Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Doctor Removal Help


  • This topic is locked This topic is locked
6 replies to this topic

#1 JenJR

JenJR

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 May 2009 - 06:58 AM

Good Morning Everyone. I am ready to kick Malware Doctor to the curb. I have run Malwarebytes Anti Malware. It scans then the computer seems fine. Then the Malware Doctor fake window pops back up again.

Help please! Virtual coffee to the person who helps me:-)

Thanks again!



DDS (Ver_09-05-14.01) - NTFSx86
Run by Rhodes Family at 7:41:00.48 on Sat 05/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1387 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rhodes Family\Desktop\dds.scr
C:\Documents and Settings\Rhodes Family\Desktop\dds.scr
C:\WINDOWS\system32\findstr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080510
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [windpipe] "c:\documents and settings\rhodes family\application data\google\fhexj6825097.exe" 2
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
uRun: [autochk] rundll32.exe c:\docume~1\rhodes~1\protect.dll,_IWMPEvents@16
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Windows Resurections] c:\windows\temp\a2vvzvd9.exe
dRun: [A00F37807C12.exe] c:\windows\temp\_A00F37807C12.exe
dRun: [InetChk] c:\windows\temp\ms1242165458.exe work
dRun: [SYS32DLL] SYS32DLL
dRun: [Diagnostic Manager] c:\windows\temp\290133390.exe
StartupFolder: c:\documents and settings\rhodes family\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\rhodes~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--2fa46137-6f89-4424-a62b-f10a9c6465ec/online/dream_chronicles/en/dreamweb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--d2266342-e0c1-4c87-abc7-db7529cf2c35/online/zenerchi/en/ZenerchiWeb.1.0.0.10.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--8ef03872-4f9e-4813-9de7-86891a472fff/online/wedding_dash/en/WeddingDash.1.0.0.47.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\nadusajo.dll,c:\windows\system32\,c:\windows\system32\
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\windows\system32\miriniwi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rhodes~1\applic~1\mozilla\firefox\profiles\soytrrx1.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-11 201320]
R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-11 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-11 144704]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-10 105984]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-11 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-11 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-11 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-11 40488]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-3-18 18560]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-11 33832]

=============== Created Last 30 ================

2009-05-23 07:11 61,440 a------- c:\windows\system32\drivers\svkddwz.sys
2009-05-23 00:48 23,552 a--sh--- c:\documents and settings\rhodes family\protect.dll
2009-05-23 00:48 23,552 a--sh--- c:\windows\system32\autochk.dll
2009-05-22 17:30 29,184 a------- c:\windows\system32\lklf32.dll
2009-05-22 08:02 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-05-22 08:01 1 a------- c:\windows\system32\uniq.tll
2009-05-22 07:32 29,184 a------- c:\windows\system32\jhxm32.dll
2009-05-22 07:30 32,768 a------- c:\windows\system32\avast!Antivirus.exe
2009-05-15 10:24 190 a------- C:\43214354.bat
2009-05-14 08:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-05-14 08:41 7,314,944 a------- c:\windows\system32\8241_2.exe
2009-05-13 11:49 118 a------- c:\windows\system32\MRT.INI
2009-05-12 16:33 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-12 16:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-05-04 22:09 <DIR> --d----- c:\docume~1\rhodes~1\applic~1\McAfee
2009-04-30 03:55 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-04-30 03:55 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-04-30 03:55 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-30 03:55 19,569 a------- c:\windows\003121_.tmp
2009-04-30 03:54 19,456 ac------ c:\windows\system32\dllcache\agt040d.dll
2009-04-30 03:54 19,456 ac------ c:\windows\system32\dllcache\agt0401.dll
2009-04-29 09:20 <DIR> --dsh--- c:\documents and settings\rhodes family\PrivacIE
2009-04-29 09:20 <DIR> --dsh--- c:\documents and settings\rhodes family\IECompatCache
2009-04-29 09:13 <DIR> --dsh--- c:\documents and settings\rhodes family\IETldCache
2009-04-29 09:03 <DIR> --d----- c:\windows\ie8updates
2009-04-29 09:02 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 09:01 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-29 09:00 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-28 23:06 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-28 23:05 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-28 23:05 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 23:05 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-28 23:05 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-28 23:05 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 23:05 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-28 23:05 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 23:05 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 23:05 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-28 23:05 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-28 23:05 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 23:05 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 23:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-28 23:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-28 23:01 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-28 12:13 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-28 12:12 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-28 12:11 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-28 12:11 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-28 12:01 172,032 a------- c:\windows\system32\igfxres.dll
2009-04-28 11:54 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-04-28 11:53 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-04-28 11:51 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-28 11:51 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-28 11:51 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-28 11:17 10,272 a------- c:\windows\system32\drivers\sfc.sys
2009-04-28 07:28 <DIR> --d----- c:\windows\dell
2009-04-27 16:48 648 a------- C:\xcrashdump.dat

==================== Find3M ====================

2009-05-22 08:01 104,960 a------- c:\windows\system32\userinit.exe
2009-04-28 11:50 23,444 a------- c:\windows\system32\emptyregdb.dat
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-08-28 17:50 60,744 a------- c:\documents and settings\rhodes family\g2mdlhlpx.exe
2008-07-15 16:29 134 a------- c:\docume~1\rhodes~1\applic~1\wklnhst.dat
2009-05-23 07:41 23,552 a--sh--- c:\windows\system32\autochk.dll
2008-09-08 13:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 7:44:18.04 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 30 May 2009 - 09:42 AM

Hello JenJR,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Please update and run Malwarebytes, post the log along with a fresh Hijackthis log.

Edited by SifuMike, 30 May 2009 - 09:46 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 JenJR

JenJR
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 04 June 2009 - 07:56 AM

HI and thank you for your reply!

Right now I am at work so when I get home tonight I will hopefully be able to run everything.

Thanks again!

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 04 June 2009 - 12:14 PM

Your welcome. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 JenJR

JenJR
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 04 June 2009 - 05:40 PM

Hi Again and once again thank you so much for your help. This morning malware detected 9 files and could only get 8 of them. It asked me to reboot to get the last 1. Upon reboot my system would not come back up. My husband winded up reinstalling windows this morning.

I hope it is gone! Crossing my fingers!


Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
NortonInternetSecurity
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Malwarebytes' Anti-Malware
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 32 seconds.
`````````End of Log```````````


Malware log below

Malwarebytes' Anti-Malware 1.37
Database version: 2230
Windows 5.1.2600 Service Pack 3

6/4/2009 5:44:08 PM
mbam-log-2009-06-04 (17-44-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 113823
Time elapsed: 42 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by JenJR, 04 June 2009 - 05:43 PM.


#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 04 June 2009 - 05:44 PM

Hi,


Now post a fresh Hijackthis log (not a DDS log).

My husband winded up reinstalling windows this morning.

It you reformated and reinstalled windows then it will be gone. :thumbup2:

Edited by SifuMike, 04 June 2009 - 05:47 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 16 June 2009 - 09:56 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users