Antimalware Doctor

View previous topic View next topic Go down

Antimalware Doctor

Post by braves711 on 11th June 2011, 1:03 am

Hello,

I use Malware Bytes to get rid of antimalware doctor in both regular and safe mode. Below are the last couple of logs from Malware Bytes. I had a vicious virus on this computer before (not this computer I am currently on, but the infected one which is also xp) and had to use the recovery discs. Its about a year later and I had periodical viruses that were easily taken care of by Malware Bytes, but I need help for this particular virus.

Thanks for your time.

Files Infected:
C:\My Backup -- 25-06-09 1924\Documents and Settings\LocalService\Application Data\1458931097.exe (Trojan.MailFinder) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Ryan.Wade.exe (Trojan.Rabbit) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\148.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\BNA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\install[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\~TM1D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\~TM2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Local Settings\Temp\~TMFB3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Start Menu\Programs\Startup\asgupd32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\Documents and Settings\ryan.wade\Start Menu\Programs\Startup\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\system32\avast!AVSControlService.exe (Trojan.MailFinder) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2S6ZZKBS\167[1].exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BS0OE4AJ\test2[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5D1PHAR\install[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN143F.tmp (Trojan.Rabbit) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN1440.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN1441.tmp (Trojan.Rabbit) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN1442.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN1443.tmp (Trojan.Rabbit) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN1444.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\BN434.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\rdl29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\rdl71.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\~TM54EA3A.TMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\~TME.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\Temporary Internet Files\Content.IE5\57S41HQ2\ccsuper2[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DUB3U6O\ccsuper3[1].htm (Worm.Koobface) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DUB3U6O\ibcpduuv[1].htm (Worm.Koobface) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IDJUGRR1\ccsuper1[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 25-06-09 1924\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VOC97G7Q\rbbsg[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.


Files Infected:
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005114.exe (Trojan.MailFinder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005115.exe (Trojan.Rabbit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005116.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005117.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005118.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005119.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005120.exe (Trojan.MailFinder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005121.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005122.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP3\A0005123.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

braves711
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-15
OS OS : Vista
Points Points : 24038
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on 11th June 2011, 1:32 am

Hello!

Please run the [You must be registered and logged in to see this link.], and once done, press the View Report link. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by braves711 on 12th June 2011, 2:17 am

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Sat Jun 11 22:13:22 2011
Machine ID: 2811721F

C:\WINDOWS\system32\oleprnx.dll - could not be scanned


Found 7 infected files!
-----------------------

C:\Documents and Settings\Ryan Wade\Local Settings\Temp\Krq.exe --> Gen:Variant.Kazy.26073
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"YDZ1QVAGOJ"
--> c:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job

C:\Documents and Settings\All Users\Application Data\defender.exe --> Gen:Variant.Kazy.26250
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Security Protection"

C:\WINDOWS\system32\Nwsapagents.dll --> Gen:Trojan.Heur.LP.bu8@aOJgesci
--> HKLM\System\ControlSet001\services\Nwsapagent

C:\WINDOWS\olenuperamiyapa.dll --> Gen:Variant.Kazy.11661
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Ysewuhifucizep"

C:\WINDOWS\cftnom.exe --> Trojan.Generic.6072855

C:\WINDOWS\Ksopuc.exe --> Trojan.Generic.KDV.246122
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"KOQMLYTPE7"
--> c:\windows\tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job

C:\Documents and Settings\Ryan Wade\Application Data\7c9cr2a.exe --> Gen:Trojan.Heur.VP.gm0@aGTcfBgb
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"5zt1"



Processes
---------
Microsoft® Windows® Operating System 1844 C:\WINDOWS\system32\wisptis.exe
Tablet PC 1916 C:\WINDOWS\system32\tabbtnu.exe
(verified) Microsoft® Windows® Operating System 2020 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 208 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 872 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 860 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1296 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1364 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1472 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1048 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 388 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1552 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1668 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1668) connected on port 80 (HTTP) --> 66.235.142.14
Process iexplore.exe (1668) connected on port 80 (HTTP) --> 74.125.225.6

Process svchost.exe (1100) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
ag C:\WINDOWS\Ksopuc.exe
hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Agere SoftModem Messaging Applet C:\WINDOWS\AGRSMMSG.exe
AOL Service Libraries C:\Program Files\AIM6\aim6.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HP Digital Imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Imb C:\Documents and Settings\All Users\Application Data\defender.exe
Intel(R) PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE 6 U14 C:\Program Files\Java\jre6\bin\jusched.exe
jNHJhTDsbSXqctYSVFes C:\Documents and Settings\Ryan Wade\Application Data\conima.exe
Kodak EasyShare Software C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Snipping Tool C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
Microsoft® Windows® Operating System C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
Microsoft® Windows® Operating System C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe
Microsoft® Windows® Operating System C:\WINDOWS\help\SplshWrp.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\tpgwlnot.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
mJeSdGpxQXVisFvEKfAD C:\Documents and Settings\Ryan Wade\Application Data\7c9cr2a.exe
MPEG Capture Filter C:\WINDOWS\olenuperamiyapa.dll
PowerReg C:\Documents and Settings\Ryan Wade\Application Data\Leadertech\PowerRegister\Seagate 2GH20Q76 Product Registration.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
Qv x C:\Documents and Settings\Ryan Wade\Local Settings\Temp\Krq.exe
setui70vir.exe C:\Documents and Settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\setui70vir.exe
Shockwave C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tablet PC C:\WINDOWS\system32\TabBtnWL.dll
upd_debug.exe C:\Documents and Settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\upd_debug.exe
wELOHNkGwxfkinZSxRkH C:\Documents and Settings\Ryan Wade\Application Data\manager.exe
ZeroCfgSvc Application C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\wpdshserviceobj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
AOL Media Playback Control C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll
ArcadeOx Module C:\WINDOWS\Downloaded Program Files\arcadeox.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java(TM) Platform SE 6 U14 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U14 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Microsoft Support Diagnostic Tool C:\WINDOWS\Downloaded Program Files\MSDCode.DLL
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Move Streaming Media Player C:\Documents and Settings\Ryan Wade\Application Data\Move Networks\plugins\npqmp071505000011.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll


Missing files
-------------
File not found: C:\WINDOWS\system32\80g7j9tqc58m.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"80g7j9uqc5om"


Scan
----
MD5: c61e6f18f8afd300d1edf758e865cb57 C:\Documents and Settings\All Users\Application Data\defender.exe
MD5: 20fc638ed10c880860b7e27280993919 C:\Documents and Settings\Ryan Wade\Application Data\7c9cr2a.exe
MD5: 191af8c584b14b68388311a64a353d26 C:\Documents and Settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\setui70vir.exe
MD5: d96f3ec5e4594ce179c613bfc2480c79 C:\Documents and Settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\upd_debug.exe
MD5: d50fc9784bfed99968294603b4902ff7 C:\Documents and Settings\Ryan Wade\Application Data\conima.exe
MD5: 228166aaae00f9f4bd2a1e8d279e2abe C:\Documents and Settings\Ryan Wade\Application Data\Leadertech\PowerRegister\Seagate 2GH20Q76 Product Registration.exe
MD5: ef4c0ad079bc6909ba752763630d746f C:\Documents and Settings\Ryan Wade\Application Data\manager.exe
MD5: e66e9c5d42aa085891a4f67e7b2ca4df C:\Documents and Settings\Ryan Wade\Application Data\Move Networks\plugins\npqmp071505000011.dll
MD5: 3355357ac2ca587c34239dd22618c4ed C:\Documents and Settings\Ryan Wade\Local Settings\Temp\Krq.exe
MD5: 5b4af27e83da8385a9b08e76da730c91 C:\Program Files\AIM6\aim6.exe
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MD5: 2bfafbf6c7336324879117c75fbc60d7 C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
MD5: 129cf0fec79d9731ff79eb775e03cb1f C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe
MD5: 7283807c3b8f7189f016b30526151cde C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll
MD5: 6135b976e16f80c1b1363be882344785 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
MD5: cd403892f553586c70ff1e1a8de294bd c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: 2b6d566b536e695d9f40f5c19ae758b6 c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: eaa666e9dd8dcda6e075087091cb85ee C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
MD5: a04f4ac48895774a2cf9d1c9eaaacef0 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
MD5: 4c6fa3fd55087b7c35707068723a1710 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
MD5: f8a99d6f2c65c83d9e419164d427f1c6 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
MD5: 8ac155995f5d10fc0d3ad949a1a68075 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
MD5: 131d50f081d2e29ebd1365b21f6b9736 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
MD5: 0e81905f53b1a2a41558519cdcdc9c61 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
MD5: 3aa587c6446681de9f48953c51649831 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 144142846ac2ac8dfc81d27560713a3c C:\Program Files\Internet Explorer\xpshims.dll
MD5: 192e39c717013a0bd532b33ac29d6e7d c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 44ffba62f0f426b581759c49aafec2e2 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: d22d936f9ab0da3b8eb7537284867708 C:\Program Files\Java\jre6\bin\jusched.exe
MD5: 9a0ca264ec3210e77764c45ad7c5f339 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: e188695d1893591b21da95f5ab3c9ae3 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 03b21d60afe32e3db7ab439e2e636bc3 C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
MD5: cc065d46387e4a7e6ff99d7bb5c1769d C:\Program Files\QuickTime\qttask.exe
MD5: e3312f701b79dc917c4515498155e96f C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe
MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
MD5: 2aa9da5d7b69bab21e4e15ac0f2e172d C:\Program Files\windows journal\nbmaptip.dll
MD5: 6a2e0e49a4f2a9df3e6293e37e7486bd c:\program files\yahoo!\companion\installs\cpn\yt.dll
MD5: f64c4241fe5e519f62c47c361dc671d7 c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
MD5: c69752cd5011afb4f21ac39e6d555173 C:\WINDOWS\AGRSMMSG.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 9d446deb0080c583e58cf6be254a34cf C:\WINDOWS\cftnom.exe
MD5: 006c83751b9f17934b58085d0b7bda2c C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll
MD5: b01ebda04fbac6b22168867d721a4113 C:\WINDOWS\Downloaded Program Files\arcadeox.dll
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
MD5: 654ed66e2e45defe65e8a2dbd9d6fcdd C:\WINDOWS\help\SplshWrp.exe
MD5: d43637f8e835ddf2fe95fbe6242494b0 C:\WINDOWS\IME\SPGRMR.DLL
MD5: f6faec07446a78a9c5af4558ff5bd118 C:\WINDOWS\ime\sptip.dll
MD5: 7bb8170fe7821d15e9e07d5c141a9493 C:\WINDOWS\Ksopuc.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 405a1116b2909892a42ff83758a18908 C:\WINDOWS\olenuperamiyapa.dll
MD5: ea85c911c213873a975a5988ed19a66b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 7fa7c5018e1e3477b1dcdd1be83118f8 C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 5d3fde8fb2801a2041d1b965372c4928 C:\WINDOWS\system32\DNSAPI.dll
MD5: 375eb0b97e3950adef3633c27a82438b C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: 4e6294a06be883c9bd685a8dfd9fcd4e C:\WINDOWS\system32\DRIVERS\AGRSM.sys
MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\DRIVERS\cdrom.sys
MD5: 56ec5e54140471ce2b8723d476614e55 C:\WINDOWS\system32\DRIVERS\e1e5132.sys
MD5: d03d10f7ded688fecf50f8fbf1ea9b8a C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: 89f41658929393487b6b7d13c8528ce3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: fd7f9d74c2b35dbda400804a3f5ed5d8 C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS
MD5: dc2ce790c9b1c5b294c298b81d66fe65 C:\WINDOWS\system32\DRIVERS\mstabbtn.sys
MD5: 12b0d99865434387f784268b70e23360 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
MD5: e2c6abcbefb1d44f6aaeb1cd5d6062d4 C:\WINDOWS\system32\DRIVERS\s24trans.sys
MD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sys
MD5: cc314b6e5c2c73b849b57d3decd45bea C:\WINDOWS\system32\drivers\sthda.sys
MD5: cb01c7b5c9a9bf76c4dbd30256c4c001 C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: f779ba4cd37963ab4600c9871b7752a3 C:\WINDOWS\system32\drivers\tifm21.sys
MD5: aced8c149b30f8496c237bcba3727b48 C:\WINDOWS\system32\DRIVERS\wacompen.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 69c503c004f49aee8b8e3067cc047ba7 C:\WINDOWS\system32\HPZinw12.dll
MD5: 12b4549d515cb26bb8d375038017ca65 C:\WINDOWS\system32\HPZipm12.dll
MD5: 259249ec893b9630917a42764fab766e C:\WINDOWS\system32\IEFRAME.dll
MD5: 29f14816ba3cdb85682ac62b1b3a8ed6 C:\WINDOWS\system32\iepeers.dll
MD5: a29e2484852dc87ee3d55495b5020ab0 C:\WINDOWS\system32\iertutil.dll
MD5: e8179401795f1dffa6e50795bdd2090a C:\WINDOWS\system32\jscript.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr
MD5: 57348ed5916cf4a8d55680b31a482b35 C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx
MD5: c208c64bc02fb428b9d39d773c3d847f C:\WINDOWS\system32\msfeeds.dll
MD5: cbb1ef54b86edb78649909dd1699e5ca C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 98e53ca00d3c0a2e9faa4e59c101aeba C:\WINDOWS\system32\mslbui.dll
MD5: 832e4dd8964ab7acc880b2837cb1ed20 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: 619214a569bd795637ec964f71c54c53 C:\WINDOWS\system32\Nwsapagents.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: fc391e18ddac1b5a2117382c8b3aadb0 C:\WINDOWS\system32\TabBtn.dll
MD5: b1eff44c35fb2dc975aabaf2051c6ecd C:\WINDOWS\system32\tabbtnu.exe
MD5: c667afbb156fea40978a83122768d113 C:\WINDOWS\system32\TabBtnWL.dll
MD5: bd654980da5c2ee9cd2fdea5555c70d4 C:\WINDOWS\system32\tpgwlnot.dll
MD5: 25ff2fc157e6eb2d0f9030963c3fd64f C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll
MD5: 75240f6edbce7b85df66874407d38a4f C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 7af88cbf0e9c9fa65ad0c02b64658da9 C:\WINDOWS\system32\wisptis.exe
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\XmlLite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: bd38d1ebe24a46bd3eda059560afba12 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

The following file(s) must be uploaded for server-side scanning:
C:\Documents and Settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\upd_debug.exe
C:\Documents and Settings\Ryan Wade\Local Settings\Temp\Krq.exe
C:\Documents and Settings\All Users\Application Data\defender.exe
C:\WINDOWS\olenuperamiyapa.dll

Upload started - 4 file(s)
Krq.exe (170496)
upd_debug.exe (182784)
defender.exe (876544)
olenuperamiyapa.dll (368640)
Upload speed - 39 KB/s
Upload finished - 4 uploaded, 0 failed

Scan finished - communication took 40 sec
Total traffic - 1.53 MB sent, 0.73 KB recvd
Scanned 550 files and modules - 55 seconds

braves711
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-15
OS OS : Vista
Points Points : 24038
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on 12th June 2011, 2:39 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by braves711 on 12th June 2011, 3:07 pm

ComboFix 11-06-11.01 - Ryan Wade 06/12/2011 10:44:52.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1644 [GMT -4:00]
Running from: c:\documents and settings\Ryan Wade\Desktop\combofix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\defender.exe
c:\documents and settings\All Users\Desktop\Malware Protection.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Ryan Wade\Application Data\19ridof.log
c:\documents and settings\Ryan Wade\Application Data\7c9cr2a.exe
c:\documents and settings\Ryan Wade\Application Data\Adobe\plugs
c:\documents and settings\Ryan Wade\Application Data\Adobe\shed
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\enemies-names.txt
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\local.ini
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\lsrslt.ini
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\setui70vir.exe
c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\upd_debug.exe
c:\documents and settings\Ryan Wade\Application Data\conima.exe
c:\documents and settings\Ryan Wade\Application Data\h973fdtip.exe
c:\documents and settings\Ryan Wade\Application Data\inlog
c:\documents and settings\Ryan Wade\Application Data\Input.bat
c:\documents and settings\Ryan Wade\Application Data\j5my6yws5.exe
c:\documents and settings\Ryan Wade\Application Data\LocalAccountAuthority.bat
c:\documents and settings\Ryan Wade\Application Data\manager.exe
c:\documents and settings\Ryan Wade\Application Data\MouseDriver.bat
c:\documents and settings\Ryan Wade\Application Data\nrgch2ba.exe
c:\documents and settings\Ryan Wade\Application Data\Plug.bat
c:\documents and settings\Ryan Wade\Local Settings\Application Data\{15BD5E5C-0693-4B3A-BDEE-06D82C111B40}
c:\documents and settings\Ryan Wade\Local Settings\Application Data\{15BD5E5C-0693-4B3A-BDEE-06D82C111B40}\chrome.manifest
c:\documents and settings\Ryan Wade\Local Settings\Application Data\{15BD5E5C-0693-4B3A-BDEE-06D82C111B40}\chrome\content\_cfg.js
c:\documents and settings\Ryan Wade\Local Settings\Application Data\{15BD5E5C-0693-4B3A-BDEE-06D82C111B40}\chrome\content\overlay.xul
c:\documents and settings\Ryan Wade\Local Settings\Application Data\{15BD5E5C-0693-4B3A-BDEE-06D82C111B40}\install.rdf
c:\documents and settings\Ryan Wade\Local Settings\Application Data\conima.exe
c:\documents and settings\Ryan Wade\Local Settings\Application Data\inlog
c:\documents and settings\Ryan Wade\Local Settings\Application Data\Input.bat
c:\documents and settings\Ryan Wade\Local Settings\Application Data\LocalAccountAuthority.bat
c:\documents and settings\Ryan Wade\Local Settings\Application Data\lssas.exe
c:\documents and settings\Ryan Wade\Local Settings\Application Data\manager.exe
c:\documents and settings\Ryan Wade\Local Settings\Application Data\Plug.bat
c:\documents and settings\Ryan Wade\WINDOWS
c:\windows\cftnom.bat
c:\windows\cftnom.exe
c:\windows\jngspio.dll
c:\windows\Ksopuc.exe
c:\windows\olenuperamiyapa.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Nwsapagents.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\User.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_INPUT_MANAGER
-------\Legacy_MOUSEDRIVER
-------\Legacy_NWSAPAGENT
-------\Legacy_PLUG_MANAGER
-------\Legacy_SYSTEM_UPDATER
-------\Service_Input Manager
-------\Service_MouseDriver
-------\Service_Nwsapagent
-------\Service_Plug Manager
-------\Service_System Updater
-------\Legacy_Local_Account_Authority_Service
-------\Service_Local Account Authority Service
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 14:47 . 2011-06-12 14:47 182784 ----a-w- c:\documents and settings\Ryan Wade\Application Data\proppackevts.exe
2011-06-12 02:13 . 2011-06-12 02:13 -------- d-----w- c:\documents and settings\Ryan Wade\Application Data\QuickScan
2011-06-12 01:15 . 2011-06-12 01:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-11 00:29 . 2011-06-11 00:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-11 00:28 . 2011-06-11 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-08 20:18 . 2011-06-08 19:20 169984 ----a-w- c:\windows\Ksopub.exe
2011-06-08 20:15 . 2011-06-08 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-08 19:44 . 2011-06-08 19:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-08 19:32 . 2011-06-12 14:33 0 ----a-w- c:\windows\Ykotadutod.bin
2011-06-08 19:20 . 2011-06-12 14:47 -------- d-----w- c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D
2011-06-08 19:20 . 2011-06-08 19:20 148 ----a-w- c:\documents and settings\Ryan Wade\Application Data\1t71u4bzz.bat
2011-06-08 19:20 . 2011-06-08 19:20 169984 ----a-w- c:\windows\Ksopua.exe
2011-06-08 19:20 . 2011-06-08 19:20 102400 --sha-r- c:\windows\system32\oleprnx.dll
2011-05-28 22:27 . 2011-05-31 13:27 -------- d-----w- c:\documents and settings\Ryan Wade\Application Data\go
2011-05-28 22:27 . 2011-05-31 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-05-28 01:06 . 2011-05-28 01:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-06 827392]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-31 89542]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*proppackevts.exe"="c:\documents and settings\Ryan Wade\Application Data\proppackevts.exe" [2011-06-12 182784]
.
c:\documents and settings\Ryan Wade\Start Menu\Programs\Startup\
Seagate 2GH20Q76 Product Registration.lnk - c:\documents and settings\Ryan Wade\Application Data\Leadertech\PowerRegister\Seagate 2GH20Q76 Product Registration.exe [2010-4-8 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47242:TCP"= 47242:TCP:utorrent
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/27/2009 10:39 PM 24652]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [6/25/2009 11:00 PM 10496]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [6/25/2009 11:06 PM 14208]
S0 gtrele;gtrele;c:\windows\system32\drivers\civpttlt.sys --> c:\windows\system32\drivers\civpttlt.sys [?]
S0 omubx;omubx;c:\windows\system32\drivers\cvvg.sys --> c:\windows\system32\drivers\cvvg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2011 10:03 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2011 10:03 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 02:03]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 02:03]
.
2011-06-12 c:\windows\Tasks\User_Feed_Synchronization-{D5D25AE5-961D-4AC1-B6DF-2329F27085BA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {B8748B60-E34D-42AA-9309-8012CA4964AC} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KOQMLYTPE7 - c:\windows\Ksopuc.exe
HKCU-Run-Ncaxehegurix - c:\windows\jngspio.dll
HKCU-Run-setui70vir.exe - c:\documents and settings\Ryan Wade\Application Data\B0617C30C81898B6C3898BAB86C0AB8D\setui70vir.exe
HKCU-Run-Security Protection - c:\documents and settings\All Users\Application Data\defender.exe
HKLM-Run-80g7j9uqc5om - c:\windows\system32\80g7j9tqc58m.exe
HKLM-Run-5zt1 - c:\documents and settings\Ryan Wade\Application Data\7c9cr2a.exe
HKLM-Run-Plug Manager - c:\documents and settings\Ryan Wade\Application Data\manager.exe
HKLM-Run-Input Manager - c:\documents and settings\Ryan Wade\Application Data\conima.exe
HKLM-Run-Ysewuhifucizep - c:\windows\olenuperamiyapa.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-12 10:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-06-12 10:54:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-12 14:53
.
Pre-Run: 30,605,918,208 bytes free
Post-Run: 31,586,357,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8246086E8B9B5AE696D0254F87D5057D

braves711
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-15
OS OS : Vista
Points Points : 24038
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on 12th June 2011, 5:45 pm

Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by braves711 on 12th June 2011, 6:09 pm

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6842

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 2:06:09 PM
mbam-log-2011-06-12 (14-06-09).txt

Scan type: Quick scan
Objects scanned: 169634
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\KOQMLYTPE7 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Ksopua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Ksopub.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

braves711
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-15
OS OS : Vista
Points Points : 24038
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on 14th June 2011, 9:50 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antimalware Doctor

Post by Dr Jay on 21st June 2011, 7:27 am

Are you still with us?

It helps to know if we are providing the best assistance on solving computer problems.

Please reply with the latest details on how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum