|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Trying to remove Antimalware doctor
Hi, basically i have got antimalware doctor on my laptop, ive heard this is some kind of malware? I have already tried looking up some ways of removing it but have been unsuccessful. This is the guide i followed,
http://www.bleepingcomputer.com/viru...malware-doctor I followed the guide until it came to the point where you have to install rkill, the virus wont let the program install as it says rkill is infected, it does the same if i try to install malwarebytes ![]() Is this a common problem, and an easy fix? Would really appreciate some ideas on how to remove this, cheers, Pete |
#2
|
||||
|
||||
Hello Pete
![]() "There is unfortunately no easy fix, when it comes to malware removal. Sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous." However, let´s start and do some repairs -> Please run superantispyware onlinescan Follow the instructions on the site. When downloaded, click on – Check for updates – Button. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining. Ignore System Restore/Volume Information on ME and XP Please leave the others unchecked. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click NO. When the scan have finished -> Click Preferences . Click the Statistics/Logs tab . Under Scanner Logs , double-click SUPERAntiSpyware Scan Log . It will open in your default text editor (such as Notepad/Wordpad). · Save the logfile to desktop · Click close and close again to exit the program. Reboot, if needed. Post Superantispyware log and tell how things are running ? |
#3
|
|||
|
|||
Hi touch, thanks for the reply
![]() Ok, i thought it wouldnt be easy. I tried what you said but i cant access the internet, whenever i try to open google chrome it says, "Application cannot be executed. The file chrome.exe is infected", its the same if i try to open anything or install any programs. Maybe i should try booting in safe mode? or would the malware still be active? Also maybe i could just rescue my files with ubuntu live and reformat the laptop, but thats a last resort i think. Any more ideas? Appreciate the help, thanks |
#4
|
||||
|
||||
I have some suspicions that this could be pretty bad, but let's run a scan to see what we're dealing with.
Download CureIt to the desktop: here Click on CureIt Download - button. Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Move dot to Complete scan Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Please post the Dr.Web report in your next reply. Nb. You´ll problably have download it to a working computer and transfer it using a external drive Last edited by touch; August 22nd, 2010 at 05:47 PM. |
#5
|
||||
|
||||
Howdy: Please refrain from posting in this forum. Only those that are qualified to provide malware removal advice are allowed to post such.
I would suggest you read the first post in THIS THREAD. Thank you and welcome to CTH. Murray Last edited by Murray S.; August 22nd, 2010 at 06:28 PM. Reason: Removed malware advice. Same as soft deleted post. |
#6
|
|||
|
|||
Ok i download and ran the 2 scans with drweb and these were the results,
express scan, lqrog.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;Tro jan.DownLoader1.16230;Deleted.; mwaecxnros.exe;C:\Users\SCUBAS~1\AppData\Local\Tem p;Trojan.DownLoader1.18140;Incurable.Moved.; nps4EBD.tmp\data006;C:\Users\SCUBAS~1\AppData\Loca l\Temp\nps4EBD.tmp;Exploit.PDF.978;; nps4EBD.tmp;C:\Users\SCUBAS~1\AppData\Local\Temp;C ontainer contains infected objects;Moved.; ooflgt.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;Ba ckDoor.Tdss;Incurable.Moved.; ubwdklcx.exe;C:\Users\SCUBAS~1\AppData\Local\Temp; Trojan.MulDrop1.42557;Incurable.Moved.; wtpvaae.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;T rojan.MulDrop1.42548;Incurable.Moved.; winhelp.exe;c:\users\scubasteve555\appdata\local\w indows;Trojan.Hottrend.25;Deleted.; cmcoaxishdw.exe;c:\users\scubasteve555\appdata\roa ming\stoqkwkdw;Trojan.MulDrop1.42548;Incurable.Mov ed.; keaxy.exe;c:\users\scubasteve555\appdata\roaming\y kop;Trojan.PWS.Panda.383;Incurable.Moved.; complete scan, lqrog.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;Tro jan.DownLoader1.16230;Deleted.; mwaecxnros.exe;C:\Users\SCUBAS~1\AppData\Local\Tem p;Trojan.DownLoader1.18140;Incurable.Moved.; nps4EBD.tmp\data006;C:\Users\SCUBAS~1\AppData\Loca l\Temp\nps4EBD.tmp;Exploit.PDF.978;; nps4EBD.tmp;C:\Users\SCUBAS~1\AppData\Local\Temp;C ontainer contains infected objects;Moved.; ooflgt.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;Ba ckDoor.Tdss;Incurable.Moved.; ubwdklcx.exe;C:\Users\SCUBAS~1\AppData\Local\Temp; Trojan.MulDrop1.42557;Incurable.Moved.; wtpvaae.exe;C:\Users\SCUBAS~1\AppData\Local\Temp;T rojan.MulDrop1.42548;Incurable.Moved.; winhelp.exe;c:\users\scubasteve555\appdata\local\w indows;Trojan.Hottrend.25;Deleted.; cmcoaxishdw.exe;c:\users\scubasteve555\appdata\roa ming\stoqkwkdw;Trojan.MulDrop1.42548;Incurable.Mov ed.; keaxy.exe;c:\users\scubasteve555\appdata\roaming\y kop;Trojan.PWS.Panda.383;Incurable.Moved.; lctnltb[1].htm;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\L;Trojan.MulDrop1.42557;Incurabl e.Moved.; mqupjickr[1].htm;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X;Trojan.MulDrop1.42548;Incurabl e.Moved.; newsecureapp70700[2].exe;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X;Trojan.DownLoader1.18211;Incur able.Moved.; pgaiqxwq[1].htm;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X;BackDoor.Tdss;Incurable.Moved. ; qhysq[1].htm;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X;Trojan.DownLoader1.16230;Delet ed.; vzgbidyje[2].htm;C:\Documents and Settings\scubasteve555\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X;Trojan.PWS.Panda.383;Incurable .Moved.; It seems to have removed the virus as im not getting all of the pop ups like before but i now cannot connect to the internet and the laptop is running slower. Im guessing these problems are still linked with the virus? What can i try next? thanks |
#7
|
||||
|
||||
Quote:
See if you can connect from safe mode with network ? Otherwise, check this -> Go to Start > Settings > Control Panel > Internet Options > Connections tab > LAN Settings, and uncheck all boxes (proxy and auto detect). Reboot. If you connect now, please follow my instrutions here: 07:14 AM |
#8
|
|||
|
|||
Ok i unchecked all of the boxes and im now back on the internet
![]() Im now looking into a free firewall and heard that comodo free is pretty good, do you have any experience with the program? http://download.cnet.com/Comodo-Inte...-10460704.html Are there better free firewalls out there? Also i heard ccleaner is a good program for cleaning computers, is this worth downloading and running? Basically i would like to thoroughly clean the computer and get it well protected so i dont have this problem again, what else can i do? Thanks again for all of your help! Pete |
#9
|
||||
|
||||
Quote:
Ok. Then I need to see a combofix log. When your computer are clean, I´ll tell/suggest (IMO) which security and other programs you should install, to prevent reinfection. Please download Combofix from: Here And save to the desktop. Close all other browser windows. Double-click on the combofix icon found on your desktop. Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When finished, it will produce a logfile located at C:\combofix.txt. Post the contents of that log in your next reply The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning. |
#10
|
|||
|
|||
i followed your instructions and her are the log reports,
ComboFix 10-08-23.06 - scubasteve555 24/08/2010 17:38:27.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1960 [GMT 1:00] Running from: c:\users\scubasteve555\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\scubasteve555\AppData\Local\Windows Server c:\users\scubasteve555\AppData\Local\Windows Server\hlp.dat c:\users\scubasteve555\AppData\Local\Windows Server\server.dat c:\users\scubasteve555\AppData\Roaming\inst.exe c:\users\scubasteve555\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Antimalware Doctor c:\users\scubasteve555\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\scubasteve555\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk . ((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))) . 2010-08-23 18:30 . 2010-08-23 18:30 -------- d-----w- c:\program files\CCleaner 2010-08-22 17:25 . 2010-08-22 17:51 -------- d-----w- c:\users\scubasteve555\DoctorWeb 2010-08-22 17:14 . 2010-08-22 17:14 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\A16F93C65AF E3DB87BB431D111D89D9A 2010-08-22 16:19 . 2010-08-22 16:19 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\SUPERAntiSp yware.com 2010-08-22 16:19 . 2010-08-22 16:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-22 14:51 . 2010-08-22 14:51 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\Malwarebyte s 2010-08-22 14:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-22 14:51 . 2010-08-22 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-22 14:51 . 2010-08-22 14:51 -------- d-----w- c:\programdata\Malwarebytes 2010-08-22 14:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 14:24 . 2010-08-22 14:24 2838 ----a-w- c:\users\scubasteve555\AppData\Local\idofunaner.dl l 2010-08-21 12:57 . 2010-08-21 12:57 2838 ----a-w- c:\users\scubasteve555\AppData\Local\iduwisucejal. dll 2010-08-21 11:33 . 2010-08-21 11:33 2838 ----a-w- c:\users\scubasteve555\AppData\Local\ecukeyoj.dll 2010-08-20 17:33 . 2010-08-20 17:33 2838 ----a-w- c:\users\scubasteve555\AppData\Local\enaroluqotiwu .dll 2010-08-20 17:00 . 2010-08-20 17:00 2838 ----a-w- c:\users\scubasteve555\AppData\Local\etojelehe.dll 2010-08-20 16:47 . 2010-08-20 16:47 2838 ----a-w- c:\users\scubasteve555\AppData\Local\efaqadunujane cat.dll 2010-08-20 16:39 . 2010-08-20 16:39 2838 ----a-w- c:\users\scubasteve555\AppData\Local\ivukawepa.dll 2010-08-20 16:36 . 2010-08-23 17:27 -------- d-----w- c:\users\scubasteve555\AppData\Local\stoqkwkdw 2010-08-20 16:36 . 2010-08-22 18:04 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\stoqkwkdw 2010-08-20 16:35 . 2010-08-22 18:04 -------- d-----w- c:\users\scubasteve555\AppData\Local\Windows 2010-08-15 21:36 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-15 21:36 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll 2010-08-15 21:36 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-15 21:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-15 21:36 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-15 21:36 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-15 21:35 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-15 21:35 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-15 21:35 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-15 21:35 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-15 21:35 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-15 21:28 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-08-24 16:46 . 2009-03-15 15:24 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\DNA 2010-08-23 22:44 . 2010-03-11 20:58 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\vlc 2010-08-22 18:04 . 2010-07-20 07:56 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\Ykop 2010-08-20 17:00 . 2009-03-08 19:58 -------- d-----w- c:\program files\Norton Security Scan 2010-08-20 16:38 . 2009-04-05 12:07 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\Uper 2010-08-16 15:05 . 2008-11-27 07:50 -------- d-----w- c:\program files\Microsoft Works 2010-08-16 14:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-15 19:37 . 2009-03-25 11:52 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\dvdcss 2010-07-13 18:36 . 2008-12-31 16:29 6648 ----a-w- c:\users\scubasteve555\AppData\Local\d3d9caps.dat 2010-07-02 07:37 . 2010-07-02 07:37 -------- d-----w- c:\users\scubasteve555\AppData\Roaming\GARMIN 2010-07-02 07:37 . 2010-07-02 07:37 -------- d-----w- c:\program files\Garmin GPS Plugin 2010-07-02 07:37 . 2010-07-02 07:37 -------- d-----w- c:\program files\DIFX 2010-07-02 07:36 . 2010-07-02 07:36 -------- d-----w- c:\program files\Garmin 2010-07-01 17:15 . 2010-07-01 17:15 -------- d-----w- c:\program files\Delta 2010-06-26 10:29 . 2010-01-18 12:54 -------- d-----w- c:\program files\Microsoft.NET 2010-06-20 15:46 . 2010-06-20 15:46 8854 ----a-r- c:\users\scubasteve555\AppData\Roaming\Microsoft\I nstaller\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E34423 7A2D9D856464AD727.exe 2010-06-20 15:46 . 2010-06-20 15:46 40960 ----a-r- c:\users\scubasteve555\AppData\Roaming\Microsoft\I nstaller\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D85 6464AD727.exe 2010-06-20 15:46 . 2010-06-20 15:46 40960 ----a-r- c:\users\scubasteve555\AppData\Roaming\Microsoft\I nstaller\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2010-06-15 21:13 . 2009-02-14 20:42 47360 ----a-w- c:\users\scubasteve555\AppData\Roaming\pcouffin.sy s 2010-06-15 21:13 . 2009-02-14 20:42 47360 ----a-w- c:\users\scubasteve555\AppData\Roaming\pcouffin.sy s 2010-05-26 17:06 . 2010-06-11 10:03 34304 ----a-w- c:\windows\system32\atmlib.dll 2008-11-27 09:08 . 2008-11-27 09:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-11-27 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "BitTorrent DNA"="c:\users\scubasteve555\Program Files\DNA\btdna.exe" [2009-11-13 323392] "Google Update"="c:\users\scubasteve555\AppData\Local\Goog le\Update\GoogleUpdate.exe" [2009-08-16 133104] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 170520] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-09-17 145944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-11 180269] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-11-27 07:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):4d,e4,f6,a0,b6,66,ca,01 R1 SASDIFSV;SASDIFSV;c:\users\SCUBAS~1\AppData\Local\ Temp\SAS_SelfExtract\SASDIFSV.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\SCUBAS~1\AppData\Local\ Temp\SAS_SelfExtract\SASKUTIL.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mo n.sys [2008-07-30 23888] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20091217.001\IDSvix86.sys [2009-11-20 286768] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt.inf_85b55258\aestsrv.exe [2008-09-17 73728] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648] S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-19 102448] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMN DISV.SYS [2009-02-19 41008] |
#11
|
|||
|
|||
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:29] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:29] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2398985377-1469646343-1411235317-1000Core.job - c:\users\scubasteve555\AppData\Local\Google\Update \GoogleUpdate.exe [2009-08-16 20:34] 2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2398985377-1469646343-1411235317-1000UA.job - c:\users\scubasteve555\AppData\Local\Google\Update \GoogleUpdate.exe [2009-08-16 20:34] 2010-08-20 c:\windows\Tasks\Norton Security Scan for scubasteve555.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm . - - - - ORPHANS REMOVED - - - - HKCU-Run-fsm - (no file) ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-24 17:50 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-08-24 17:55:29 ComboFix-quarantined-files.txt 2010-08-24 16:55 Pre-Run: 18,325,331,968 bytes free Post-Run: 18,217,926,656 bytes free - - End Of File - - 52C771FED52B52BD875234EA1AE80841 What does this mean? thanks again, Pete |
#12
|
||||
|
||||
It means/showing you have a large number of infections
![]() Open notepad and copy/paste the text in the codebox below into it: Name the file as CFScript and Save it on the desktop Code:
http://www.cybertechhelp.com/forums/showthread.php?p=1182866#post1182866 Killall:: Snapshot:: Collect:: c:\users\scubasteve555\AppData\Local\idofunaner.dll c:\users\scubasteve555\AppData\Local\iduwisucejal.dll c:\users\scubasteve555\AppData\Local\ecukeyoj.dll c:\users\scubasteve555\AppData\Local\enaroluqotiwu.dll c:\users\scubasteve555\AppData\Local\etojelehe.dll c:\users\scubasteve555\AppData\Local\efaqadunujanecat.dll c:\users\scubasteve555\AppData\Local\ivukawepa.dll Folder:: c:\users\scubasteve555\AppData\Local\stoqkwkdw c:\users\scubasteve555\AppData\Roaming\stoqkwkdw c:\users\scubasteve555\AppData\Roaming\DNA c:\users\scubasteve555\Program Files\DNA DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> ![]() Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. When ComboFix has finished its scan / cleaning opens a ComboFix log along with a small message box. Now click OK in the message box to upload the compiled files for further analysis (you must have an Internet connection to upload files). Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
antimalware doctor- combo fix log | k9mom007 | Malware Removal | 283 | September 23rd, 2010 10:55 PM |
Antimalware doctor virus please advise | dannythedog | Malware Removal | 31 | September 19th, 2010 12:35 PM |
Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
How do you remove annoying Pop up messages from the Spywre Doctor Program? | hayesg1980 | Windows XP | 1 | December 18th, 2006 01:55 AM |
All times are GMT +1. The time now is 11:44 PM.