Removing Antimalware doctor

View previous topic View next topic Go down

Removing Antimalware doctor

Post by Bahizzle on 2nd May 2010, 8:27 pm

I turned on my computer to find at least 15 error messages. A new program 'antimalware doctor' was installed on my programs list. I googled it and followed the instructions on how to delete it. Ran malwarebytes update, scanned and deleted all selected files, and then rebooted. Logged on again and it is gone from my add/remove programs list in control panel but still exists in my program list, and I still got the 15 error messages, please help, thanks in advance.

Bahizzle
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-02
OS OS : Windows XP
Points Points : 24188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Antimalware doctor

Post by Belahzur on 2nd May 2010, 9:05 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removing Antimalware doctor

Post by Bahizzle on 2nd May 2010, 10:02 pm

extras.Txt:

OTL Extras logfile created on: 5/2/2010 5:59:29 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Brandon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 417.78 Gb Free Space | 89.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-211AD67
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58287:TCP" = 58287:TCP:*:Enabled:Pando Media Booster
"58287:UDP" = 58287:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58930:TCP" = 58930:TCP:*:Enabled:Pando Media Booster
"58930:UDP" = 58930:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"58287:TCP" = 58287:TCP:*:Enabled:Pando Media Booster
"58287:UDP" = 58287:UDP:*:Enabled:Pando Media Booster
"1040:TCP" = 1040:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{40C1F0EE-FDF7-4974-9761-169D7BA738DE}_is1" = Free Windows Registry Cleaner 2.0
"{42F0F402-D23B-4D57-8C34-1FFB46A6AB8D}" = Remere's Map Editor
"{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX20IS" = Canon PowerShot SX20 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Gunz" = ijji - Gunz
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Perfect World Vendetta 1.4.2" = Perfect World Vendetta 1.4.2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Raganrok Renewal" = Ragnarok Renewal
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SumatraPDF" = Sumatra PDF reader
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002 OEM" = WordPerfect Office 2002 OEM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2010 9:01:36 PM | Computer Name = BRANDON-211AD67 | Source = Application Hang | ID = 1002
Description = Hanging application wpwin10.exe, version 10.0.0.517, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2010 11:36:30 AM | Computer Name = BRANDON-211AD67 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 updater.exe, P2 1.0.0.1, P3 48addd4a, P4 system,
P5 2.0.0.0, P6 4333ae87, P7 38f5, P8 2f, P9 system.argumentexception, P10 NIL.

Error - 1/24/2010 10:48:26 AM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x6da433c0.

Error - 1/24/2010 10:48:55 AM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x6da433c0.

Error - 1/24/2010 10:50:37 AM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x6da433c0.

Error - 1/24/2010 10:55:55 AM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.4.0, faulting module unknown,
version 0.0.0.0, fault address 0x6da433c0.

Error - 1/24/2010 11:29:45 AM | Computer Name = BRANDON-211AD67 | Source = Application Hang | ID = 1002
Description = Hanging application tibialoader.exe, version 1.1.0.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/24/2010 11:40:41 AM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x6da433c0.

Error - 1/27/2010 10:27:34 PM | Computer Name = BRANDON-211AD67 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 tibialoader.exe, P2 1.1.0.4, P3 49f18d49, P4
system.windows.forms, P5 2.0.0.0, P6 4333aefa, P7 143f, P8 e, P9 system.nullreferenceexception,
P10 NIL.

Error - 1/31/2010 7:41:46 PM | Computer Name = BRANDON-211AD67 | Source = Application Error | ID = 1000
Description = Faulting application tibia.exe, version 8.5.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

[ System Events ]
Error - 5/2/2010 4:09:26 PM | Computer Name = BRANDON-211AD67 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/2/2010 4:09:26 PM | Computer Name = BRANDON-211AD67 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/2/2010 4:10:35 PM | Computer Name = BRANDON-211AD67 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/2/2010 4:22:57 PM | Computer Name = BRANDON-211AD67 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/2/2010 4:22:57 PM | Computer Name = BRANDON-211AD67 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/2/2010 4:24:07 PM | Computer Name = BRANDON-211AD67 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/2/2010 5:00:00 PM | Computer Name = BRANDON-211AD67 | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 5/2/2010 5:00:00 PM | Computer Name = BRANDON-211AD67 | Source = Schedule | ID = 7901
Description = The At42.job command failed to start due to the following error: %%2147942402

Error - 5/2/2010 6:00:00 PM | Computer Name = BRANDON-211AD67 | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 5/2/2010 6:00:00 PM | Computer Name = BRANDON-211AD67 | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402


< End of report >

OTL.Txt:

OTL logfile created on: 5/2/2010 5:59:29 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Brandon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 417.78 Gb Free Space | 89.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-211AD67
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/02 17:58:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
PRC - [2010/04/21 13:38:44 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 09:44:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/31 11:40:36 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/31 11:40:35 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/31 11:40:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/02 17:58:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/08 15:58:43 | 002,504,280 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3653.dll -- (Akamai)
SRV - [2010/03/31 11:40:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/22 17:30:00 | 003,067,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/02 08:45:06 | 000,070,600 | ---- | M] ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - [2010/04/21 13:38:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/31 11:41:03 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/31 11:41:02 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/31 17:33:30 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/01/20 06:53:06 | 005,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/01 05:13:42 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/30 09:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 13:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 09:50:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/30 21:05:55 | 000,000,000 | ---D | M]

[2009/09/06 11:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Extensions
[2009/09/06 11:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/08/28 14:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/01 20:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\rhj5w03y.default\extensions
[2009/08/28 12:25:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\rhj5w03y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/03 12:16:54 | 000,000,000 | ---D | M] (OnRPG Toolbar) -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\rhj5w03y.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}
[2010/04/17 21:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\rhj5w03y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/01 20:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe ()
O4 - HKLM..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\reggeniescheduler.exe ()
O4 - HKLM..\Run: [ShwiconXP6377] C:\Program Files\Multimedia Card Reader(6337)\shwiconx.exe ()
O4 - HKCU..\Run: [] C:\Documents and Settings\Brandon\Desktop\Ng\tibia854.exe File not found
O4 - HKCU..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe ()
O4 - HKCU..\Run: [gotnewupdate.exe] C:\Documents and Settings\Brandon\Application Data\4CD22CBC5E0208F94CF7D133AE651C37\gotnewupdate.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\pmb.exe ()
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [RegUp Software] C:\WINDOWS\shvmdll.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brandon\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 17:14:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 17:58:33 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
[2010/05/02 16:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Application Data\Malwarebytes
[2010/05/02 16:00:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/02 16:00:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/02 16:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/02 16:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/02 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2010/05/02 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2010/05/02 15:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/02 15:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/02 15:31:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/02 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/02 15:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Local Settings\Application Data\illvgdmfu
[2010/05/02 15:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Application Data\4CD22CBC5E0208F94CF7D133AE651C37
[2010/05/02 08:45:06 | 000,070,600 | ---- | C] ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\XDva344.sys
[2010/04/26 20:09:04 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2010/04/25 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\My Documents\New Folder (2)
[2010/04/25 10:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\My Documents\Gunz
[2010/04/25 09:52:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Brandon\Application Data\ijjigame
[2010/04/25 09:50:57 | 000,713,312 | ---- | C] (NHN USA) -- C:\WINDOWS\System32\ijjiSetup.exe
[2010/04/25 09:50:57 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\WINDOWS\System32\uc_wepic_launching.dll
[2010/04/25 09:50:57 | 000,208,384 | ---- | C] () -- C:\WINDOWS\System32\uc_rohan_launching.dll
[2010/04/25 09:50:57 | 000,147,456 | ---- | C] (TODO: ) -- C:\WINDOWS\System32\uc_neosteam_launching.dll
[2010/04/25 09:50:57 | 000,086,624 | ---- | C] (.) -- C:\WINDOWS\System32\ijjiChannelingPlugin.dll
[2010/04/25 09:50:57 | 000,075,264 | ---- | C] (.) -- C:\WINDOWS\System32\uc_holybeast_launching.dll
[2010/04/25 09:50:57 | 000,064,000 | ---- | C] (.) -- C:\WINDOWS\System32\uc_sfighters_launching.dll
[2010/04/25 09:50:57 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\WINDOWS\System32\ijjiProcessRestarter.exe
[2010/04/25 09:50:57 | 000,061,440 | ---- | C] (.) -- C:\WINDOWS\System32\uc_atlantica_launching.dll
[2010/04/25 09:50:57 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\WINDOWS\System32\ijjiPlugin2.dll
[2010/04/25 09:50:57 | 000,053,248 | ---- | C] (.) -- C:\WINDOWS\System32\uc_luminary_launching.dll
[2010/04/25 09:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\GunZ
[2010/04/25 09:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\My Documents\New Folder
[2010/04/17 08:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect World Vendetta
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/02 18:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/02 17:58:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
[2010/05/02 17:53:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/02 17:09:21 | 059,513,353 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/02 17:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/02 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/02 17:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/02 16:22:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 16:22:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 16:21:32 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Brandon\NTUSER.DAT
[2010/05/02 16:21:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Brandon\ntuser.ini
[2010/05/02 16:21:27 | 004,813,634 | -H-- | M] () -- C:\Documents and Settings\Brandon\Local Settings\Application Data\IconCache.db
[2010/05/02 16:00:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/02 16:00:05 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 16:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 15:38:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brandon\;;
[2010/05/02 15:31:54 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/02 15:31:05 | 000,056,766 | ---- | M] () -- C:\WINDOWS\shvmdll.exe
[2010/05/02 15:00:18 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gunz.lnk
[2010/05/02 12:24:29 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2010/05/02 08:45:06 | 000,070,600 | ---- | M] ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\XDva344.sys
[2010/05/01 11:06:44 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Brandon\jagex_runescape_preferences2.dat
[2010/05/01 11:01:56 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Brandon\jagex_runescape_preferences.dat
[2010/04/30 22:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:41:17 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Brandon\Desktop\Microsoft Word.lnk
[2010/04/28 12:36:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 20:17:53 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battle of the Immortals.lnk
[2010/04/25 08:45:58 | 000,503,200 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 08:45:58 | 000,427,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 08:45:58 | 000,066,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/22 14:13:04 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Brandon\Desktop\verizon.lnk
[2010/04/21 13:38:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 20:16:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brandon\jagex__preferences3.dat
[2010/04/03 14:56:50 | 000,016,348 | -HS- | M] () -- C:\Documents and Settings\Brandon\Local Settings\Application Data\XORQ
[2010/04/03 14:56:50 | 000,016,348 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 16:00:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/02 15:38:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brandon\;;
[2010/05/02 15:32:14 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/05/02 15:31:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/02 15:31:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/02 15:31:05 | 000,056,766 | ---- | C] () -- C:\WINDOWS\shvmdll.exe
[2010/04/26 20:17:53 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Battle of the Immortals.lnk
[2010/04/25 10:16:32 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gunz.lnk
[2010/04/25 09:50:57 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/22 14:13:04 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Brandon\Desktop\verizon.lnk
[2010/04/20 20:16:49 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Brandon\jagex_runescape_preferences2.dat
[2010/04/20 20:16:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brandon\jagex__preferences3.dat
[2010/04/20 20:15:07 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Brandon\jagex_runescape_preferences.dat
[2010/04/03 14:55:03 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\Brandon\Local Settings\Application Data\XORQ
[2010/04/03 14:55:03 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/01/02 18:30:06 | 000,000,610 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/11/08 09:54:44 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/11/08 09:54:43 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/08/14 12:39:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 281 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BE50C2B
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE74317
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E41EAF13
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Bahizzle
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-02
OS OS : Windows XP
Points Points : 24188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Antimalware doctor

Post by Bahizzle on 2nd May 2010, 11:28 pm

these are the errors I get

Bahizzle
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-02
OS OS : Windows XP
Points Points : 24188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Antimalware doctor

Post by Bahizzle on 3rd May 2010, 12:41 am

I got the errors to go away, I just needed to create new shortcuts, I got rid of the infected file, virus scanned my computer with malwarebytes, avg, and bitdefender, and there are no threats. The only problem now is my internet is being.. well stupid. Ill search for something on yahoo.com or google. com click on the link, and it will bring me to a totally random website, it doesnt matter what I search.

Bahizzle
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-02
OS OS : Windows XP
Points Points : 24188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing Antimalware doctor

Post by Belahzur on 3rd May 2010, 9:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum