|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
||||
|
||||
antimalware doctor- combo fix log
Hi,
My dad's computer has the antimalware doctor virus. Was able to run Combofix prog and now will post the log. Running Windows xp pro/service pack 3. Any and all thoughts and suggestions appreciated. ComboFix 10-09-08.01 - Administrator 09/09/2010 21:01:24.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1615 [GMT -4:00] Running from: F:\ComboFix.exe AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Local Settings\Application Data\jvmfraslp\asqnrrpuqiw.exe c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\admin.txt c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat c:\documents and settings\Administrator\Start Menu\Programs\Antimalware Doctor c:\documents and settings\Administrator\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Administrator\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\documents and settings\Administrator\Start Menu\Programs\Startup\auditusr.exe c:\windows\anomecus.dll c:\windows\awawojiyerezuq.dll c:\windows\drvfxs.dll c:\windows\edugefimifet.dll c:\windows\edujecux.dll c:\windows\egoxixibabud.dll c:\windows\eqalihiwe.dll c:\windows\esefatufoqi.dll c:\windows\etiyalog.dll c:\windows\etutecoqa.dll c:\windows\eyoseveg.dll c:\windows\iruriquyiwifa.dll c:\windows\itibovis.dll c:\windows\odocecisuwaq.dll c:\windows\ogedahig.dll c:\windows\owilugawopik.dll c:\windows\system32\drivers\hwinterface.sys c:\windows\system32\zip32.dll c:\windows\system32\zlibwapi.dll c:\windows\udadukem.dll c:\windows\ukomoxobuzogaz.dll Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - Kitty had a snack ![]() c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HWINTERFACE -------\Service_hwinterface ((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))) . 2010-09-07 20:40 . 2010-09-07 20:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-09-07 20:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-07 20:39 . 2010-09-07 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-07 20:39 . 2010-09-07 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-07 20:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-06 15:21 . 2010-09-10 01:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\jvmfraslp 2010-09-06 15:19 . 2010-09-06 21:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\#66C9C6D07CA95FDE03A21B8837A16E6F 2010-09-01 21:07 . 2010-09-01 21:14 -------- d-----w- c:\program files\AACircuit1_28_6 2010-09-01 21:05 . 2010-09-01 21:05 -------- d-----w- C:\AACircuit1_28_6 2010-08-30 22:43 . 2010-08-30 22:45 -------- d-----w- c:\program files\Pi Filter Calculator 2010-08-30 00:56 . 2010-08-30 01:04 -------- d-----w- c:\program files\lcc 2010-08-15 23:12 . 2010-08-15 23:18 -------- d-----w- c:\program files\WSPR2a 2010-08-14 22:16 . 2010-08-14 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Schematica 2010-08-14 22:16 . 2010-08-14 23:55 -------- d-----w- c:\program files\Filter Wiz PRO 5 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-09-10 01:15 . 2009-04-18 23:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-10 01:13 . 2009-04-30 15:33 -------- d-----w- c:\program files\PC Tools AntiVirus 2010-09-07 16:16 . 2009-11-20 23:12 -------- d-----w- c:\program files\WSPR2 2010-09-06 15:20 . 2010-09-06 15:19 1063424 ----a-w- c:\documents and settings\Administrator\Application Data\#66C9C6D07CA95FDE03A21B8837A16E6F\mediafix707 00en02.exe 2010-09-04 14:47 . 2009-04-02 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2010-09-04 02:18 . 2009-04-05 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2010-08-29 15:45 . 2009-04-28 15:25 -------- d-----w- c:\program files\Cadrail 7 2010-08-21 20:53 . 2009-12-01 00:51 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys 2010-08-21 01:37 . 2009-04-03 17:47 5008 ----a-w- c:\documents and settings\Administrator\Application Data\wklnhst.dat 2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe 2010-08-17 12:12 . 2010-08-04 19:58 -------- d--h--r- c:\documents and settings\Administrator\Application Data\Microchip 2010-08-13 01:47 . 2009-03-26 15:31 -------- d-----w- c:\program files\Microsoft Works 2010-08-10 20:52 . 2010-08-10 20:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESBCalc 2010-08-10 20:50 . 2010-08-10 20:50 -------- d-----w- c:\program files\hamcalc 2010-08-10 20:42 . 2010-08-10 20:21 -------- d-----w- c:\program files\Filter 2010-08-05 11:40 . 2009-09-03 20:12 -------- d-----w- c:\program files\Google 2010-08-04 19:59 . 2010-08-04 19:59 -------- d-----w- c:\program files\HI-TECH Software 2010-08-04 19:58 . 2009-03-26 15:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-04 19:58 . 2010-08-04 19:54 -------- d-----w- c:\program files\MPLAB 2010-08-04 19:55 . 2010-08-04 19:55 -------- d-----w- c:\program files\Microchip 2010-07-18 15:20 . 2010-07-13 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2010-07-16 23:56 . 2010-07-16 23:54 -------- d-----w- c:\program files\SKCCloggerK2RFP 2010-07-13 02:21 . 2010-07-13 02:21 -------- d-----w- c:\program files\VLC 2010-07-12 14:17 . 2010-05-15 11:33 -------- d-----w- c:\program files\SpectraVue 2010-07-12 03:10 . 2010-07-12 03:10 -------- d-----w- c:\program files\Recuva 2010-06-30 12:31 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 11:56 . 2009-03-26 15:34 168032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-24 12:22 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 02:14 . 2008-04-25 16:16 1861120 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2008-04-25 16:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2008-04-25 16:16 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-08-20 08:15 . 2009-08-20 08:15 135630545 ----a-w- c:\program files\openofficeorg1.cab 2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi 2009-08-19 08:31 . 2009-08-19 08:31 336 ----a-w- c:\program files\setup.ini 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe . ------- Sigcheck ------- [-] 2008-04-14 . FC0657669ED0CD9443308E6052B8D69C . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . DFFFBEFF9461E500611A918236EF34CD . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe |
#2
|
||||
|
||||
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AdesClrPicker.exe"="c:\program files\AdesClrPicker\AdesClrPicker.exe" [2009-04-29 1865216] "mediafix70700en02.exe"="c:\documents and settings\Administrator\Application Data\BD9893E50E0E7AFA63D18D850C4E03D8710BDDAF40D24 BCF5EFBEE80165A5D887CAC6D657D77EA515FABBE1D5DD938D D5F8BDAD927C928497A2916FC86045D396C9C6D07CA95FDE03 A21B8837A16E6F\mediafix70700en02.exe" [2010-09-06 1063424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-26 15:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PCTAVSvc] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Peak Systems\\UI-View32\\Uiview32.exe"= "c:\\Program Files\\DXLab Suite\\DXKeeper\\DXKeeper.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "85:TCP"= 85:TCP:BroadWave Web Server R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/19/2009 10:41 AM 206256] R2 DXSOFTIO;DXSOFTIO;c:\windows\system32\drivers\DXSO FTIO.SYS [2/24/2010 1:07 PM 7616] S2 gupdate1ca2cd2ef1eae00;Google Update Service (gupdate1ca2cd2ef1eae00);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 4:12 PM 133104] S3 F5U103BD;Belkin F5U103 USB-RS232 Bus Driver;c:\windows\system32\drivers\F5U103BD.SYS [8/9/2001 10:39 AM 16528] S3 F5U103UD;Belkin F5U103 USB-RS232 Port Driver;c:\windows\system32\drivers\F5U103UD.SYS [8/9/2001 10:39 AM 25569] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 20:12] 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 20:12] . . |
#3
|
||||
|
||||
------- Supplementary Scan -------
. uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:6092 uInternet Settings,ProxyOverride = <local> LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ww3kzy7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - BHO-{B1BA40A2-75F2-51BD-F413-04B13A2C8953} - (no file) HKCU-Run-Msomesuzupi - c:\windows\drvfxs.dll HKCU-Run-MKeta - c:\windows\services.exe HKCU-Run-lyaahqpf - c:\documents and settings\Administrator\Local Settings\Application Data\jvmfraslp\asqnrrpuqiw.exe HKLM-Run-MKeta - c:\windows\services.exe HKLM-Run-lyaahqpf - c:\documents and settings\Administrator\Local Settings\Application Data\jvmfraslp\asqnrrpuqiw.exe AddRemove-TimeSync - c:\program files\TimeSync\DeIsL1.isu ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-09 21:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1491366257-3077111548-3362418281-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,1e,40 ,06,7f,e1,71,46,bb,c5,27,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,1e,40 ,06,7f,e1,71,46,bb,c5,27,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(812) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'explorer.exe'(2512) c:\windows\system32\WININET.dll c:\program files\PC Tools AntiVirus\PCTAVHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXPPS.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\PC Tools AntiVirus\PCTAVSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\RTHDCPL.EXE c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\system32\SearchIndexer.exe c:\documents and settings\Administrator\Application Data\#66C9C6D07CA95FDE03A21B8837A16E6F\mediafix707 00en02.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************** ************************ . Completion time: 2010-09-09 21:21:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-10 01:21 Pre-Run: 288,590,663,680 bytes free Post-Run: 288,635,228,160 bytes free - - End Of File - - CBF6F5B505DF36A30E7652742FBB8864 |
#4
|
||||
|
||||
I hope I got this all copied and pasted correctly...if not, give me a shout. I appreciate the help.
|
#5
|
||||
|
||||
Hello k9mom007
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. Speech over ![]() Download this small tool, save it on your desktop: SystemLook Double-click systemlook.exe - a small window pop up where you must copy the bolded text in: : Filefind *explorer.exe* *winlogon.exe* Click the Look button. The program will now search your computer. When the scan are done, there will pop notepad window up with a log from the System Look. Please copy it here in the forum in your next reply. The log can also be found on your desktop with the name: SystemLook.txt. |
#6
|
||||
|
||||
ok....sorry I jumped the gun. I misunderstood. I had posted a reply in another person's thread (they had the exact same problem) and I was told to start a new topic, and I just followed the instructions you had given him. I will know better next time.
![]() My Dad has registered here at the boards, and he's watching this thread, so I will have him follow your directions for the next step. Thanks for the reply and help. |
#7
|
||||
|
||||
Quote:
No problem ![]() |
#8
|
||||
|
||||
thanks. another 2 cents before I walk out the door for work. Dad's computer was rendered virtually useless unless in safe mode. could not run any programs..antimalware doc would shut everything down. I'll let him finish this task. Thanks for not yelling at me too bad! Enjoy your day.
|
#10
|
||||
|
||||
A bit confusing, I believe.
k9mom007 is my daughter. She was busy yesterday. It is 'MY' computer. She thought I could pick up where she left off. All the log info is from my computer on this thread (the one you started fore me) and the one k9mom007 started. I apologize for any confusing I created. Still like any support you can offer for my problem. TU |
#11
|
||||
|
||||
yes, all the reports are from 1 computer, my Dad's. I started the thread, and I created the oonfusion. My Dad was not registered at the boards, so I posted his computer problem for him.
I apologize for the confusion. He was requested to run the SystemLook and he posted the results in this thread, but I believe they were moved by the moderators. I'm respectfully asking that you help him with this antimalware doctor problem and in the future only one of us will post with a problem in a single thread. Thanks |
#12
|
||||
|
||||
Post the results from SystemLook in this topic, and weŽll continue here.
|
#13
|
|||
|
|||
antimalware doctor- combo fix log
Now logged in properly....I think.
Vern - - - - - - - - - - - - - - - - - - SystemLook 04.09.10 by jpshortstuff Log created at 09:05 on 11/09/2010 by Administrator Administrator - Elevation successful ========== Filefind ========== Searching for "*explorer.exe*" C:\WINDOWS\explorer.exe --a---- 1033728 bytes [16:16 25/04/2008] [12:00 14/04/2008] DFFFBEFF9461E500611A918236EF34CD C:\WINDOWS\explorer.exe# --a---- 1033728 bytes [16:16 25/04/2008] [12:00 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf --a---- 80972 bytes [20:54 07/09/2010] [01:20 10/09/2010] 985C19DA0DF47028FAD8703D4B42F956 Searching for "*winlogon.exe*" C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [16:16 25/04/2008] [12:00 14/04/2008] FC0657669ED0CD9443308E6052B8D69C -= EOF =- |
#14
|
||||
|
||||
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!! IŽll therefore suggest you replace them. To do this simply go to the Run box on the Start Menu and type/copy in: sfc /scannow This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. When done, please post new combofix log. |
#15
|
|||
|
|||
Antimalware Doctor fix
I ran sfc /scannow 3 times. It did not provide a report. It did run through the full progress bar all 3 times. I looked for the report in my C: drive and searched for it with Start/Search. Sorry!
What next? TU Vern |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Antimalware doctor virus please advise | dannythedog | Malware Removal | 31 | September 19th, 2010 12:35 PM |
Trying to remove Antimalware doctor | peter762033 | Malware Removal | 11 | August 25th, 2010 06:41 AM |
Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
doctor doctor jokes | Snurfen | Jokes Forum | 9 | August 5th, 2007 10:00 AM |
All times are GMT +1. The time now is 11:29 PM.