Jump to content

Black_Cat

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

 Content Type 

Everything posted by Black_Cat

  1. Black_Cat
    Alright, Combofix keeps freezing on me. It finds the rootkit ZeroAccess(first dialogue box) but stops a few minutes after the second dialogue box comes up saying that it'll "take some moments". During the first attempt there was a random IE pop-up which would return if closed. It reads:"Would you like to leave this webpage. Are you shure?" And for some reason DDS popped up and was trying to run; don't know if that's just a serious delay from an earlier attempt or if I clicked it by accident.
  2. Black_Cat
    The computer has a bit of a lag (few seconds of black screen before 'welcome' screen) when booting up Windows. Also got a random dialogue box pop-up from Internet Explorer despite not using the program. Okay here we go, Security Check log: Results of screen317's Security Check version 0.99.42 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Free Antivirus Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.1 Java 7 Update 5 Adobe Flash Player 11.3.300.257 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (9.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! ````````````````````End of Log`````````````````````` OTL log: OTL logfile created on: 6/20/2012 12:56:49 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Marcia\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.74% Memory free 3.84 Gb Paging File | 2.95 Gb Available in Paging File | 76.93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 294.73 Gb Total Space | 211.30 Gb Free Space | 71.69% Space Free | Partition Type: NTFS Computer Name: D97VW0G1 | User Name: Marcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Marcia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe () PRC - C:\WINDOWS\system32\dlcxcoms.exe ( ) PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll () MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll () MOD - C:\WINDOWS\system32\DLPRMON.DLL () MOD - C:\Program Files\Dell PC Fax\ipcmt.dll () MOD - C:\WINDOWS\system32\dlcxcaps.dll () MOD - C:\WINDOWS\system32\DLCXcfg.dll () MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll () MOD - C:\WINDOWS\system32\dlcxdrs.dll () MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll () MOD - C:\WINDOWS\system32\dlcxcnv4.dll () MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll () ========== Win32 Services (SafeList) ========== SRV - (WinDefend) -- %ProgramFiles%\Windows Defender\mpsvc.dll File not found SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe File not found SRV - (TmPfw) -- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe File not found SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found SRV - (PcCtlCom) -- C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe File not found SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AOL ACS) -- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.) SRV - (dlcx_device) -- C:\WINDOWS\system32\dlcxcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys File not found DRV - (lbrtfdc) -- File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (aec) -- system32\drivers\aec.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080409 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080409 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080409 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080409 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes\{ABDB1A03-D606-4804-995F-809DE735D5A4}: "URL" = https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.tb=1&q={searchTerms} IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes\{BBA5B323-B0F7-49D6-9D9D-A9CF8CE6F44C}: "URL" = http://www.ask.com/web?o=14120&l=dis&q={searchTerms} IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\SearchScopes\VWPT: "URL" = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fxp%26instid%3DViewpointV39%5fxp IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {51ef49d2-624b-4194-8b97-1c468e9b0efe}:1.300.306 FF - prefs.js..extensions.enabledItems: {71724C97-9902-4A2B-A50F-9894800B7086}:1.9.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vOK9bbx&&i=26&search=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8095 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marcia\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Marcia\Application Data\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marcia\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/12 19:04:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 19:53:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 18:14:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Marcia\Application Data\Move Networks [2009/10/01 21:02:36 | 000,000,000 | ---D | M] [2009/03/30 22:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Extensions [2009/03/22 09:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2012/06/18 19:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\z3kwvto7.default\extensions [2011/09/25 01:04:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\z3kwvto7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012/05/24 06:47:38 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\z3kwvto7.default\extensions\toolbar@ask.com [2012/04/27 08:21:58 | 000,002,414 | ---- | M] () -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\z3kwvto7.default\searchplugins\askcom.xml [2012/06/12 19:04:31 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\z3kwvto7.default\searchplugins\MyStart Search.xml [2012/01/11 03:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/06 08:27:53 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z3KWVTO7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/12 19:04:35 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/18 19:53:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/09/24 20:35:20 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/06/22 20:17:50 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2012/06/18 19:53:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/18 19:53:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml Hosts file not found O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - Reg Error: Value error. File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\Toolbar\WebBrowser: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll () O3 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL () O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe () O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O15 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-1832132436-1392349311-2145066133-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object) O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control) O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control) O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control) O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12F80852-5DE4-43F9-8BC1-590548BDBC1C}: DhcpNameServer = 167.206.254.2 167.206.254.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 00:38:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcia\Desktop\OTL.exe [2012/06/19 01:33:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marcia\Desktop\tdsskiller.exe [2012/06/18 22:51:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/18 19:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/06/18 19:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/06/17 18:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Application Data\Avira [2012/06/17 18:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2012/06/17 18:17:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012/06/17 18:17:36 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/06/17 18:17:36 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/06/17 18:17:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012/06/17 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2012/06/17 11:21:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Marcia\Desktop\dds.com [2012/06/16 19:04:37 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/06/16 18:58:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Marcia\Desktop\dds.scr [2012/06/16 15:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/16 15:51:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/06/16 15:43:45 | 010,062,736 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcia\Desktop\mbam-consumer.exe [2012/06/16 01:59:43 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcia\Desktop\mbam-setup-1.61.0.1400.exe [2012/06/16 01:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Desktop\MM_Logo [2012/06/15 18:19:01 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012/06/15 05:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/15 05:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Application Data\Oracle [2012/06/15 05:04:20 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/06/15 05:04:20 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/06/15 05:04:20 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/06/15 05:04:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 05:04:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/06/15 02:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Start Menu\Programs\Roxio Creator DE [2012/06/15 02:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\My Documents\Backup_Documents [2012/06/15 01:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46} [2012/06/15 01:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Application Data\Uniblue [2012/06/15 01:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012/06/15 01:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Local Settings\Application Data\PackageAware [2012/06/14 04:08:17 | 004,140,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/06/14 03:47:32 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/06/12 19:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/06/10 20:27:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marcia\Recent [2012/06/10 01:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcia\Desktop\Coby Music [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 01:08:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/20 01:06:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/06/20 00:38:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcia\Desktop\OTL.exe [2012/06/20 00:37:19 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Marcia\Desktop\SecurityCheck.exe [2012/06/20 00:30:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/20 00:30:02 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 01:33:31 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marcia\Desktop\tdsskiller.exe [2012/06/18 23:10:08 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Marcia\Desktop\exeHelper.com [2012/06/18 19:18:15 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/06/18 19:18:15 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/06/18 18:48:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/06/17 18:18:48 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2012/06/17 16:15:52 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Marcia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/17 11:21:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Marcia\Desktop\dds.com [2012/06/16 18:58:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Marcia\Desktop\dds.scr [2012/06/16 16:00:04 | 000,030,845 | ---- | M] () -- C:\Documents and Settings\Marcia\My Documents\BKD-7362479384.pdf [2012/06/16 15:51:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/16 15:43:52 | 010,062,736 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcia\Desktop\mbam-consumer.exe [2012/06/16 02:00:01 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcia\Desktop\mbam-setup-1.61.0.1400.exe [2012/06/16 01:55:54 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Marcia\Desktop\rkill.exe [2012/06/15 22:02:38 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/15 22:00:16 | 000,484,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/15 22:00:16 | 000,081,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/15 21:35:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/15 05:03:26 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 05:03:26 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/06/15 04:43:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/06/15 04:43:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/06/14 04:29:43 | 000,000,739 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012/06/14 04:08:19 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/06/14 03:41:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/06/13 03:48:23 | 000,000,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-220829.backup [2012/06/12 19:04:50 | 000,000,795 | ---- | M] () -- C:\user.js [2012/06/07 21:45:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/05/31 17:37:48 | 000,009,036 | ---- | M] () -- C:\Documents and Settings\Marcia\Application Data\wklnhst.dat [2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/20 00:37:19 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Marcia\Desktop\SecurityCheck.exe [2012/06/19 21:03:45 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys [2012/06/18 23:10:10 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Marcia\Desktop\exeHelper.com [2012/06/17 18:18:48 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2012/06/16 16:00:04 | 000,030,845 | ---- | C] () -- C:\Documents and Settings\Marcia\My Documents\BKD-7362479384.pdf [2012/06/16 15:51:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/16 01:56:04 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Marcia\Desktop\rkill.exe [2012/06/14 03:47:39 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/12 19:04:46 | 000,000,795 | ---- | C] () -- C:\user.js [2012/06/10 21:07:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/15 08:09:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/04 06:35:30 | 001,588,945 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1832132436-1392349311-2145066133-1006-0.dat [2012/01/28 05:01:38 | 000,203,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/01/27 12:51:35 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/12/31 03:04:31 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe [2011/05/03 12:36:26 | 000,019,942 | -HS- | C] () -- C:\Documents and Settings\Marcia\Local Settings\Application Data\02dvu33p3g64bf31052bjgpyk03 [2011/05/03 12:36:26 | 000,019,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\02dvu33p3g64bf31052bjgpyk03 [2011/04/08 17:11:54 | 000,016,002 | -HS- | C] () -- C:\Documents and Settings\Marcia\Local Settings\Application Data\7n61qsjgrs7rjc3tv5ki58o [2011/04/08 17:11:54 | 000,016,002 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7n61qsjgrs7rjc3tv5ki58o [2011/04/06 23:08:41 | 000,016,972 | -HS- | C] () -- C:\Documents and Settings\Marcia\Local Settings\Application Data\7t6x52h50cstg1toju2u5v6hy41tk1056886rx [2011/04/06 23:08:41 | 000,016,972 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7t6x52h50cstg1toju2u5v6hy41tk1056886rx [2011/03/16 18:13:54 | 000,020,592 | -HS- | C] () -- C:\Documents and Settings\Marcia\Local Settings\Application Data\3373148944 [2011/03/16 18:13:54 | 000,020,592 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3373148944 [2010/12/09 19:46:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/12/09 01:26:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Effects [2010/12/09 01:26:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Marcia\Application Data\Drum Kits [2010/12/09 01:26:09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT [2010/12/09 01:26:07 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav [2010/12/09 01:26:07 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Marcia\Application Data\Drums [2010/12/09 01:20:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT [2010/09/04 05:47:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uqumoh.dat [2010/09/04 05:47:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ubiciseyitegig.bin [2010/09/04 01:18:31 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Marcia\Application Data\hngmfc.dat [2010/09/03 20:04:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\qrudmppuf.sys [2010/09/03 19:57:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\hngmfc.dat [2009/02/03 09:08:46 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{b9e97c10-449e-db4d-030d-0026d5a6f3d6}\@ ========== Custom Scans ========== < %TEMP%\smtmp\*.* /s > Invalid Switch: indent] ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation < End of report >
  3. Black_Cat
    Hello, I recently got hit with the ZeroAccess rootkit and it seems to be gone after running Malware/Avira/Spybot but I still have the Google Redirect issue along with audio ads playing in the background. I tried the methods used in the FAQ topic but no luck. So here I am asking for help however I can't seem to get the dds.scr tool to run as mentioned in this topic. Any help would be greatly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.