AntiMalware Doctor

View previous topic View next topic Go down

AntiMalware Doctor

Post by Misteretc on Mon Mar 15, 2010 12:17 am

Hello,

Today I found that AntiMalware Doctor was showing up on my computer. I did a google search and followed the directions there in removing most of it and now it appears to be gone. However, now I am not able to open anything except for Internet Explorer. Whenever I try to open something, I get the "Open With" box and a list of programs to use to open the file with. That means that all my anti-virus software, even new items like OTL, Commie, etc I am not able to open even if I have them on CD rom, memory stick, etc from another computer. This is especially sad since this is a family home computer. Any help you can provide would be greatly appreciated, please help.

Please (puppy eyes)

Thank you,

Mister Etc

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Mon Mar 15, 2010 12:41 am

Hello.
Right click OTL.exe, select rename. Remove the .exe and add .scr.

Now try running it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Mon Mar 15, 2010 9:28 am

Okay, I went back and redownloaded OTL to my desktop with the .scr

Now it seems I can run it and am running the scan. What should I do after the scan has been run?

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Mon Mar 15, 2010 9:48 pm

Post the logs please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Tue Mar 16, 2010 2:09 am

There aren't any yet. I started running it this morning and its saying at the bottom..."Looking for Newly Created Files..."

Is there something else I should be doing? Perhaps a different setting?


Last edited by Misteretc on Tue Mar 16, 2010 9:24 am; edited 1 time in total (Reason for editing : wrong word)

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Tue Mar 16, 2010 5:08 pm

Hello.
No, your doing it right, something is blocking it, or attempting to anyway.

Try running it again [close, then re-open it] and make sure it's just not OTL hanging.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Wed Mar 17, 2010 1:24 am

I did restart it and its hung again here...

"Looking for Newly Created Files: C:\Windows\System32\yaniruzo.exe"

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Wed Mar 17, 2010 8:51 am

Its still "hung" on this...

"Looking for Newly Created Files: C:\Windows\System32\yaniruzo.exe"

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Wed Mar 17, 2010 9:22 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Thu Mar 18, 2010 1:46 am

[You must be registered and logged in to see this link.] wrote:Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?

That's a negative sir. It acts like the other programs I try to open. It asks me which program I want to use to open it, but my system doesn't allow me to open it.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Thu Mar 18, 2010 11:26 pm

Hello.
Rename IceSword from .exe to .scr too, see if you can run it then.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Fri Mar 19, 2010 9:23 am

When I rename it and then try to run it, I get the error..."Open Device Failed, Error Code 1073741762" and then "Initialize Failed".

Sad tearing

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Fri Mar 19, 2010 9:33 pm

Are you running XP or Vista?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Fri Mar 19, 2010 11:18 pm

I'm running XP on my machine.

Right now only Internet Explore, Lavasoft Ad-Aware, and OTL are running on my machine. Is there an online version of Ice Sword where the site would run it (like a scanner) instead of me downloading it to my machine? See what I'm saying, something an online scanner that does the same function?

Or is Ice Sword available somewhere where I can save the file itself (rename it)? The download link has it as a zipped file.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Wed Mar 24, 2010 5:49 pm

[You must be registered and logged in to see this link.] wrote:Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?

Okay, I was able to get ICESWORD open, now the question is, how do I use it?

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Thu Mar 25, 2010 1:23 am

Hello.


  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Fri Mar 26, 2010 7:46 am

Okay, did that and here we go....

Process Log...

Process:

System Idle Process
System
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ann\Desktop\IceSword.scr
C:\WINDOWS\system32\ctfmon.exe

and the Startup Log...

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ad-Watch
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vigutiture
Rundll32.exe "sasisudi.dll",s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
wukiwebit
Rundll32.exe "c:\windows\system32\zugikime.dll",a

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe_Reader
c:\program files\internet explorer\wmpscfgs.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Update
"C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TOY5KNQ8OC
c:\docume~1\ann\locals~1\temp\zn1 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
gdf498gtudsigjnsod8guifjgfhfhf
c:\docume~1\ann\locals~1\temp\cl9oha8 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
dbf70700 .exe
c:\documents and settings\ann\application data\770f2997f2bfa71d1b8b4463f6319fb4\dbf70700 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
dbf70700 .exe
c:\documents and settings\ann\application data\770f2997f2bfa71d1b8b4463f6319fb4\dbf70700 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Remote System Protection
rundll32.exe C:\WINDOWS\system32\lzfl50.dll, HUI_proc

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
dbf70700 .exe
c:\documents and settings\ann\application data\770f2997f2bfa71d1b8b4463f6319fb4\dbf70700 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
dbf70700 .exe
c:\documents and settings\ann\application data\770f2997f2bfa71d1b8b4463f6319fb4\dbf70700 .exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
dbf70700 .exe
c:\documents and settings\ann\application data\770f2997f2bfa71d1b8b4463f6319fb4\dbf70700 .exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Image Zone Fast Start.lnk
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Remark£º)

C:\Documents and Settings\Ann\Start Menu\Programs\Startup
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark£º)

C:\Documents and Settings\Ann\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Ann\Start Menu\Programs\Startup
DING!.lnk
C:\Program Files\Southwest Airlines\Ding\Ding.exe (Remark£º)

C:\Documents and Settings\Ann\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Remark£ºScreen Clipper (Windows+S) and Launcher (Windows+N) for Microsoft Office OneNote.)

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Fri Mar 26, 2010 7:27 pm

Hello.
Nice collection of malware you have there, IceSword only gives me the basics of what might be present, but something else is hiding there.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Mar 27, 2010 10:36 am

This is another problem that I have, even if I change the file extension, MBAM does not run for very long, it gets an error...

A Pop-up box that says "Setup"

Unable to Execute file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.

***Note: I've tried different variations and for a brief nano second I get to the scan page, but then it fails immediately and disappears.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Sat Mar 27, 2010 5:24 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Mar 27, 2010 7:48 pm

Oh wow! Now my computer is working again. Here's the log.txt information from the Combo...

ComboFix 10-03-26.02 - Ann 2010-03-27 15:25:08.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.2106 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\3931f85
c:\documents and settings\All Users\Application Data\3931f85\3768.mof
c:\documents and settings\All Users\Application Data\3931f85\BackUp\Adobe Gamma.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\DING!.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Image Zone Fast Start.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\3931f85\sg3931 .exe
c:\documents and settings\All Users\Application Data\3931f85\sg3931.exe
c:\documents and settings\All Users\Application Data\3931f85\SGD.ico
c:\documents and settings\All Users\Application Data\3931f85\SGDSys\vd952342.bd
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\1.html
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\cfg.msg
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\tmp.bmp
c:\documents and settings\Ann\Application Data\Security Guard
c:\documents and settings\Ann\Application Data\Security Guard\Instructions.ini
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\48bxyab0.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\6JaYkyb5A.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\nooAPM.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\okbPm.jpg
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\app_dll.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\fuwofapi.dll
c:\windows\system32\jahasike.dll
c:\windows\system32\lofiketo.dll
c:\windows\system32\lzfl50.dll
c:\windows\system32\neganosu.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\sasisudi.dll
c:\windows\system32\sodimafe.dll
c:\windows\system32\sojefiwi.exe
c:\windows\system32\yaniruzo.exe
c:\windows\system32\zugikime.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\hbrjvqjw.job
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 20:19 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 20:19 . 2010-03-27 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:19 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:25 . 2010-03-14 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-24 16:42 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 19:34 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-18 13:13 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 14:46 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-14 02:43 . 2010-03-14 02:43 17920 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\hookdll.dll
2010-03-14 02:43 . 2010-03-14 02:43 962560 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\dbf70700 .exe
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 23:21 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\bogogife.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\buloboti.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\fakiyegi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\gekininu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\hanipolu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\kelahudu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\lokomoha.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\nodujohu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\polufili.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\ronilipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\system32\samotaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\sudovufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\susiwoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tayoyeza.dll
1601-01-01 00:03 . 1601-01-01 00:03 173568 --sha-w- c:\windows\system32\tijayoni.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vigenayu.dll
.
Code:
<pre>
c:\program files\AIM6\aim6 .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lavasoft\Ad-Aware\aawtray .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Spyware Doctor\pctstray .exe
c:\program files\Verizon\mccitrayapp .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"wukiwebit"="c:\windows\system32\zugikime.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SharedTaskScheduler-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SharedTaskScheduler-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SharedTaskScheduler-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SSODL-tewevamez-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SSODL-nitusajab-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SSODL-dolahamon-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SSODL-jogagizum-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SafeBoot-klmdb.sys
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-27 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-03-27 15:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 19:45

Pre-Run: 75,872,481,280 bytes free
Post-Run: 75,695,722,496 bytes free

- - End Of File - - 7DDF17709E7C0E227E4C421DAAC986BD

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Sat Mar 27, 2010 8:39 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\program files\8728890.dat

    c:\windows\system32\bizivata.dll
    c:\windows\system32\bogogife.dll
    c:\windows\system32\buloboti.dll
    c:\windows\system32\fakiyegi.dll
    c:\windows\system32\gekininu.dll
    c:\windows\system32\hanipolu.dll
    c:\windows\system32\hogayigi.dll
    c:\windows\system32\kelahudu.dll
    c:\windows\system32\lokomoha.dll
    c:\windows\system32\nodujohu.dll
    c:\windows\system32\nuyujivu.dll
    c:\windows\system32\polufili.dll
    c:\windows\system32\riwozubi.dll
    c:\windows\system32\ronilipi.dll
    c:\windows\system32\samotaso.dll
    c:\windows\system32\sikafemu.dll
    c:\windows\system32\sudovufu.dll
    c:\windows\system32\susiwoye.dll
    c:\windows\system32\taloziku.dll
    c:\windows\system32\tayoyeza.dll
    c:\windows\system32\tijayoni.exe
    c:\windows\system32\tisibufu.dll
    c:\windows\system32\vigenayu.dll

    Renv::
    c:\program files\AIM6\aim6 .exe
    c:\program files\ATI Technologies\ATI.ACE\cli .exe
    c:\program files\Common Files\Symantec Shared\ccapp .exe
    c:\program files\CyberLink\PowerDVD\pdvdserv .exe
    c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
    c:\program files\iTunes\ituneshelper .exe
    c:\program files\Lavasoft\Ad-Aware\aawtray .exe
    c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
    c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
    c:\program files\Norton 360\oscheck .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\Spyware Doctor\pctstray .exe
    c:\program files\Verizon\mccitrayapp .exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Remote System Protection"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vigutiture"=-
    "wukiwebit"=-
    "Adobe_Reader"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Remote System Protection"=-
    "Security Guard"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
    TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Mar 27, 2010 9:56 pm

Okay, thanks! Here it is...

ComboFix 10-03-26.02 - Ann 2010-03-27 17:34:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1800 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.scr
Command switches used :: /S
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 20:19 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 20:19 . 2010-03-27 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:19 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:25 . 2010-03-14 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-24 16:42 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 21:44 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-27 21:40 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-27 21:39 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-27 21:31 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 02:43 . 2010-03-14 02:43 17920 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\hookdll.dll
2010-03-14 02:43 . 2010-03-14 02:43 962560 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\dbf70700 .exe
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\bogogife.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\buloboti.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\fakiyegi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\gekininu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\hanipolu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\kelahudu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\lokomoha.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\nodujohu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\polufili.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\ronilipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\system32\samotaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\sudovufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\susiwoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tayoyeza.dll
1601-01-01 00:03 . 1601-01-01 00:03 173568 --sha-w- c:\windows\system32\tijayoni.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vigenayu.dll
.
Code:
<pre>
c:\program files\AIM6\aim6 .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lavasoft\Ad-Aware\aawtray .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Spyware Doctor\pctstray .exe
c:\program files\Verizon\mccitrayapp .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"wukiwebit"="c:\windows\system32\zugikime.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-27 17:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1060)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-03-27 17:50:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 21:49
ComboFix2.txt 2010-03-27 19:45

Pre-Run: 75,689,504,768 bytes free
Post-Run: 75,589,591,040 bytes free

- - End Of File - - C844D83B9EE50F2815AB9DED5F0ABCEE

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Sat Mar 27, 2010 10:21 pm

Hello.
That didn't work right, did you run the CFScript I gave you?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Mar 27, 2010 10:38 pm

Yes, but let me try it again and I will repost my findings...

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Mar 27, 2010 11:37 pm

Here we go...

ComboFix 10-03-27.02 - Ann 2010-03-27 19:19:56.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1763 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.scr
Command switches used :: /S
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nowepeto.dll
c:\windows\Tasks\zqjtjhpw.job

.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 20:19 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 20:19 . 2010-03-27 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:19 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:25 . 2010-03-14 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-24 16:42 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 23:26 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-27 23:26 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-27 22:50 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-27 21:39 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 02:43 . 2010-03-14 02:43 17920 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\hookdll.dll
2010-03-14 02:43 . 2010-03-14 02:43 962560 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\dbf70700 .exe
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\bogogife.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\buloboti.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\fakiyegi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\gekininu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\hanipolu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\kelahudu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\lokomoha.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\nodujohu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\pagoteba.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\polufili.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\ronilipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\system32\samotaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\system32\soyeviwa.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\sudovufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\susiwoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tayoyeza.dll
1601-01-01 00:03 . 1601-01-01 00:03 173568 --sha-w- c:\windows\system32\tijayoni.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vigenayu.dll
.
Code:
<pre>
c:\program files\AIM6\aim6 .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lavasoft\Ad-Aware\aawtray .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Spyware Doctor\pctstray .exe
c:\program files\Verizon\mccitrayapp .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]
"wukiwebit"="c:\windows\system32\nowepeto.dll" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{7d455ead-64d0-4cc8-b035-ce6c9df0adcc} - c:\windows\system32\nowepeto.dll
SSODL-vesuzigoh-{7d455ead-64d0-4cc8-b035-ce6c9df0adcc} - c:\windows\system32\nowepeto.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-27 19:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-03-27 19:36:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 23:35
ComboFix2.txt 2010-03-27 21:50
ComboFix3.txt 2010-03-27 19:45

Pre-Run: 75,606,302,720 bytes free
Post-Run: 75,564,867,584 bytes free

- - End Of File - - 759940ACE4AB86D19AFB4CE9D69080B2

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Sun Mar 28, 2010 12:43 pm

Hello.
Weird why Combofix says the command switch used was /S, I do notice however you are running Combofix.exe as a .scr file, please delete it and download a new copy that is .exe.

Try run my script again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sun Mar 28, 2010 12:57 pm

Okay, sure will.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sun Mar 28, 2010 1:37 pm

I'm only able to run it with the SCR at the end. I tried Combo-Fix.exe and Combofix.exe and neither of those will run. It says there was an issue with installation and that a reboot of the computer is needed.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sun Mar 28, 2010 4:38 pm

ComboFix 10-03-27.03 - Ann 2010-03-28 11:55:56.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1719 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\Combo-fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ativva5x.dat
c:\windows\system32\loseteni.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 11:04 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 11:04 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 11:04 . 2010-03-28 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 10:58 . 2010-02-02 14:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-28 10:58 . 2010-02-02 14:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-28 10:58 . 2010-02-02 14:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-28 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-28 02:27 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 16:28 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-28 16:27 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-28 13:49 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-28 13:23 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-27 21:39 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
.
Code:
<pre>
c:\program files\AIM6\aim6 .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lavasoft\Ad-Aware\aawtray .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Spyware Doctor\pctstray .exe
c:\program files\Verizon\mccitrayapp .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]
"wukiwebit"="c:\windows\system32\nowepeto.dll" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-03-28 6:58 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-03-28 6:58 AM 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-03-14 233136]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-03-14 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-03-28 6:58 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-28 12:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1076)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-03-28 12:35:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 16:35
ComboFix2.txt 2010-03-27 23:36
ComboFix3.txt 2010-03-27 21:50
ComboFix4.txt 2010-03-27 19:45

Pre-Run: 75,419,652,096 bytes free
Post-Run: 75,457,159,168 bytes free

- - End Of File - - 4DC362DDD12D16BE9EBFE2EA5DF3ACF4

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Sun Mar 28, 2010 4:47 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sun Mar 28, 2010 5:19 pm

I've tried downloading it several times and each time it fails after install. It says...

A Pop-up box that says "Setup"

Unable to Execute file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.

***Note: I've tried different variations and for a brief nano second I get to the scan page, but then it fails immediately and disappears.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sun Mar 28, 2010 8:49 pm

Also after installing it, sometimes if I try to double click on "Malwarebytes' Anti-Malware" it asks me which program I want to use to open it. Everything else on my computer seems to work fine except this one.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Mon Mar 29, 2010 12:22 am

Hello.
Lets try this a different way then.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\8728890.dat
    c:\windows\system32\bizivata.dll
    c:\windows\system32\bogogife.dll
    c:\windows\system32\buloboti.dll
    c:\windows\system32\fakiyegi.dll
    c:\windows\system32\gekininu.dll
    c:\windows\system32\hanipolu.dll
    c:\windows\system32\hogayigi.dll
    c:\windows\system32\kelahudu.dll
    c:\windows\system32\lokomoha.dll
    c:\windows\system32\nodujohu.dll
    c:\windows\system32\nuyujivu.dll
    c:\windows\system32\polufili.dll
    c:\windows\system32\riwozubi.dll
    c:\windows\system32\ronilipi.dll
    c:\windows\system32\samotaso.dll
    c:\windows\system32\sikafemu.dll
    c:\windows\system32\sudovufu.dll
    c:\windows\system32\susiwoye.dll
    c:\windows\system32\taloziku.dll
    c:\windows\system32\tayoyeza.dll
    c:\windows\system32\tijayoni.exe
    c:\windows\system32\tisibufu.dll
    c:\windows\system32\vigenayu.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Remote System Protection"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vigutiture"=-
    "wukiwebit"=-
    "Adobe_Reader"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Remote System Protection"=-
    "Security Guard"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4098ae48-3f18-4678-b8bd-77d31e5f01cb}]
    "NameServer"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Mon Mar 29, 2010 1:52 am

Okay great, I will give it a try! Thanks!

Right On!

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Mon Mar 29, 2010 1:53 am

Wow, that was fast. Here are the results...

========== FILES ==========
c:\program files\8728890.dat moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\bizivata.dll
c:\windows\system32\bizivata.dll moved successfully.
File/Folder c:\windows\system32\bogogife.dll not found.
File/Folder c:\windows\system32\buloboti.dll not found.
File/Folder c:\windows\system32\fakiyegi.dll not found.
File/Folder c:\windows\system32\gekininu.dll not found.
File/Folder c:\windows\system32\hanipolu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\hogayigi.dll
c:\windows\system32\hogayigi.dll moved successfully.
File/Folder c:\windows\system32\kelahudu.dll not found.
File/Folder c:\windows\system32\lokomoha.dll not found.
File/Folder c:\windows\system32\nodujohu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\nuyujivu.dll
c:\windows\system32\nuyujivu.dll moved successfully.
File/Folder c:\windows\system32\polufili.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\riwozubi.dll
c:\windows\system32\riwozubi.dll moved successfully.
File/Folder c:\windows\system32\ronilipi.dll not found.
File/Folder c:\windows\system32\samotaso.dll not found.
File/Folder c:\windows\system32\sikafemu.dll not found.
File/Folder c:\windows\system32\sudovufu.dll not found.
File/Folder c:\windows\system32\susiwoye.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\taloziku.dll
c:\windows\system32\taloziku.dll moved successfully.
File/Folder c:\windows\system32\tayoyeza.dll not found.
File/Folder c:\windows\system32\tijayoni.exe not found.
DllUnregisterServer procedure not found in c:\windows\system32\tisibufu.dll
c:\windows\system32\tisibufu.dll moved successfully.
File/Folder c:\windows\system32\vigenayu.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{940d0ca2-1da7-4c85-b314-52a878575b57}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vigutiture deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wukiwebit deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe_Reader deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Security Guard deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4098ae48-3f18-4678-b8bd-77d31e5f01cb} not found.

OTM by OldTimer - Version 3.1.10.1 log created on 03282010_215222

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Mon Mar 29, 2010 6:21 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Tue Mar 30, 2010 10:43 am

Thanks! Here it is...

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:42:34 AM, on 2010-03-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {940d0ca2-1da7-4c85-b314-52a878575b57} - sikafemu.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vigutiture] Rundll32.exe "sasisudi.dll",s
O4 - HKLM\..\Run: [wukiwebit] Rundll32.exe "c:\windows\system32\nuyujivu.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD}: NameServer = 217.23.14.75,4.2.2.1,192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: lofiketo.dll c:\windows\system32\hogayigi.dll c:\windows\system32\nuyujivu.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: yajisilar - {50214219-ef55-4ddd-9dad-207e4e7e4f56} - c:\windows\system32\nuyujivu.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: tokatiluy - {50214219-ef55-4ddd-9dad-207e4e7e4f56} - c:\windows\system32\nuyujivu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 12383 bytes

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Tue Mar 30, 2010 10:14 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {940d0ca2-1da7-4c85-b314-52a878575b57} - sikafemu.dll (file missing)
    O4 - HKLM\..\Run: [vigutiture] Rundll32.exe "sasisudi.dll",s
    O4 - HKLM\..\Run: [wukiwebit] Rundll32.exe "c:\windows\system32\nuyujivu.dll",a
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD}: NameServer = 217.23.14.75,4.2.2.1,192.168.1.1
    O20 - AppInit_DLLs: lofiketo.dll c:\windows\system32\hogayigi.dll c:\windows\system32\nuyujivu.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O21 - SSODL: yajisilar - {50214219-ef55-4ddd-9dad-207e4e7e4f56} - c:\windows\system32\nuyujivu.dll (file missing)
    O22 - SharedTaskScheduler: tokatiluy - {50214219-ef55-4ddd-9dad-207e4e7e4f56} - c:\windows\system32\nuyujivu.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Wed Mar 31, 2010 2:05 am

Thanks, I did as you asked. Everything went well except for the Malwarebytes' Anti-Malware installation. I ran it and updated it, however when I tried to run it, I got this pop-up/error message...

"Missing Shortcut

Windows is searching for mbam.exe. To locate the file yourself, click Browse."

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Wed Mar 31, 2010 1:06 pm

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Thu Apr 01, 2010 8:51 am

Thanks! Will do...

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Thu Apr 01, 2010 10:22 am

Okay, a couple of problems...

1). I found Antivirus XP running on my computer this morning. I used RKILL to get it to stop.

2). I downloaded and ran SuperAntiSpyware, but couldn't get the log at first. It told me I needed to reboot to get some of the viruses off.

3). I rebooted and found I could not get into any of the files. (I got the popup where it asked me which program to use to open the file. I couldn't open SuperAntiSpyware).

4). So I ran combo-fix again, and after I did everything seemed to work again. I was able to get the SuperAntiSpyware log and here it is...

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 04/01/2010 at 05:28 AM

Application Version : 4.35.1000

Core Rules Database Version : 4756
Trace Rules Database Version: 2568

Scan type : Complete Scan
Total Scan Time : 00:34:16

Memory items scanned : 572
Memory threats detected : 1
Registry items scanned : 6056
Registry threats detected : 7
File items scanned : 24688
File threats detected : 35

Trojan.Agent/Gen-RogueAV
C:\DOCUMENTS AND SETTINGS\ANN\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
C:\DOCUMENTS AND SETTINGS\ANN\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE

Adware.Vundo/Variant-Senorita
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}\InprocServer32
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SIKAFEMU.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\TALOZIKU.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertise[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tripod[1].txt
C:\Documents and Settings\Ann\Cookies\ann@realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@trafficmp[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@statcounter[2].txt
C:\Documents and Settings\Ann\Cookies\ann@counter.surfcounters[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[3].txt
C:\Documents and Settings\Ann\Cookies\ann@zedo[2].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@overture[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[2].txt
C:\Documents and Settings\Ann\Cookies\ann@revsci[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[2].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\ann@lfstmedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[2].txt
C:\Documents and Settings\Ann\Cookies\ann@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@businessfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@[You must be registered and logged in to see this link.]

Adware.Vundo/Variant-Nx
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\BIZIVATA.DLL

Adware.Vundo/Variant-[Fixed]
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\RIWOZUBI.DLL
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\TISIBUFU.DLL

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Thu Apr 01, 2010 10:23 am

To be safe I'm going to shut down this computer. I will use my laptop to check for your responses.

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Thu Apr 01, 2010 11:37 pm

Hello.
Is the machine running any better now? SAS should have caught most of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Fri Apr 02, 2010 1:46 am

It does seem to be working alot better. Even the issue in my browser when I would do searches is gone. Thanks!

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Fri Apr 02, 2010 10:40 am

I found some more stuff on there this morning and ran the Super Antispyware program. It seems to have worked and here's the log...

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 04/02/2010 at 06:37 AM

Application Version : 4.35.1000

Core Rules Database Version : 4760
Trace Rules Database Version: 2572

Scan type : Complete Scan
Total Scan Time : 00:29:05

Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 24674
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[3].txt

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Belahzur on Fri Apr 02, 2010 1:45 pm

Cookies is nothing to worry about, everyone has them and they are used by your browsers.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AntiMalware Doctor

Post by Misteretc on Sat Apr 03, 2010 10:13 am

Oh sure, so I put it to its paces last night, no anomalies. So I'm considering my machine healed. Thanks sooooo much for your patience and help. Have a safe and happy Easter Belahzur!

Thank You!

Misteretc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 113
Joined : 2010-03-14
Gender : Male
OS : Microsoft Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum