Jump to content

Can't run DDS


Recommended Posts

DDS won't run. I've tried all 3 (dds.scr and dds.com and forospyware) but none work.

dds.scr starts to run, but when it appears to have completed the whole pc freezes & I have to turn it off & on again.

Same for dds.com.

When I typed in the forospyware link, my antiviral popped up & asked if I wanted to remove it - I assume it was the forospyware it removed.

I'm not sure if I have any script blockers running as I have no idea what programs run them & how to turn them off!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

What issues are you currently experiencing??

Please update MBAM, run a Quick Scan, and post its log.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Thank you so much for your help.

The basic problem is the Google redirect virus.

I followed the instructions given to run DDS, but it doesn't produce any script & my computer freezes.

These are the results of the OTL scan (OTL txt first & then Extras):

OTL logfile created on: 21/03/2011 2:13:04 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files

Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS

Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS

Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe

PRC - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/11/03 11:33:31 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe

PRC - [2010/02/12 14:15:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\explorer.exe

PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe

PRC - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe

PRC - [2004/10/27 17:49:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS1\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe

MOD - [2010/02/12 14:15:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () [Auto | Running] -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)

SRV - [2007/11/06 08:37:58 | 000,201,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\Program Files\Raxco\PerfectDisk\PDExchange.exe -- (PDExchange)

SRV - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

========== Driver Services (SafeList) ==========

DRV - [2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/28 06:43:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS1\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/02/12 14:15:00 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS1\System32\drivers\dumpdrv.sys -- (DumpDrv)

DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/10/31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/04/14 11:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/10/22 05:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- D:\WINDOWS1\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS1\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/10/02 13:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\pfc.sys -- (pfc)

DRV - [2006/02/27 02:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce

DRV - [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/02/09 14:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\NetMotCM.sys -- (ndiscm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/01/03 11:47:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/01/03 11:47:36 | 000,000,000 | ---D | M]

[2010/08/26 22:36:18 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/03/19 07:53:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions

[2010/08/27 14:17:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/27 14:16:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions

[2010/08/27 11:10:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/07/23 11:29:54 | 000,001,538 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 11:29:54 | 000,000,947 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/23 11:29:54 | 000,000,769 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 11:29:54 | 000,001,135 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/12 14:15:00 | 000,000,781 | ---- | M]) - D:\WINDOWS1\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [soundMan] D:\WINDOWS1\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS1\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - File not found

O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\afwserv.exe: Debugger - svchost.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/26 03:52:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/05/21 13:38:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (PDBoot.exe) - D:\WINDOWS1\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 14:12:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe

[2011/03/18 22:45:17 | 000,000,000 | -H-D | C] -- D:\WINDOWS1\PIF

[2011/03/18 16:40:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\MFAData

[2011/03/16 11:42:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\iTunes

[2011/03/02 20:09:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Phone Tools

[2011/03/02 20:08:55 | 001,419,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS1\System32\wdfcoinstaller01005.dll

[2011/03/02 20:08:55 | 000,023,680 | ---- | C] (Motorola) -- D:\WINDOWS1\System32\drivers\motmodem.sys

[2011/03/02 20:08:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Driver Installer

[2011/03/02 19:15:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software

[2011/03/02 19:11:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\BVRP Software

[2011/03/02 19:11:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\InstallShield

[1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe

[2011/03/21 14:11:00 | 000,001,010 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500UA.job

[2011/03/21 14:09:01 | 000,000,900 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/21 12:17:55 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk

[2011/03/21 09:11:02 | 000,000,958 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500Core.job

[2011/03/21 07:02:17 | 000,000,896 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/21 07:01:58 | 000,002,048 | --S- | M] () -- D:\WINDOWS1\bootstat.dat

[2011/03/19 11:19:24 | 000,625,664 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr

[2011/03/19 11:18:17 | 000,000,202 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr

[2011/03/19 10:23:36 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\defogger_reenable

[2011/03/19 08:12:10 | 000,002,344 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2011/03/19 08:12:10 | 000,002,322 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) -- D:\WINDOWS1\System32\drivers\avipbb.sys

[2011/03/18 18:44:54 | 000,000,798 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk

[2011/03/18 17:55:30 | 000,001,324 | ---- | M] () -- D:\WINDOWS1\System32\d3d9caps.dat

[2011/03/18 15:19:28 | 000,002,499 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk

[2011/03/16 11:42:38 | 000,001,544 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk

[2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Safari.lnk

[2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/03/15 19:14:54 | 000,000,169 | ---- | M] () -- D:\WINDOWS1\RtlRack.ini

[2011/03/15 19:12:01 | 000,465,072 | ---- | M] () -- D:\WINDOWS1\System32\perfh009.dat

[2011/03/15 19:12:01 | 000,078,958 | ---- | M] () -- D:\WINDOWS1\System32\perfc009.dat

[2011/03/14 18:23:06 | 000,000,020 | -H-- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT

[2011/03/14 10:27:01 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/10 11:10:19 | 000,002,206 | ---- | M] () -- D:\WINDOWS1\System32\wpa.dbl

[2011/03/02 21:17:00 | 000,000,069 | ---- | M] () -- D:\WINDOWS1\NeroDigital.ini

[2011/03/02 21:16:59 | 000,006,144 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/02 20:12:05 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf

[2011/03/02 20:12:04 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2011/03/02 20:09:49 | 000,001,679 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk

[2011/03/02 18:30:05 | 000,002,560 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg

[2011/03/02 18:26:45 | 000,003,003 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg

[2011/03/02 18:25:15 | 000,022,710 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg

[2011/03/02 18:24:49 | 000,022,537 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg

[1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 11:19:28 | 000,625,664 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr

[2011/03/19 11:18:23 | 000,000,202 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr

[2011/03/19 10:23:36 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\defogger_reenable

[2011/03/18 18:44:54 | 000,000,798 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk

[2011/03/16 11:42:38 | 000,001,544 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk

[2011/03/02 20:12:05 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf

[2011/03/02 20:12:04 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2011/03/02 19:15:46 | 000,001,679 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk

[2011/03/02 18:30:05 | 000,002,560 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg

[2011/03/02 18:26:45 | 000,003,003 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg

[2011/03/02 18:25:15 | 000,022,710 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg

[2011/03/02 18:24:49 | 000,022,537 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg

[2010/12/07 07:49:13 | 000,000,169 | ---- | C] () -- D:\WINDOWS1\RtlRack.ini

[2010/10/15 11:21:48 | 000,000,020 | -H-- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT

[2010/08/27 12:49:05 | 000,001,324 | ---- | C] () -- D:\WINDOWS1\System32\d3d9caps.dat

[2010/08/26 23:08:04 | 000,000,069 | ---- | C] () -- D:\WINDOWS1\NeroDigital.ini

[2010/08/26 23:08:00 | 000,006,144 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/26 23:01:35 | 000,001,682 | -HS- | C] () -- D:\WINDOWS1\System32\KGyGaAvL.sys

[2010/08/26 23:01:35 | 000,000,056 | RHS- | C] () -- D:\WINDOWS1\System32\043A0FBA06.sys

[2010/08/26 22:36:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS1\nsreg.dat

[2010/08/26 13:22:52 | 000,004,205 | ---- | C] () -- D:\WINDOWS1\ODBCINST.INI

[2010/08/26 13:16:12 | 000,227,208 | ---- | C] () -- D:\WINDOWS1\System32\FNTCACHE.DAT

[2010/08/26 05:24:19 | 000,000,164 | ---- | C] () -- D:\WINDOWS1\avrack.ini

[2010/08/26 05:24:13 | 000,156,672 | ---- | C] () -- D:\WINDOWS1\System32\RTLCPAPI.dll

[2010/08/26 05:24:12 | 000,040,448 | ---- | C] () -- D:\WINDOWS1\System32\ChCfg.exe

[2010/08/26 05:13:11 | 000,000,379 | ---- | C] () -- D:\WINDOWS1\ODBC.INI

[2010/08/26 03:56:50 | 000,155,720 | ---- | C] () -- D:\WINDOWS1\System32\CDR.exe

[2010/08/26 03:56:50 | 000,110,085 | R--- | C] () -- D:\WINDOWS1\System32\cdimage.exe

[2010/08/26 03:52:54 | 000,002,048 | --S- | C] () -- D:\WINDOWS1\bootstat.dat

[2010/08/26 03:45:05 | 000,021,640 | ---- | C] () -- D:\WINDOWS1\System32\emptyregdb.dat

[2010/08/26 03:44:00 | 000,018,904 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschematrivial.bin

[2010/08/26 03:43:59 | 000,106,605 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschema.bin

[2010/08/26 03:43:59 | 000,031,698 | ---- | C] () -- D:\WINDOWS1\System32\gthrctr.ini

[2010/08/26 03:43:59 | 000,020,698 | ---- | C] () -- D:\WINDOWS1\System32\idxcntrs.ini

[2010/08/26 03:43:58 | 000,030,628 | ---- | C] () -- D:\WINDOWS1\System32\gsrvctr.ini

[2010/02/12 14:15:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS1\System32\oembios.bin

[2010/02/12 14:15:00 | 001,481,728 | ---- | C] () -- D:\WINDOWS1\System32\LegitCheckControl.dll

[2010/02/12 14:15:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS1\System32\mlang.dat

[2010/02/12 14:15:00 | 000,465,072 | ---- | C] () -- D:\WINDOWS1\System32\perfh009.dat

[2010/02/12 14:15:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS1\System32\perfi009.dat

[2010/02/12 14:15:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS1\System32\dssec.dat

[2010/02/12 14:15:00 | 000,078,958 | ---- | C] () -- D:\WINDOWS1\System32\perfc009.dat

[2010/02/12 14:15:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS1\System32\mib.bin

[2010/02/12 14:15:00 | 000,031,232 | ---- | C] () -- D:\WINDOWS1\System32\cmdow.exe

[2010/02/12 14:15:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS1\System32\perfd009.dat

[2010/02/12 14:15:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS1\System32\secupd.dat

[2010/02/12 14:15:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS1\System32\oembios.dat

[2010/02/12 14:15:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS1\System32\Dcache.bin

[2010/02/12 14:15:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS1\System32\noise.dat

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS1\System32\OUTLPERF.INI

< End of report >

OTL Extras logfile created on: 21/03/2011 2:13:04 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files

Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS

Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS

Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hta [@ = hta_auto_file] -- "C:\WINDOWS\system32\mshta.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [openNew] -- explorer %1 (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Thanks for your continuing help.

I downloaded ComboFix but had the same problem I had with DDS in that it starts to scan, but no results show & when I move the mouse a couple of times (to try & close it) the mouse dissappears & I have to reboot.

My Google seems to be working now anyway (haven't struck a redirect in a couple of days), but if you think I should keep on with cleaning up the system somehow let me know.

Thanks again - very much appreciate your help.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

I hope this is what you were after - please let me know if not, thanks:

2011/03/26 12:53:42.0687 1436 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/26 12:53:43.0562 1436 ================================================================================

2011/03/26 12:53:43.0562 1436 SystemInfo:

2011/03/26 12:53:43.0562 1436

2011/03/26 12:53:43.0562 1436 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/26 12:53:43.0562 1436 Product type: Workstation

2011/03/26 12:53:43.0562 1436 ComputerName: USER-72390D5B51

2011/03/26 12:53:43.0562 1436 UserName: Administrator

2011/03/26 12:53:43.0562 1436 Windows directory: D:\WINDOWS1

2011/03/26 12:53:43.0562 1436 System windows directory: D:\WINDOWS1

2011/03/26 12:53:43.0562 1436 Processor architecture: Intel x86

2011/03/26 12:53:43.0562 1436 Number of processors: 1

2011/03/26 12:53:43.0562 1436 Page size: 0x1000

2011/03/26 12:53:43.0562 1436 Boot type: Normal boot

2011/03/26 12:53:43.0562 1436 ================================================================================

2011/03/26 12:53:43.0875 1436 Initialize success

Link to post
Share on other sites

  • Staff

Hi,

Let's run this online scan to be sure:

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

No, sorry can't remember what it was.

The notebook after security check showed:

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java SE Runtime Environment 6 Update 1

Adobe Flash Player 10.2.152.32

Mozilla Firefox (3.6.8) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

I think Google is working fine now & I don't seem to be having any other issues.

Thanks again!

Link to post
Share on other sites

  • 4 weeks later...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.