Malware Doctor problems

View previous topic View next topic Go down

Malware Doctor problems

Post by mettam on Wed Jun 17, 2009 10:55 am

Dear all,
I have troubles in getting rid off of the malware "Malware Doctor". I used Malwarebytes' but no use. every time i remove and restart, i get the problem again. here is my Hijackthis log file. Please help me. thanks.
m

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:44 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Chrome copyright - {AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmcd.dll (file missing)
O2 - BHO: Google Gears Helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &download by orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &grab video by orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Append Link Target to Existing PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: do&wnload selected by orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: down&load all by orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open in new background tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ee890c83655c46408a4a02d1fa839d7f
O8 - Extra context menu item: Open in new foreground tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ee890c83655c46408a4a02d1fa839d7f
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D3BAB5-34E9-430D-B90D-B1D92A7BC08F}: NameServer = 139.165.32.13,139.165.40.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\WINDOWS\
O20 - Winlogon Notify: dgbtew - dgbtew.dll (file missing)
O20 - Winlogon Notify: spba - C:\WINDOWS\
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c987759e870c06) (gupdate1c987759e870c06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10145 bytes

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Wed Jun 17, 2009 12:39 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: Chrome copyright - {AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmcd.dll (file missing)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\WINDOWS\
    O20 - Winlogon Notify: dgbtew - dgbtew.dll (file missing)
    O20 - Winlogon Notify: spba - C:\WINDOWS\
    O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Wed Jun 17, 2009 4:45 pm

hi belahzur,
many thanks for your response. I did as you said.
it still didn't solve the problem. upon every reboot, i'm getting this Malware Doctor. while I ran Hijackthis file and fix problems, there was an error message "Registry is locked by administrator"
here is Malwarebytes' log file

Malwarebytes' Anti-Malware 1.37
Database version: 2296
Windows 5.1.2600 Service Pack 3

6/17/2009 6:41:20 PM
mbam-log-2009-06-17 (18-41-20).txt

Scan type: Quick Scan
Objects scanned: 97810
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\492fefaa.sys (Rootkit.Rustock) -> Delete on reboot.

thanks again
m

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Wed Jun 17, 2009 5:01 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Thu Jun 18, 2009 10:30 am

hi Belahzur,

thanks again for the response.
but unfortunately, after starting combifix, its almost one day and i see a message "combifix is preparing to run" and nothing on a command prompt like window. Is it usual with combifix or there is something wrong?

m

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Thu Jun 18, 2009 10:39 am

Malware is likely interfering.

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try Combofix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Thu Jun 18, 2009 11:19 am

hi,
its still like that only in safe mode with networking. is it usual?
by the way initially it updated combifix to latest version and then on it is like how it was before. i also cound't find and file named combifix.txt in the C drive.
thanks in advance
m

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Thu Jun 18, 2009 1:25 pm

Your machine is in a pretty bad state, as far as one of your needed system files are infected.

Delete your copy of Combofix.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Thu Jun 18, 2009 2:37 pm

sorry to say but it is still same situation.
is there any other alternative for me?
thanks
m

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Thu Jun 18, 2009 3:05 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Thu Jun 18, 2009 4:45 pm

here it is....


DDS (Ver_09-05-14.01) - NTFSx86
Run by User at 18:40:47.23 on Thu 06/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1351 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Chrome copyright: {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: &D&ownload &with BitComet -
IE: &D&ownload all video with BitComet -
IE: &D&ownload all with BitComet -
IE: &download by orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &grab video by orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Vbuzzer RSS list -
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: do&wnload selected by orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: down&load all by orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel -
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?ee890c83655c46408a4a02d1fa839d7f
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?ee890c83655c46408a4a02d1fa839d7f
IE: Save Page As PDF ... -
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C}
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - [You must be registered and logged in to see this link.]
DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} - [You must be registered and logged in to see this link.]
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: {E3D3BAB5-34E9-430D-B90D-B1D92A7BC08F} = 139.165.32.13,139.165.40.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: dgbtew - dgbtew.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by mettam on Thu Jun 18, 2009 4:46 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\bt83poyf.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\{921d0658-ee27-4e62-9f19-62ac80f32eaf}\components\FFAlert.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-11-22 42608]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-17 55640]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-18 55152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-22 110080]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43608]
S1 1073be11;1073be11;c:\windows\system32\drivers\1073be11.sys --> c:\windows\system32\drivers\1073be11.sys [?]
S1 15a5346b;15a5346b;c:\windows\system32\drivers\15a5346b.sys --> c:\windows\system32\drivers\15a5346b.sys [?]
S1 198b7c7e;198b7c7e;c:\windows\system32\drivers\198b7c7e.sys --> c:\windows\system32\drivers\198b7c7e.sys [?]
S1 3b2a9855;3b2a9855;c:\windows\system32\drivers\3b2a9855.sys --> c:\windows\system32\drivers\3b2a9855.sys [?]
S1 41f35360;41f35360;c:\windows\system32\drivers\41f35360.sys --> c:\windows\system32\drivers\41f35360.sys [?]
S1 492fefaa;492fefaa;c:\windows\system32\drivers\492fefaa.sys --> c:\windows\system32\drivers\492fefaa.sys [?]
S1 58bb812d;58bb812d;c:\windows\system32\drivers\58bb812d.sys --> c:\windows\system32\drivers\58bb812d.sys [?]
S1 62af9375;62af9375;c:\windows\system32\drivers\62af9375.sys [2009-5-6 0]
S1 73108add;73108add;c:\windows\system32\drivers\73108add.sys --> c:\windows\system32\drivers\73108add.sys [?]
S1 812b811c;812b811c;c:\windows\system32\drivers\812b811c.sys --> c:\windows\system32\drivers\812b811c.sys [?]
S1 81362424;81362424;c:\windows\system32\drivers\81362424.sys --> c:\windows\system32\drivers\81362424.sys [?]
S1 831e6087;831e6087;c:\windows\system32\drivers\831e6087.sys --> c:\windows\system32\drivers\831e6087.sys [?]
S1 832225ef;832225ef;c:\windows\system32\drivers\832225ef.sys --> c:\windows\system32\drivers\832225ef.sys [?]
S1 88bcbf38;88bcbf38;c:\windows\system32\drivers\88bcbf38.sys --> c:\windows\system32\drivers\88bcbf38.sys [?]
S1 90539704;90539704;c:\windows\system32\drivers\90539704.sys --> c:\windows\system32\drivers\90539704.sys [?]
S1 92516a75;92516a75;c:\windows\system32\drivers\92516a75.sys --> c:\windows\system32\drivers\92516a75.sys [?]
S1 aa76f012;aa76f012;c:\windows\system32\drivers\aa76f012.sys --> c:\windows\system32\drivers\aa76f012.sys [?]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S1 cb16b33f;cb16b33f;c:\windows\system32\drivers\cb16b33f.sys --> c:\windows\system32\drivers\cb16b33f.sys [?]
S1 d89c86f;d89c86f;c:\windows\system32\drivers\d89c86f.sys --> c:\windows\system32\drivers\d89c86f.sys [?]
S1 e13b65d0;e13b65d0;c:\windows\system32\drivers\e13b65d0.sys --> c:\windows\system32\drivers\e13b65d0.sys [?]
S1 e5a226fa;e5a226fa;c:\windows\system32\drivers\e5a226fa.sys --> c:\windows\system32\drivers\e5a226fa.sys [?]
S1 fc91970c;fc91970c;c:\windows\system32\drivers\fc91970c.sys --> c:\windows\system32\drivers\fc91970c.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-18 185089]
S2 gupdate1c987759e870c06;Google Update Service (gupdate1c987759e870c06);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 qfzzpopneadbmm;qfzzpopneadbmm;\??\c:\windows\system32\drivers\mwcrcrwehyeyypb.sys --> c:\windows\system32\drivers\mwcrcrwehyeyypb.sys [?]
S2 qkmgsdbmgiy;qkmgsdbmgiy;\??\c:\windows\system32\drivers\qzjspjakpcujia.sys --> c:\windows\system32\drivers\qzjspjakpcujia.sys [?]
S2 tuarvlmchmjpffo;tuarvlmchmjpffo;\??\c:\windows\system32\drivers\gzjhzhljcl.sys --> c:\windows\system32\drivers\gzjhzhljcl.sys [?]
S2 zjauqfflos;zjauqfflos;\??\c:\windows\system32\drivers\snclbfqd.sys --> c:\windows\system32\drivers\snclbfqd.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-11 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-11 3072]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-11-22 3566080]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S4 Windows SteadyState;Windows SteadyState Service;c:\program files\windows steadystate\SCTSvc.exe [2008-5-30 115728]

=============== Created Last 30 ================

2009-06-18 16:49 99,422 a------- c:\windows\system32\drivers\70509fa9.sys
2009-06-18 16:49 29,184 a------- c:\windows\system32\jbnmck.dll
2009-06-18 16:49 134 a------- c:\windows\system32\sft.res
2009-06-18 16:49 36,864 a------- c:\windows\system32\avast!Antivirus.exe
2009-06-18 16:47 --ds---- C:\Combo-Fix
2009-06-18 16:47 389,120 a------- c:\windows\system32\CF6664.exe
2009-06-18 16:02 389,120 a------- c:\windows\system32\CF30709.exe
2009-06-18 16:01 389,120 a------- c:\windows\system32\CF30497.exe
2009-06-18 15:54 389,120 a------- c:\windows\system32\CF29148.exe
2009-06-18 15:38 389,120 a------- c:\windows\system32\CF25945.exe
2009-06-18 12:50 --ds---- C:\ComboFix
2009-06-18 12:50 389,120 a------- c:\windows\system32\CF25757.exe
2009-06-18 12:49 389,120 a------- c:\windows\system32\CF25642.exe
2009-06-18 12:38 61,440 a------- c:\windows\system32\drivers\awzve.sys
2009-06-18 12:36 61,440 a------- c:\windows\system32\drivers\rjghwht.sys
2009-06-18 09:26 389,120 a------- c:\windows\system32\CF18623.exe
2009-06-18 09:22 58,880 a------- c:\windows\system32\22.tmp
2009-06-18 08:18 58,880 a------- c:\windows\system32\20.tmp
2009-06-18 08:08 --d----- c:\program files\Avira
2009-06-18 07:38 147,456 a------- c:\windows\PLAUNCH.EXE
2009-06-18 07:08 --d----- c:\program files\DVD Shrink
2009-06-18 06:46 654 -------- c:\windows\remove.iss
2009-06-18 06:46 --d----- c:\program files\InterVideo Information Service
2009-06-18 06:46 --d----- c:\program files\common files\Ulead
2009-06-18 06:29 58,880 a------- c:\windows\system32\1E.tmp
2009-06-17 21:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-17 21:30 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-17 21:16 389,120 a------- c:\windows\system32\CF6574.exe
2009-06-17 21:15 389,120 a------- c:\windows\system32\CF6411.exe
2009-06-17 20:55 389,120 a------- c:\windows\system32\CF2414.exe
2009-06-17 11:47 61,440 a------- c:\windows\system32\drivers\pmwicz.sys
2009-06-17 09:42 61,440 a------- c:\windows\system32\drivers\gegli.sys
2009-06-17 05:40 --d----- C:\elements
2009-06-16 23:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 23:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 23:12 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 21:11 16,244 a------- c:\windows\system32\rrt_is.wav
2009-06-16 21:11 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-06-16 21:11 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-06-16 21:11 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-06-16 16:13 0 a------- C:\XES1C2.tmp
2009-06-16 15:48 --d----- c:\documents and settings\user\Option
2009-06-16 12:58 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 12:58 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:41 --d----- c:\program files\DAMBE
2009-06-10 11:50 --d----- c:\program files\Registry Easy
2009-06-03 21:28 --d----- c:\docume~1\alluse~1\applic~1\SymplisIT
2009-06-03 21:14 90 a------- c:\windows\vmreg32.dll
2009-06-03 21:14 --d----- c:\program files\SymplisIT
2009-06-03 21:10 --d----- c:\program files\XP Repair Pro 2007
2009-05-28 21:53 959 a------- C:\rollback.ini
2009-05-28 21:27 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-28 21:27 --d----- c:\windows\system32\ZoneLabs
2009-05-28 21:27 --d----- c:\program files\Zone Labs
2009-05-28 11:49 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-05-28 11:48 --d----- c:\documents and settings\user\.housecall6.6
2009-05-28 10:56 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-28 10:55 --d----- c:\program files\SUPERAntiSpyware
2009-05-28 10:55 --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-05-26 21:27 2,285,056 a------- c:\windows\system32\TUKernel.exe
2009-05-26 10:49 389,120 a------- c:\windows\system32\CF770.exe
2009-05-26 10:44 389,120 a------- c:\windows\system32\CF32496.exe
2009-05-26 09:50 389,120 a------- c:\windows\system32\CF21720.exe
2009-05-25 22:26 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-05-25 22:26 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-25 17:46 389,120 a------- c:\windows\system32\CF29626.exe
2009-05-25 14:59 161,792 a------- c:\windows\SWREG.exe
2009-05-25 14:59 155,136 a------- c:\windows\PEV.exe
2009-05-25 14:59 98,816 a------- c:\windows\sed.exe
2009-05-25 14:58 389,120 a------- c:\windows\system32\CF29356.exe
2009-05-25 12:51 --d----- c:\program files\Trend Micro
2009-05-24 12:28 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-24 12:02 --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-20 11:11 --d----- c:\docume~1\user\applic~1\GrabPro
2009-05-20 11:11 --d----- c:\program files\Orbitdownloader
2009-05-20 10:21 --d----- c:\program files\Geospiza
2009-05-19 20:03 10 a------- c:\windows\WININIT.INI

==================== Find3M ====================

2009-06-18 12:38 2,482 a------- c:\program files\uoygyf.txt
2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-11 18:35 0 a------- c:\windows\system32\drivers\62af9375.sys
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 16:34 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-18 07:48 6,656 a------- c:\windows\system32\haspvdd.dll
2009-04-17 20:14 94,208 a------- c:\windows\system32\DistClock.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 18:53 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-02 18:11 100,176 a------- c:\windows\BricoPackUninst.cmd
2009-03-31 17:24 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 23:19 952 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

============= FINISH: 18:41:01.67 ===============

mettam
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-17
OS OS : WindowsXP
Points Points : 27299
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor problems

Post by Belahzur on Thu Jun 18, 2009 7:51 pm

Hello.
Do you have your XP disc?

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    ndis.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum