Can't get rid of Malware Doctor virus

View previous topic View next topic Go down

Can't get rid of Malware Doctor virus

Post by thekyros on Wed May 27, 2009 7:29 pm

I have tried running Malwarebytes Anti-Malware program and rebooting a few times now and this thing keeps coming back. Below is the hijack file. Any help will be greatly appreciated. Thank you, Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:28 PM, on 5/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The Kyro's\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - jhxm32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Fast Browser Search - {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKUS\S-1-5-19\..\Run: [zosisopowu] Rundll32.exe "C:\WINDOWS\system32\yenohoto.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\yikiduta.dll c:\windows\system32\redumavo.dll C:\WINDOWS\system32\jufiyayu.dll jamwix.dll c:\windows\system32\zohojusu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Advanced System Products, Inc. - (no file)
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 13655 bytes

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Origin on Thu May 28, 2009 2:27 am


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
    O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
    O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - jhxm32.dll (file missing)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
    O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
    O4 - HKUS\S-1-5-19\..\Run: [zosisopowu] Rundll32.exe "C:\WINDOWS\system32\yenohoto.dll",s (User 'LOCAL SERVICE')
    O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
    O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
    O4 - .DEFAULT Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (User 'Default user')
    O4 - Startup: ChkDisk.dll
    O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\yikiduta.dll c:\windows\system32\redumavo.dll C:\WINDOWS\system32\jufiyayu.dll jamwix.dll c:\windows\system32\zohojusu.dll
    O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.




1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Fri May 29, 2009 12:27 am

Things are just getting worse. This thing has disabled my virus scanner, task manager, and most of my other programs including Hijackthis. I can't open or run anything. Is there a way to fix this virus manually? Please help. I'm really frustrated. Thank you for your time.

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Fri May 29, 2009 3:45 am

OK making forward progress... Started PC in safemode and was able to run Antivirus, Malwarebytes Anti-Malware, and Hijackthis. Rebooted and ran combofix. Here is the logfile:

ComboFix 09-05-28.07 - The Kyro's 05/28/2009 20:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1607 [GMT -7:00]
Running from: c:\documents and settings\The Kyro's\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\protect.dll
c:\documents and settings\The Kyro's\Application Data\inst.exe
c:\documents and settings\The Kyro's\Application Data\wiaserva.log
c:\documents and settings\The Kyro's\protect.dll
c:\documents and settings\The Kyro's\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\The Kyro's\Start Menu\Programs\Startup\ChkDisk.lnk
C:\htvopym.exe
c:\program files\Common Files\System\Uninstall
c:\windows\IE4 Error Log.txt
c:\windows\Install.txt
c:\windows\system32\8241_2.exe
c:\windows\system32\autochk.dll
c:\windows\system32\awalomik.ini
c:\windows\system32\certstore.dat
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthxuxrrvltk.sys
c:\windows\system32\idewepil.ini
c:\windows\system32\lmn_setup.exe
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\msncache.dll
c:\windows\system32\omebosal.ini
c:\windows\system32\ovfsthxffousqql.dat
c:\windows\system32\ovfsthxgwnxusle.dat
c:\windows\system32\ovfsthxiepmataw.dll
c:\windows\system32\ovfsthxirnqmuby.dll
c:\windows\system32\ovfsthxqkxlmrox.dll
c:\windows\system32\sysloc
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\uniq.tll
c:\windows\system32\win32x.exe
c:\windows\system32\wtukd32.exe
c:\windows\system32\yhafd78auhd.dll
C:\xcrashdump.dat

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it Smile
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxfwcfxnia
-------\Legacy_6to4
-------\Legacy_ASHEVTSVC
-------\Legacy_AVAST!ANTIVIRUS
-------\Legacy_dhcpsrv
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_msncache
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Legacy_win32x
-------\Legacy_ZUMIE_SEARCH_SERVICE
-------\Service_AshEvtSvc
-------\Service_avast!Antivirus
-------\Service_FreezeScreenSaver
-------\Service_msncache
-------\Service_ntalme
-------\Service_win32x
-------\Service_Zumie Search Service


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-28 17:09 . 2009-05-28 17:09 40448 ----a-w c:\windows\system32\bekbn.dll
2009-05-28 06:44 . 2009-05-29 02:32 -------- d-----w c:\windows\dhcp
2009-05-26 12:15 . 2009-05-26 12:15 2 ---h--w c:\windows\sonce122730.dat
2009-05-26 11:15 . 2009-05-26 11:18 105 ----a-w C:\tj.vbs
2009-05-20 14:00 . 2009-05-20 14:00 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-18 23:05 . 2009-05-18 23:05 -------- d-----w c:\documents and settings\The Kyro's\Local Settings\Application Data\Mozilla
2009-05-18 22:50 . 2009-05-18 22:50 62580 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-14 10:20 . 2009-05-14 10:20 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-14 10:20 . 2009-05-14 10:20 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-08 22:59 . 2009-05-08 22:59 -------- d-----w c:\documents and settings\The Kyro's\Local Settings\Application Data\SCE
2009-05-08 22:44 . 2009-05-08 22:44 -------- d-----w c:\windows\Logs
2009-05-08 22:44 . 2006-09-28 23:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-05-08 22:44 . 2009-05-08 22:59 -------- d-----w c:\program files\Sony Online Entertainment
2009-05-07 16:33 . 2009-05-07 17:57 -------- d-----w c:\windows\system32\796525

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 03:22 . 2009-04-20 20:53 -------- d-----w c:\program files\SPAMfighter
2009-05-29 03:15 . 2005-08-16 10:18 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-29 02:34 . 2008-06-17 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-27 19:11 . 2007-01-15 03:20 88 --sh--r c:\windows\system32\7573D02E0E.sys
2009-05-27 19:11 . 2006-02-25 18:53 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-26 19:42 . 2006-02-17 01:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 15:03 . 2008-06-17 04:26 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 15:03 . 2008-06-17 04:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-19 15:03 . 2008-03-29 05:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 18:22 . 2009-01-08 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-04-29 10:00 . 2007-07-04 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 04:31 . 2008-01-05 00:18 -------- d-----w c:\program files\Nick Arcade
2009-04-25 19:46 . 2008-12-15 19:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 19:45 . 2009-03-06 19:25 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-20 20:54 . 2009-04-20 20:54 -------- d-----w c:\program files\Common Files\Application
2009-04-13 21:46 . 2009-04-13 21:46 -------- d-----w c:\program files\iLike
2009-04-13 21:46 . 2008-10-03 20:32 -------- d-----w c:\program files\iTunes
2009-04-10 18:46 . 2009-04-10 18:46 -------- d-----w c:\documents and settings\The Kyro's\Application Data\CherryHill
2009-04-06 22:32 . 2008-12-15 19:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-15 19:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\program files\iPod
2009-04-04 02:32 . 2007-12-30 15:10 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 02:30 . 2008-10-03 20:29 -------- d-----w c:\program files\QuickTime
2009-04-04 02:26 . 2009-04-04 02:26 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-04-04 02:25 . 2008-11-29 03:19 -------- d-----w c:\program files\Safari
2009-03-06 20:36 . 2009-03-19 15:49 91520 ----a-w c:\windows\system32\WebIQEngineSetup.exe
2009-03-06 14:22 . 2005-08-16 10:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 10:18 826368 ----a-w c:\windows\system32\wininet.dll
2004-08-10 11:00 . 2005-08-16 10:18 94784 --sh--w c:\windows\twain.dll
2008-04-14 00:12 . 2005-08-16 10:18 50688 --sh--w c:\windows\twain_32.dll
2007-01-15 03:19 . 2006-02-25 18:53 56 --sh--r c:\windows\system32\0E2ED07375.sys
2008-05-14 03:33 . 2008-05-14 03:33 56 --sh--r c:\windows\system32\5516EC56E3.sys
2008-04-14 00:11 . 2005-08-16 10:18 1028096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2005-08-16 10:18 57344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2005-08-16 10:18 413696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2005-08-16 10:18 343040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2005-08-16 10:18 551936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2005-08-16 10:18 84992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2005-08-16 10:18 11776 --sh--w c:\windows\system32\regsvr32.exe
.

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Fri May 29, 2009 3:46 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-17 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"FBSearch"="c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe" [2008-11-26 325504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-3-18 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 15:03 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"=
"c:\\WINDOWS\\system32\\hphipm09.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2008 9:26 PM 325896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2008 9:26 PM 298776]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 7:54 AM 18864]
S1 2021abd0;2021abd0;c:\windows\system32\drivers\2021abd0.sys --> c:\windows\system32\drivers\2021abd0.sys [?]
S1 42b68f75;42b68f75;c:\windows\system32\drivers\42b68f75.sys --> c:\windows\system32\drivers\42b68f75.sys [?]
S1 4caeb7a;4caeb7a;c:\windows\system32\drivers\4caeb7a.sys --> c:\windows\system32\drivers\4caeb7a.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-05-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\The Kyro's\Application Data\Mozilla\Firefox\Profiles\obffn6up.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-28 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe??Program Files\AVG\AVG8;C:\Pro

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-29 20:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 03:36

Pre-Run: 184,917,528,576 bytes free
Post-Run: 188,446,822,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

278 --- E O F --- 2009-05-14 10:02

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Belahzur on Fri May 29, 2009 3:49 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
2021abd0
42b68f75
4caeb7a

File::
c:\windows\system32\bekbn.dll
c:\windows\sonce122730.dat
C:\tj.vbs

Folder::
c:\windows\dhcp
c:\windows\system32\796525

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-

DDS::
uInternet Settings,ProxyServer = http=localhost:7171

Firefox::
FF - ProfilePath - c:\documents and settings\The Kyro's\Application Data\Mozilla\Firefox\Profiles\obffn6up.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Sat May 30, 2009 4:17 am

Thank you so much for your help. Here's the log file:
ComboFix 09-05-29.01 - The Kyro's 05/29/2009 16:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1303 [GMT -7:00]
Running from: c:\documents and settings\The Kyro's\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\The Kyro's\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\tj.vbs"
"c:\windows\sonce122730.dat"
"c:\windows\system32\bekbn.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tj.vbs
c:\windows\dhcp
c:\windows\sonce122730.dat
c:\windows\system32\796525
c:\windows\system32\bekbn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_2021abd0
-------\Service_42b68f75
-------\Service_4caeb7a


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-20 14:00 . 2009-05-20 14:00 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-18 23:05 . 2009-05-18 23:05 -------- d-----w c:\documents and settings\The Kyro's\Local Settings\Application Data\Mozilla
2009-05-18 22:50 . 2009-05-18 22:50 62580 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-14 10:20 . 2009-05-14 10:20 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-08 22:59 . 2009-05-08 22:59 -------- d-----w c:\documents and settings\The Kyro's\Local Settings\Application Data\SCE
2009-05-08 22:44 . 2009-05-08 22:44 -------- d-----w c:\windows\Logs
2009-05-08 22:44 . 2006-09-28 23:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-05-08 22:44 . 2009-05-08 22:59 -------- d-----w c:\program files\Sony Online Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 04:01 . 2009-04-20 20:53 -------- d-----w c:\program files\SPAMfighter
2009-05-29 03:15 . 2005-08-16 10:18 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-29 02:34 . 2008-06-17 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-27 19:11 . 2007-01-15 03:20 88 --sh--r c:\windows\system32\7573D02E0E.sys
2009-05-27 19:11 . 2006-02-25 18:53 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-26 19:42 . 2006-02-17 01:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 15:03 . 2008-06-17 04:26 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 15:03 . 2008-06-17 04:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-19 15:03 . 2008-03-29 05:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 18:22 . 2009-01-08 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-04-29 10:00 . 2007-07-04 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 04:31 . 2008-01-05 00:18 -------- d-----w c:\program files\Nick Arcade
2009-04-25 19:46 . 2008-12-15 19:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 19:45 . 2009-03-06 19:25 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-20 20:54 . 2009-04-20 20:54 -------- d-----w c:\program files\Common Files\Application
2009-04-13 21:46 . 2009-04-13 21:46 -------- d-----w c:\program files\iLike
2009-04-13 21:46 . 2008-10-03 20:32 -------- d-----w c:\program files\iTunes
2009-04-10 18:46 . 2009-04-10 18:46 -------- d-----w c:\documents and settings\The Kyro's\Application Data\CherryHill
2009-04-06 22:32 . 2008-12-15 19:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-15 19:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\program files\iPod
2009-04-04 02:32 . 2007-12-30 15:10 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 02:30 . 2008-10-03 20:29 -------- d-----w c:\program files\QuickTime
2009-04-04 02:26 . 2009-04-04 02:26 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-04-04 02:25 . 2008-11-29 03:19 -------- d-----w c:\program files\Safari
2009-03-06 20:36 . 2009-03-19 15:49 91520 ----a-w c:\windows\system32\WebIQEngineSetup.exe
2009-03-06 14:22 . 2005-08-16 10:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 10:18 826368 ----a-w c:\windows\system32\wininet.dll
2004-08-10 11:00 . 2005-08-16 10:18 94784 --sh--w c:\windows\twain.dll
2008-04-14 00:12 . 2005-08-16 10:18 50688 --sh--w c:\windows\twain_32.dll
2007-01-15 03:19 . 2006-02-25 18:53 56 --sh--r c:\windows\system32\0E2ED07375.sys
2008-05-14 03:33 . 2008-05-14 03:33 56 --sh--r c:\windows\system32\5516EC56E3.sys
2008-04-14 00:11 . 2005-08-16 10:18 1028096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2005-08-16 10:18 57344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2005-08-16 10:18 413696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2005-08-16 10:18 343040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2005-08-16 10:18 551936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2005-08-16 10:18 84992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2005-08-16 10:18 11776 --sh--w c:\windows\system32\regsvr32.exe
.

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Sat May 30, 2009 4:17 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-17 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"FBSearch"="c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe" [2008-11-26 325504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-3-18 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 15:03 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"=
"c:\\WINDOWS\\system32\\hphipm09.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2008 9:26 PM 325896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2008 9:26 PM 298776]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 7:54 AM 18864]
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-05-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\The Kyro's\Application Data\Mozilla\Firefox\Profiles\obffn6up.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-29 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe??Program Files\AVG\AVG8;C:\Pro

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-30 21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 04:11
ComboFix2.txt 2009-05-29 03:37

Pre-Run: 188,401,774,592 bytes free
Post-Run: 188,416,081,920 bytes free

209 --- E O F --- 2009-05-14 10:02

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Belahzur on Sat May 30, 2009 12:29 pm

Hello.
That looks much better, nearly done now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Sun May 31, 2009 3:35 am

1Click DVD Copy 4.2.9.11
1Click DVD Copy 5.5.9.0
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ACDSee
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 8.5
Bonjour
Compatibility Pack for the 2007 Office system
CopyToDVD
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center
DellSupport
Digital Content Portal
DING!
DVD43 v4.4.0
EducateU
ELIcon
Fast Browser Search Protection
Firefox Quick Uploader plugin
Free Realms Installer
Google
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo Imaging Software
HP Photo Printing Software
hp photosmart 1115 series
hp photosmart printer series (Remove only)
HP Share-to-Web
iLike Sidebar
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nero 7 Ultra Edition
Netflix Movie Viewer
NVIDIA Drivers
Otto
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegCure 1.5.1.3
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPAMfighter
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
V CAST Music with Rhapsody
Viewpoint Media Player
WD Diagnostics
WebCyberCoach 3.2 Dell
WebIQ Technology Engine
Windows Genuine Advantage v1.3.0254.0
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Wizard101
Yahoo! Toolbar
Yontoo Layers Client for Internet Explorer 1.02.28

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Belahzur on Sun May 31, 2009 12:36 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Fast Browser Search Protection
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    RegCure 1.5.1.3
    SPAMfighter
    Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Mon Jun 01, 2009 4:10 am

My machine is running awesome!!!!! Thank you guys so much. I have one last question for you. Why do you want me to remove RegCure 1.5.1.3 and SPAMfighter? I use both on my machine everyday. Do you have a good reason for removing them?

Thanks again,
Mike

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Belahzur on Mon Jun 01, 2009 2:06 pm

RegCure is a registry cleaner/modifyer, the machine needs the registry to work properly. If RegCure deletes one wrong key or tells you to delete certain keys that the system needs, it will cause your system to become unstable and maybe never boot again.

I've never heard of SPAMfighter and I don't know what kind of reputation it has and how effective it is, I would prefer you use MBAM if you need a good general everyday scanner.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.] if you want it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by thekyros on Mon Jun 01, 2009 4:12 pm

GeekPolice,

Thank you so much for your help and recommendations. You have a great service that you offer here. My machine is running at light speed again and virus free. Seeing that I couldn't even turn it on anymore this is a HUGE accomplishment!!!! I have donated some cash for you folks. I hope others that you help do the same. Hopefully I won't need your service again, but if I do, I know where you're located.

Thanks again,
Mike

thekyros
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-05-27
OS OS : xp
Points Points : 27511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't get rid of Malware Doctor virus

Post by Belahzur on Mon Jun 01, 2009 4:38 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum