Antimalware Doctor-Need removal

View previous topic View next topic Go down

Antimalware Doctor-Need removal

Post by TheConfusedOne on Tue Oct 26, 2010 1:10 am

Hello.

I am having a problem with Antimalware Doctor.
I tried the guide [You must be registered and logged in to see this link.] but when I restarted my computer, the Antimalware Doctor window showed up again.

I have no logs or anything to speak of but I can get them if you tell me what to get.

Thanks.

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Tue Oct 26, 2010 11:52 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Tue Oct 26, 2010 11:58 pm

I only got OTL.txt, not Extras.txt.
Here is OTL.txt:

OTL logfile created on: 10/26/2010 5:56:58 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Nick Hammer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 108.51 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Drive D: | 3.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICK | User Name: Nick Hammer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 17:53:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Hammer\My Documents\Downloads\OTL(2).exe
PRC - [2010/08/25 22:05:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/03 19:38:22 | 000,550,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/05 16:28:08 | 000,585,728 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/06/10 08:20:06 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/11/15 04:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/06 15:49:02 | 000,454,656 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 17:53:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Hammer\My Documents\Downloads\OTL(2).exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/11/03 15:34:20 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS -- (DNINDIS5)
DRV - [2009/11/20 20:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/06/10 17:12:12 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/06/10 17:11:50 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/06/10 08:11:44 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/05/17 03:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/11/17 05:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "deadfrontier.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {d9b25e30-c1cf-11de-8a39-0800200c9a66}:3.5
FF - prefs.js..keyword.URL: "http://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 17:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 17:35:28 | 000,000,000 | ---D | M]

[2009/12/21 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Extensions
[2009/12/21 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/26 17:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions
[2010/03/10 20:12:59 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2009/12/11 15:52:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 16:25:47 | 000,000,000 | ---D | M] (Fasterfox Extra) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{ABD782DD-6EA5-4008-A03D-3FF46E886D38}
[2010/08/16 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/06/19 15:39:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/05 00:08:47 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2010/03/10 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2009/12/05 00:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2009/12/05 00:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/12/05 00:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2009/12/05 00:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2009/12/29 11:40:15 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\searchplugins\askcom.xml
[2009/12/21 13:03:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\searchplugins\bing.xml
[2010/10/26 17:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sxcroemanw.tmp] C:\Documents and Settings\Nick Hammer\Local Settings\Temp\sxcroemanw.tmp (Корпорация Майкрософт)
O4 - HKCU..\Run: [dirhuntsetup70700.exe] C:\Documents and Settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\dirhuntsetup70700.exe (Корпорация Майкрософт)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\Nick Hammer\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Nick Hammer\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/02 20:17:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 02:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/25 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2010/10/25 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/25 19:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/25 18:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/25 18:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/25 18:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/25 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Application Data\Malwarebytes
[2010/10/25 18:37:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/25 18:37:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/25 17:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}
[2010/10/25 17:51:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/25 17:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57
[2010/10/17 11:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\Random
[2010/10/17 00:46:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\Others
[2010/10/17 00:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\Games
[2010/10/16 23:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\Eminem - Recovery (2010)
[2010/10/16 22:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\K'naan Discography
[2010/10/16 22:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\SKILLET - DISCOGRAPHY [CHANNEL NEO]
[2010/10/16 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\Adobe
[2010/10/16 16:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/16 15:59:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick Hammer\Desktop\Fallout 3 Strat guide
[2010/10/12 17:06:53 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/12 17:06:53 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/12 17:06:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/04 23:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Hammer\My Documents\Artmunk
[2010/09/30 22:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Lhsp
[2010/09/30 22:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/09/29 18:09:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 17:57:15 | 000,761,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\grjmvhcpd.sys
[2010/10/26 17:53:44 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\Desktop\Mozilla Firefox (2).lnk
[2010/10/26 00:11:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/26 00:01:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/25 23:44:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-725345543-1003UA.job
[2010/10/25 23:11:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 22:11:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 21:36:00 | 000,000,005 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2010/10/25 21:36:00 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2010/10/25 21:35:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/25 21:35:49 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/25 21:35:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/25 21:23:35 | 000,002,846 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/10/25 21:13:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 21:13:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 21:13:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 18:55:36 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\Desktop\HiJackThis.lnk
[2010/10/25 18:37:31 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/25 17:53:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sveyeyeyog.dat
[2010/10/25 17:53:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ozinoqibuzixuq.bin
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 17:52:25 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 17:52:23 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\ymf2ks.dll
[2010/10/25 17:52:23 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\w6wob0le.dll
[2010/10/25 17:52:23 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\hqa85rar1b.dll
[2010/10/24 10:44:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-725345543-1003Core.job
[2010/10/22 20:10:33 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\jagex_runescape_preferences2.dat
[2010/10/22 20:01:35 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\jagex_runescape_preferences.dat
[2010/10/22 09:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/17 23:00:46 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\My Documents\Mult and div with sig figs.doc
[2010/10/17 19:53:09 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\.recently-used.xbel
[2010/10/17 00:39:32 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/16 22:37:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 03:18:41 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 03:02:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/08 03:02:30 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 03:02:30 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/07 16:32:47 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010/09/30 21:09:48 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Nick Hammer\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 17:53:44 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Desktop\Mozilla Firefox (2).lnk
[2010/10/25 21:23:35 | 000,002,846 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/10/25 18:55:36 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Desktop\HiJackThis.lnk
[2010/10/25 18:37:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/25 17:53:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sveyeyeyog.dat
[2010/10/25 17:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ozinoqibuzixuq.bin
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 17:52:28 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 17:52:25 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 17:52:25 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 17:52:23 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\ymf2ks.dll
[2010/10/25 17:52:23 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\w6wob0le.dll
[2010/10/25 17:52:23 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\hqa85rar1b.dll
[2010/10/25 17:52:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\grjmvhcpd.sys
[2010/10/17 23:00:46 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\My Documents\Mult and div with sig figs.doc
[2010/10/17 19:53:09 | 000,002,201 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\.recently-used.xbel
[2010/09/30 21:09:48 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
[2010/08/07 18:05:51 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2010/07/25 23:14:05 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/07/17 11:48:29 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 16:25:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/26 11:36:35 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Local Settings\Application Data\fusioncache.dat
[2010/01/02 16:34:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/12/13 13:22:24 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/12/13 13:22:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/02 20:53:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/02 20:38:07 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/12/02 20:31:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/02 20:31:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/02 20:29:18 | 000,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/12/02 20:28:47 | 000,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/12/02 20:28:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/12/02 20:28:41 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/12/02 14:05:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/11 13:27:24 | 000,578,508 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:20 | 003,204,336 | ---- | C] () -- C:\Documents and Settings\Nick Hammer\Application Data\com.kennettnet.MusicRescue4.plist

< End of report >

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Wed Oct 27, 2010 12:05 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Wed Oct 27, 2010 12:37 am

Here you are, sir.

ComboFix 10-10-25.04 - Nick Hammer 10/26/2010 18:19:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1228 [GMT -6:00]
Running from: c:\documents and settings\Nick Hammer\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57
c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\dirhuntsetup70700.exe
c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\enemies-names.txt
c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\local.ini
c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\lsrslt.ini
c:\documents and settings\Nick Hammer\jdk-6u17-windows-i586.exe
c:\documents and settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}
c:\documents and settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}\chrome.manifest
c:\documents and settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}\chrome\content\_cfg.js
c:\documents and settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}\chrome\content\overlay.xul
c:\documents and settings\Nick Hammer\Local Settings\Application Data\{FE8E386B-A9E1-4D83-BC6D-F6FE17137883}\install.rdf
c:\windows\system32\hqa85rar1b.dll
c:\windows\system32\w6wob0le.dll
c:\windows\system32\ymf2ks.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-26 08:04 . 2010-10-26 08:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-26 01:44 . 2010-10-26 01:44 -------- d-----w- c:\program files\Magical Jelly Bean
2010-10-26 00:55 . 2010-10-26 00:55 388096 ----a-r- c:\documents and settings\Nick Hammer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 00:55 . 2010-10-26 00:55 -------- d-----w- c:\program files\Trend Micro
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\documents and settings\Nick Hammer\Application Data\Malwarebytes
2010-10-26 00:37 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 00:37 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 23:54 . 2010-10-25 23:54 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-25 23:53 . 2010-10-25 23:53 0 ----a-w- c:\windows\Ozinoqibuzixuq.bin
2010-10-25 23:52 . 2010-10-27 00:32 761344 ----a-w- c:\windows\system32\drivers\grjmvhcpd.sys
2010-10-25 23:51 . 2010-10-25 23:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-16 22:23 . 2010-10-16 22:23 -------- d-----w- c:\documents and settings\Nick Hammer\Local Settings\Application Data\Adobe
2010-10-12 23:06 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 23:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 23:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-01 04:26 . 2010-10-05 05:13 -------- d-----w- c:\windows\Lhsp
2010-10-01 04:25 . 2010-10-01 04:26 -------- d-----w- c:\windows\speech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 22:32 . 2010-01-20 02:52 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-09-18 18:23 . 2004-08-03 23:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 23:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2004-08-03 23:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-03 22:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-03 23:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-05 02:09 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-03 23:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-03 23:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2005-04-01 04:17 . 2009-12-03 02:38 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Nick Hammer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-26 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-05-04 550232]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Nick Hammer\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2010-9-30 600904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launch TightVNC Server.lnk - c:\program files\TightVNC\WinVNC.exe [2009-12-4 585728]
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2004-4-6 454656]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56327:TCP"= 56327:TCP:Pando Media Booster
"56327:UDP"= 56327:UDP:Pando Media Booster

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - grjmvhcpd
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-725345543-1003Core.job
- c:\documents and settings\Nick Hammer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 23:28]

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-725345543-1003UA.job
- c:\documents and settings\Nick Hammer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 23:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Nick Hammer\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - deadfrontier.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Nick Hammer\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Nick Hammer\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-dirhuntsetup70700.exe - c:\documents and settings\Nick Hammer\Application Data\1972E643493CE28154EA7B8392A4BB57\dirhuntsetup70700.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-{A44BD8D0-DA93-11DE-6784-016F7F2518BE} - c:\program files\Artmunk\LoveChess The Greek Era (Free)\Uninst_LoveChess The Greek Era (Free).exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-26 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89A3F446]<<
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x899FBAB8]
2 ntkrnlpa[0x804EE130] -> CLASSPNP.SYS[0xB80E8FD7] -> \Device\Harddisk0\DR0[0x899FBAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000062[0x89A01B48]
4 ntkrnlpa[0x804EE130] -> ACPI.sys[0xB7F7F620] -> \Device\00000062[0x89A01B48]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x899FB030]
\Driver\nvata[0x89ACC4C8] -> IRP_MJ_CREATE -> 0x89A3F446
6 ntkrnlpa[0x804EE130] -> UNKNOWN[0x89A3F449] -> [0x899FB030]
error: Read \Device\Ide\IdePort0 The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\00000061 -> \??\IDE#DiskWDC_WD2000JS-00MHB0_____________________02.01C03#2020202057202D4443574E41314C343031393539#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7e52852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d5abd4
PacketIndicateHandler -> NDIS.sys @ 0xb7d66a21
SendHandler -> NDIS.sys @ 0xb7d5ad44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\grjmvhcpd]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\WININET.dll
c:\program files\Belkin\Nostromo\nost_FSH.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\vghd\VirtuaGirl_Downloader.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-10-26 18:35:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-27 00:35

Pre-Run: 116,432,982,016 bytes free
Post-Run: 116,999,647,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 52F8E9A60D47FE41260A285F7FFDF0C3

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Thu Oct 28, 2010 12:28 am

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Thu Oct 28, 2010 3:17 am

2010/10/27 21:14:47.0546 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 21:14:47.0546 ================================================================================
2010/10/27 21:14:47.0546 SystemInfo:
2010/10/27 21:14:47.0546
2010/10/27 21:14:47.0546 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/27 21:14:47.0546 Product type: Workstation
2010/10/27 21:14:47.0546 ComputerName: NICK
2010/10/27 21:14:47.0546 UserName: Nick Hammer
2010/10/27 21:14:47.0546 Windows directory: C:\WINDOWS
2010/10/27 21:14:47.0546 System windows directory: C:\WINDOWS
2010/10/27 21:14:47.0546 Processor architecture: Intel x86
2010/10/27 21:14:47.0546 Number of processors: 1
2010/10/27 21:14:47.0546 Page size: 0x1000
2010/10/27 21:14:47.0546 Boot type: Normal boot
2010/10/27 21:14:47.0546 ================================================================================
2010/10/27 21:14:47.0750 Initialize success
2010/10/27 21:14:50.0171 ================================================================================
2010/10/27 21:14:50.0171 Scan started
2010/10/27 21:14:50.0171 Mode: Manual;
2010/10/27 21:14:50.0171 ================================================================================
2010/10/27 21:14:51.0078 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 21:14:51.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 21:14:51.0218 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 21:14:51.0281 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 21:14:51.0515 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/27 21:14:51.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 21:14:51.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 21:14:52.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 21:14:52.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 21:14:52.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 21:14:52.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 21:14:52.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 21:14:52.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 21:14:52.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 21:14:52.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 21:14:52.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 21:14:52.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 21:14:52.0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 21:14:52.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 21:14:53.0062 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 21:14:53.0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 21:14:53.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 21:14:53.0218 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 21:14:53.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 21:14:53.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/27 21:14:53.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 21:14:53.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 21:14:53.0546 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/27 21:14:53.0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/27 21:14:53.0703 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 21:14:53.0718 Suspicious service (NoAccess): grjmvhcpd
2010/10/27 21:14:53.0781 grjmvhcpd (521e0dded7947cf103a23e97ad61481c) C:\WINDOWS\system32\drivers\grjmvhcpd.sys
2010/10/27 21:14:53.0781 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\grjmvhcpd.sys. md5: 521e0dded7947cf103a23e97ad61481c
2010/10/27 21:14:53.0781 grjmvhcpd - detected Locked service (1)
2010/10/27 21:14:53.0828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 21:14:53.0921 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 21:14:54.0046 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 21:14:54.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 21:14:54.0156 InCDfs (c2002debf6ba84197542aef4d0fe4651) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/10/27 21:14:54.0203 InCDPass (40f9a7fd0ca8548e51c2703ab864ffc8) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/10/27 21:14:54.0218 InCDrec (5a9b0fb7f01d2b014630b2d698bfd432) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/10/27 21:14:54.0250 incdrm (3b9d5870dd58b63a3a3619604effc93a) C:\WINDOWS\system32\drivers\incdrm.sys
2010/10/27 21:14:54.0359 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/27 21:14:54.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 21:14:54.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 21:14:54.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 21:14:54.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 21:14:54.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 21:14:54.0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 21:14:54.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 21:14:54.0718 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 21:14:54.0750 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 21:14:54.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 21:14:54.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 21:14:54.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 21:14:55.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 21:14:55.0062 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 21:14:55.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 21:14:55.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 21:14:55.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 21:14:55.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 21:14:55.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 21:14:55.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 21:14:55.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 21:14:55.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 21:14:55.0625 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/10/27 21:14:55.0718 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/10/27 21:14:55.0765 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 21:14:55.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 21:14:55.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 21:14:55.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 21:14:55.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 21:14:56.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 21:14:56.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 21:14:56.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 21:14:56.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 21:14:56.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 21:14:56.0359 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 21:14:56.0796 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 21:14:57.0203 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/10/27 21:14:57.0281 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 21:14:57.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 21:14:57.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 21:14:57.0390 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 21:14:57.0453 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 21:14:57.0515 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 21:14:57.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 21:14:57.0609 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 21:14:57.0828 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/27 21:14:57.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 21:14:57.0937 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/27 21:14:57.0968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 21:14:58.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 21:14:58.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 21:14:58.0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 21:14:58.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 21:14:58.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 21:14:58.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 21:14:58.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 21:14:58.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 21:14:58.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 21:14:58.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 21:14:58.0531 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/27 21:14:58.0671 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 21:14:58.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 21:14:58.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 21:14:58.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 21:14:59.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 21:14:59.0046 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 21:14:59.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 21:14:59.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 21:14:59.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 21:14:59.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 21:14:59.0437 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 21:14:59.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 21:14:59.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 21:14:59.0578 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 21:14:59.0671 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 21:14:59.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 21:14:59.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/27 21:14:59.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 21:14:59.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 21:14:59.0984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 21:15:00.0031 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/27 21:15:00.0093 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 21:15:00.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 21:15:00.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 21:15:00.0265 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 21:15:00.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 21:15:00.0359 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 21:15:00.0484 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/27 21:15:00.0500 ================================================================================
2010/10/27 21:15:00.0500 Scan finished
2010/10/27 21:15:00.0500 ================================================================================
2010/10/27 21:15:00.0515 Detected object count: 2
2010/10/27 21:15:08.0218 Locked service(grjmvhcpd) - User select action: Skip
2010/10/27 21:15:08.0234 \HardDisk0\MBR - will be cured after reboot
2010/10/27 21:15:08.0234 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure




Sorry for the late report, was busy getting packed for a vacation tomorrow Smile

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Fri Oct 29, 2010 1:23 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\Ozinoqibuzixuq.bin

    Driver::
    grjmvhcpd

    DDS::
    uStart Page = hxxp://www.ask.com?o=15450&l=dis

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\grjmvhcpd]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Sun Oct 31, 2010 4:01 pm

Sorry, was away from my computer for a few days.

ComboFix 10-10-30.09 - Nick Hammer 10/31/2010 9:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.987 [GMT -6:00]
Running from: c:\documents and settings\Nick Hammer\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Nick Hammer\Desktop\CFScript.txt

FILE ::
"c:\windows\Ozinoqibuzixuq.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ozinoqibuzixuq.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GRJMVHCPD
-------\Service_grjmvhcpd


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-26 08:04 . 2010-10-26 08:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-26 01:44 . 2010-10-26 01:44 -------- d-----w- c:\program files\Magical Jelly Bean
2010-10-26 00:55 . 2010-10-26 00:55 388096 ----a-r- c:\documents and settings\Nick Hammer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 00:55 . 2010-10-26 00:55 -------- d-----w- c:\program files\Trend Micro
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\documents and settings\Nick Hammer\Application Data\Malwarebytes
2010-10-26 00:37 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 00:37 . 2010-10-26 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 00:37 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 23:54 . 2010-10-25 23:54 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-25 23:52 . 2010-10-31 15:54 761344 ----a-w- c:\windows\system32\drivers\grjmvhcpd.sys
2010-10-25 23:51 . 2010-10-25 23:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-16 22:23 . 2010-10-16 22:23 -------- d-----w- c:\documents and settings\Nick Hammer\Local Settings\Application Data\Adobe
2010-10-12 23:06 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 23:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 23:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 22:32 . 2010-01-20 02:52 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-09-18 18:23 . 2004-08-03 23:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 23:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2004-08-03 23:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-03 22:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-03 23:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-05 02:09 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-03 23:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-03 23:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2005-04-01 04:17 . 2009-12-03 02:38 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-26 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-05-04 550232]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Nick Hammer\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2010-9-30 600904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launch TightVNC Server.lnk - c:\program files\TightVNC\WinVNC.exe [2009-12-4 585728]
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2004-4-6 454656]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56327:TCP"= 56327:TCP:Pando Media Booster
"56327:UDP"= 56327:UDP:Pando Media Booster

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Nick Hammer\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Nick Hammer\Application Data\Mozilla\Firefox\Profiles\e36i357m.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - deadfrontier.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Nick Hammer\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-31 09:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\program files\Belkin\Nostromo\nost_FSH.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\vghd\VirtuaGirl_Downloader.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-10-31 10:00:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 16:00
ComboFix2.txt 2010-10-27 00:35

Pre-Run: 116,563,820,544 bytes free
Post-Run: 116,524,818,432 bytes free

- - End Of File - - BE8523E4F9F12BA837331D488105828C

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Mon Nov 01, 2010 12:58 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Mon Nov 01, 2010 3:22 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ef416e33180a3d479fba13e15c5e38c8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-01 03:03:20
# local_time=2010-10-31 09:03:20 (-0600, Canada Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=51581
# found=3
# cleaned=3
# scan_time=1440
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ujepuvebuqa.dll a variant of Win32/Cimag.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\grjmvhcpd.sys a variant of Win32/Bubnix.BE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Belahzur on Tue Nov 02, 2010 12:43 am

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Mon Nov 08, 2010 1:37 am

Sorry it took so long, was incredibly busy :/

Anyway, running well now. Thank you!

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Dr Jay on Mon Nov 08, 2010 4:44 am

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by TheConfusedOne on Tue Nov 09, 2010 5:28 am

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.4.0
Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Computer is running great. Did all four steps.

TheConfusedOne
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-26
OS OS : Windows XP Pro
Points Points : 22441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor-Need removal

Post by Dr Jay on Tue Nov 09, 2010 11:04 am

Java Update!

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.


Dragon Prevention

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum