data\IconCache.db
[2010/07/18 13:30:19 | 062,124,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/18 13:22:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Cezar\ntuser.ini
[2010/07/17 09:53:48 | 003,738,205 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\ABCD.exe
[2010/07/16 10:46:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 10:41:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 10:41:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 10:40:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 10:33:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 19:36:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 18:05:07 | 000,029,727 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\When the scan completes.docx
[2010/07/08 16:55:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cezar\Desktop\OTL.exe
[2010/07/08 16:53:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\646yqpkv.exe
[2010/07/08 10:24:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/07 20:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 14:31:52 | 000,011,581 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\gil.docx
[2010/06/24 14:31:43 | 000,013,123 | ---- | M] () -- C:\Documents and Settings\Cezar\My Documents\Camping List.docx
[2010/06/23 22:55:13 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/20 18:11:54 | 000,024,073 | ---- | M] () -- C:\Documents and Settings\Cezar\Desktop\Summer Calendar.docx

========== Files Created - No Company Name ==========

[2010/07/17 09:55:58 | 003,738,205 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\ABCD.exe
[2010/07/09 19:36:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 17:46:02 | 000,029,727 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\When the scan completes.docx
[2010/07/08 16:53:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\646yqpkv.exe
[2010/06/24 14:31:51 | 000,011,581 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\gil.docx
[2010/06/23 22:55:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/23 22:49:26 | 000,013,123 | ---- | C] () -- C:\Documents and Settings\Cezar\My Documents\Camping List.docx
[2010/06/20 18:11:53 | 000,024,073 | ---- | C] () -- C:\Documents and Settings\Cezar\Desktop\Summer Calendar.docx
[2010/02/24 16:03:55 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/11/24 19:57:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >
  • 0

Advertisements

#62
cezar1234
Posted 18 July 2010 - 07:05 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 18:03:20
Windows 5.1.2600 Service Pack 3
Running: j5r27t0p.exe; Driver: C:\DOCUME~1\Cezar\LOCALS~1\Temp\pfloraob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB64EB360, 0x3E57A5, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB63DFF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\wuauclt.exe[2100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\wuauclt.exe[2100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\wuauclt.exe[2100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B9000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#63
mitch8
Posted 19 July 2010 - 12:04 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O4 - HKU\.DEFAULT..\Run: [powrbvim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\fqryhlfbm\emrgvoxtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [Pqaxuzupijafero] C:\WINDOWS\aqcasc.DLL ()
O4 - HKU\S-1-5-18..\Run: [powrbvim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\fqryhlfbm\emrgvoxtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [Pqaxuzupijafero] C:\WINDOWS\aqcasc.DLL ()
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Next,

Run this on the flash drive that you used. Your flash drive might be infected.

On your computer download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#64
cezar1234
Posted 19 July 2010 - 05:15 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\powrbvim deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Pqaxuzupijafero deleted successfully.
File C:\WINDOWS\aqcasc.DLL not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\powrbvim not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Pqaxuzupijafero not found.
File C:\WINDOWS\aqcasc.DLL not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Cezar
->Temp folder emptied: 154320 bytes
->Temporary Internet Files folder emptied: 14738189 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1090 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Cezar
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07192010_160832

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1AE0.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1AEB.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1B47.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1B52.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1B80.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temp\~DF1B8B.tmp not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\AC_OETags[1].js not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\busops-min[1].css not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\cmdatatagutils[1].js not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\liveManager[1].js not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\partner_footer607[1].htm not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\quad4nvid_smartad[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\spr_apps_us[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\G6F81YZS\srp_metro_yui3_201006181747[1].js not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\5485479_pod[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\5729402.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\6063598.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\6125509.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\6134279.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\6246020.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\6298880.box[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\817-grey[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\arch_l_datebg[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\british-sm[1].jpg not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\but3_off[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\but5_off[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\chart[2].png not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\default[1].htm not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\email-icon[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\friend_add_small[1].png not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\iframe[1].htm not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\img_47fc1908[1].jpg not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\menuicon[1].jpg not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\menu_action_down-padded[1].gif not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\menu_image_s[1].png not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\ping[6].js not found!
File\Folder C:\Documents and Settings\Cezar\Local Settings\Temporary Internet Files\Content.IE5\FYWKM1Q9\pview[1].gif not found!

Registry entries deleted on Reboot...
  • 0

#65
mitch8
Posted 19 July 2010 - 06:09 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Are are you having any more problems? If so, what are they.
  • 0

#66
cezar1234
Posted 19 July 2010 - 07:51 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Still got a pop up
  • 0

#67
cezar1234
Posted 19 July 2010 - 07:53 PM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
IS their program stronger we can use. or are these the ones. Furthemore the my other computer seems to be doing simmiler pop ups. I will wait untill we solve this one to work on the other computer. Thanks again for the help lets see what else we can to.
  • 0

#68
mitch8
Posted 20 July 2010 - 03:38 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

If you have FiOS go here to learn how to change your DNS. If you can't find your router go the bottom of the page and click on the link that tells you how to change the DNS settings for the operating system.
You want to change the DNS settings to this:
Preferred DNS server: 208.67.222.222
Alternate DNS server: 208.67.220.220

Next,

follow these instructions:
https://store.opendn...stem/windows-xp

Reboot your computer.

Go to start then click on run. Type in cmd and hit enter.
In the command prompt type in:
ipconfig /flushdns and hit enter.
ipconfig /all > C:\ipconfig.txt and hit enter.

Test your computers for any redirects.

Post C:\ipconfig.txt here.
  • 0

#69
cezar1234
Posted 25 July 2010 - 09:34 AM

cezar1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
this last test was to check the router right to see it if was infected . i got a check mark.
  • 0

#70
mitch8
Posted 26 July 2010 - 03:40 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Please follow the steps in my last post. Your router could be infected.
  • 0

Advertisements

#71
Essexboy
Posted 30 July 2010 - 03:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP