Malware Doctor Removal Help

Good Morning Everyone. I am ready to kick Malware Doctor to the curb. I have run Malwarebytes Anti Malware. It scans then the computer seems fine. Then the Malware Doctor fake window pops back up again.

Help please! Virtual coffee to the person who helps me:-)

Thanks again!



DDS (Ver_09-05-14.01) - NTFSx86
Run by Rhodes Family at 7:41:00.48 on Sat 05/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1387 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rhodes Family\Desktop\dds.scr
C:\Documents and Settings\Rhodes Family\Desktop\dds.scr
C:\WINDOWS\system32\findstr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080510
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [windpipe] "c:\documents and settings\rhodes family\application data\google\fhexj6825097.exe" 2
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
uRun: [autochk] rundll32.exe c:\docume~1\rhodes~1\protect.dll,_IWMPEvents@16
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Windows Resurections] c:\windows\temp\a2vvzvd9.exe
dRun: [A00F37807C12.exe] c:\windows\temp\_A00F37807C12.exe
dRun: [InetChk] c:\windows\temp\ms1242165458.exe work
dRun: [SYS32DLL] SYS32DLL
dRun: [Diagnostic Manager] c:\windows\temp\290133390.exe
StartupFolder: c:\documents and settings\rhodes family\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\rhodes~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--2fa46137-6f89-4424-a62b-f10a9c6465ec/online/dream_chronicles/en/dreamweb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--d2266342-e0c1-4c87-abc7-db7529cf2c35/online/zenerchi/en/ZenerchiWeb.1.0.0.10.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--8ef03872-4f9e-4813-9de7-86891a472fff/online/wedding_dash/en/WeddingDash.1.0.0.47.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\nadusajo.dll,c:\windows\system32\,c:\windows\system32\
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\windows\system32\miriniwi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rhodes~1\applic~1\mozilla\firefox\profiles\soytrrx1.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-11 201320]
R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-11 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-11 144704]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-10 105984]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-11 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-11 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-11 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-11 40488]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-3-18 18560]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-11 33832]

=============== Created Last 30 ================

2009-05-23 07:11 61,440 a------- c:\windows\system32\drivers\svkddwz.sys
2009-05-23 00:48 23,552 a--sh--- c:\documents and settings\rhodes family\protect.dll
2009-05-23 00:48 23,552 a--sh--- c:\windows\system32\autochk.dll
2009-05-22 17:30 29,184 a------- c:\windows\system32\lklf32.dll
2009-05-22 08:02 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-05-22 08:01 1 a------- c:\windows\system32\uniq.tll
2009-05-22 07:32 29,184 a------- c:\windows\system32\jhxm32.dll
2009-05-22 07:30 32,768 a------- c:\windows\system32\avast!Antivirus.exe
2009-05-15 10:24 190 a------- C:\43214354.bat
2009-05-14 08:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-05-14 08:41 7,314,944 a------- c:\windows\system32\8241_2.exe
2009-05-13 11:49 118 a------- c:\windows\system32\MRT.INI
2009-05-12 16:33 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-12 16:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-05-04 22:09 <DIR> --d----- c:\docume~1\rhodes~1\applic~1\McAfee
2009-04-30 03:55 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-04-30 03:55 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-04-30 03:55 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-30 03:55 19,569 a------- c:\windows\003121_.tmp
2009-04-30 03:54 19,456 ac------ c:\windows\system32\dllcache\agt040d.dll
2009-04-30 03:54 19,456 ac------ c:\windows\system32\dllcache\agt0401.dll
2009-04-29 09:20 <DIR> --dsh--- c:\documents and settings\rhodes family\PrivacIE
2009-04-29 09:20 <DIR> --dsh--- c:\documents and settings\rhodes family\IECompatCache
2009-04-29 09:13 <DIR> --dsh--- c:\documents and settings\rhodes family\IETldCache
2009-04-29 09:03 <DIR> --d----- c:\windows\ie8updates
2009-04-29 09:02 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 09:01 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-29 09:00 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-28 23:06 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-28 23:05 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-28 23:05 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 23:05 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-28 23:05 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-28 23:05 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 23:05 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-28 23:05 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 23:05 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 23:05 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-28 23:05 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-28 23:05 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 23:05 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 23:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-28 23:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-28 23:01 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-28 12:13 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-28 12:12 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-28 12:11 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-28 12:11 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-28 12:01 172,032 a------- c:\windows\system32\igfxres.dll
2009-04-28 11:54 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-04-28 11:53 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-04-28 11:51 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-28 11:51 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-28 11:17 10,272 a------- c:\windows\system32\drivers\sfc.sys
2009-04-28 07:28 <DIR> --d----- c:\windows\dell
2009-04-27 16:48 648 a------- C:\xcrashdump.dat

==================== Find3M ====================

2009-05-22 08:01 104,960 a------- c:\windows\system32\userinit.exe
2009-04-28 11:50 23,444 a------- c:\windows\system32\emptyregdb.dat
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-08-28 17:50 60,744 a------- c:\documents and settings\rhodes family\g2mdlhlpx.exe
2008-07-15 16:29 134 a------- c:\docume~1\rhodes~1\applic~1\wklnhst.dat
2009-05-23 07:41 23,552 a--sh--- c:\windows\system32\autochk.dll
2008-09-08 13:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 7:44:18.04 ===============

Hello JenJR,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Please update and run Malwarebytes, post the log along with a fresh Hijackthis log.

Edited by SifuMike, 30 May 2009 - 09:46 AM.

HI and thank you for your reply!

Right now I am at work so when I get home tonight I will hopefully be able to run everything.

Thanks again!

Your welcome.

Hi Again and once again thank you so much for your help. This morning malware detected 9 files and could only get 8 of them. It asked me to reboot to get the last 1. Upon reboot my system would not come back up. My husband winded up reinstalling windows this morning.

I hope it is gone! Crossing my fingers!


Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Disabled!
NortonInternetSecurity
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Malwarebytes' Anti-Malware
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 32 seconds.
`````````End of Log```````````


Malware log below

Malwarebytes' Anti-Malware 1.37
Database version: 2230
Windows 5.1.2600 Service Pack 3

6/4/2009 5:44:08 PM
mbam-log-2009-06-04 (17-44-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 113823
Time elapsed: 42 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by JenJR, 04 June 2009 - 05:43 PM.

Hi,


Now post a fresh Hijackthis log (not a DDS log).

My husband winded up reinstalling windows this morning.

It you reformated and reinstalled windows then it will be gone.

Edited by SifuMike, 04 June 2009 - 05:47 PM.

Since your problem appears to be resolved, this thread will now be closed.