Antimalware Doctor

View previous topic View next topic Go down

Antimalware Doctor

Post by jewelcraft on Mon Sep 13, 2010 1:33 am

Help a virus has attacked my computer. It is acting like a virus detector, telling me im infected with many viruses, but it wont shut off or go away and I cant seem to remove it. It keeps popping up and closing what im doing and I cant make it stop. Please help

jewelcraft
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-07-04
OS OS : XP
Points Points : 27312
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on Mon Sep 13, 2010 10:03 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

============================================

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by jewelcraft on Wed Sep 15, 2010 12:46 am

ComboFix 10-09-13.01 - Wanda_2 09/14/2010 20:26:36.17.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1195 [GMT -4:00]
Running from: c:\documents and settings\Wanda_2\Desktop\ComboFix.exe
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hostntfscat.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-13 01:43 . 2010-09-13 01:39 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-09-10 20:11 . 2010-09-10 20:11 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-09-10 20:11 . 2010-09-10 20:11 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-09-10 20:11 . 2010-09-10 20:11 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-09-10 20:11 . 2010-09-10 20:11 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-09-10 20:11 . 2010-09-10 20:11 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-09-10 20:11 . 2010-09-10 20:11 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-09-10 20:11 . 2010-09-10 20:11 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-09-10 20:11 . 2010-09-10 20:11 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-09-10 20:11 . 2010-09-10 20:11 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-09-10 20:11 . 2010-09-10 20:11 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-09-10 20:11 . 2010-09-10 20:11 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-09-10 20:11 . 2010-09-10 20:11 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-08-27 00:47 . 2010-08-27 01:13 546 ----a-w- c:\windows\checkip.dat
2010-08-23 02:03 . 2010-08-23 02:03 -------- d-----w- c:\documents and settings\Jewel\Application Data\GameMill
2010-08-22 23:34 . 2010-08-22 23:34 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\GameMill
2010-08-22 23:34 . 2010-08-22 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GameMill
2010-08-22 23:34 . 2008-10-27 14:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-08-22 23:34 . 2008-10-27 14:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-08-22 23:34 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-22 23:34 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-08-22 23:34 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-08-22 23:32 . 2010-08-22 23:32 -------- d-----w- c:\windows\Logs
2010-08-22 23:30 . 2010-08-22 23:30 -------- d-----w- c:\documents and settings\Lexi_2\Local Settings\Application Data\Downloaded Installations
2010-08-22 23:29 . 2010-08-22 23:32 -------- d-----w- c:\program files\Game Mill Entertainment
2010-08-22 21:09 . 2010-08-22 21:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-22 20:56 . 2010-08-22 20:56 -------- d-----w- C:\ProgramData
2010-08-22 20:56 . 2010-08-22 20:56 -------- d-----w- c:\program files\Angle Interactive
2010-08-21 16:30 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 16:28 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 16:25 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 16:23 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 00:37 . 2008-09-09 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-15 00:26 . 2010-09-15 00:26 880 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-13 01:38 . 2009-11-13 17:57 -------- d-----w- c:\program files\SpywareGuard
2010-09-13 01:38 . 2009-09-26 02:22 -------- d-----w- c:\program files\STOPzilla!
2010-09-11 13:47 . 2010-03-21 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-11 13:38 . 2009-08-07 18:22 117760 ----a-w- c:\documents and settings\Wanda_2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-11 13:38 . 2009-08-07 18:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-11 04:54 . 2008-09-21 01:58 -------- d-----w- c:\program files\Total 3D Home
2010-09-10 19:00 . 2008-04-19 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-10 00:49 . 2008-10-01 01:42 81920 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\screensavercontoller.dll
2010-09-10 00:49 . 2008-10-01 01:42 151552 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\sysinfo.exe
2010-09-10 00:49 . 2008-10-01 01:42 1153816 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\flash.exe
2010-09-10 00:49 . 2008-10-01 01:42 1638404 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\swfplayer.exe
2010-09-06 16:38 . 2008-09-27 15:16 -------- d-----w- c:\documents and settings\Jewel\Application Data\Smilebox
2010-09-05 13:22 . 2008-09-23 13:52 68160 ----a-w- c:\documents and settings\Wanda_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 13:57 . 2008-09-07 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-08-28 13:57 . 2008-07-26 16:11 -------- d-----w- c:\program files\Yahoo! Games
2010-08-22 21:12 . 2010-08-22 21:12 4720 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-08-22 09:54 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA
2010-08-22 07:17 . 2008-04-19 04:44 -------- d-----w- c:\program files\Microsoft Works
2010-08-09 02:02 . 2008-07-21 02:42 134 ----a-w- c:\documents and settings\Jewel\Application Data\wklnhst.dat
2010-08-04 12:17 . 2010-08-01 21:25 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\ShopperReports3
2010-08-04 12:16 . 2010-08-04 12:16 -------- d-----w- c:\program files\Dogpile Toolbar
2010-08-04 12:16 . 2009-11-15 14:23 -------- d-----w- c:\program files\PlaySushi
2010-08-03 19:17 . 2010-08-03 19:17 -------- d-----w- c:\program files\FacePaint
2010-08-02 12:52 . 2010-08-02 12:52 202752 ----a-w- c:\documents and settings\Lexi_2\Application Data\Mozilla\Firefox\Profiles\zj3jvf37.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
2010-08-02 12:52 . 2010-08-02 12:52 202752 ----a-w- c:\documents and settings\Lexi_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\Jewel\Application Data\ShopperReports3
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\QuestDns
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestDns
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\ClickPotatoLite
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\Jewel\Application Data\ClickPotatoLite
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\ShopperReports3
2010-07-30 16:47 . 2010-08-01 18:39 57600 ----a-w- c:\documents and settings\All Users\Application Data\QuestDns\questdns110.exe
2010-06-30 12:31 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 17:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 17:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 17:51 80384 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-09-13 00:06 2735200 ----a-w- c:\program files\IObitCom\tbIOb0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe" [2010-03-16 243032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"uibootpack.exe"="c:\documents and settings\All Users\Start Menu\Programs\Startup\uibootpack.exe" [2010-09-15 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-5-10 1089536]
uibootpack.exe [2010-9-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jewel^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lexi_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Lexi_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wanda_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-01-20 01:46 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2008-02-15 11:03 1052672 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-28 19:01 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208580525\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
"c:\\Program Files\\iWin Games\\iWinTrusted.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [7/20/2008 4:33 PM 16855]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 1:30 PM 78104]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 6:57 PM 18944]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 2:36 PM 32528]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [1/11/2010 9:50 PM 104960]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [7/20/2008 4:33 PM 21808]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [1/11/2010 9:50 PM 14336]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [8/26/2008 5:14 PM 20496]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 gupdate1ca26895b87caa0;Google Update Service (gupdate1ca26895b87caa0);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 4:11 PM 133104]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]

2010-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-09-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-09-10 c:\windows\Tasks\Norton Security Scan for Wanda_2.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-29 23:58]

2010-09-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - [You must be registered and logged in to see this link.]
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1411.0\Firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-*hostntfscat.exe - c:\documents and settings\All Users\Application Data\hostntfscat.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-14 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,a1,c4,fd,1b,8c,63,41,81,ee,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,b6,31,0a,9e,6c,6b,45,bc,e9,8d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-14 20:39:51
ComboFix-quarantined-files.txt 2010-09-15 00:39
ComboFix2.txt 2010-09-14 01:18
ComboFix3.txt 2010-03-27 14:36
ComboFix4.txt 2010-01-07 03:13
ComboFix5.txt 2010-09-15 00:25

Pre-Run: 121,076,711,424 bytes free
Post-Run: 121,107,472,384 bytes free

- - End Of File - - 8AF36169DB11707005E642AAE804C3DB

jewelcraft
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-07-04
OS OS : XP
Points Points : 27312
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on Thu Sep 16, 2010 3:01 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by jewelcraft on Thu Sep 16, 2010 11:52 am

Malwarebytes' Anti-Malware 1.41
Database version: 3141
Windows 5.1.2600 Service Pack 3

9/16/2010 7:51:07 AM
mbam-log-2010-09-16 (07-51-07).txt

Scan type: Quick Scan
Objects scanned: 134512
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

jewelcraft
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-07-04
OS OS : XP
Points Points : 27312
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on Fri Sep 17, 2010 9:01 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum