Malware Doctor problems

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Malware Doctor problems17th June 2009, 10:55 am

Dear all,
I have troubles in getting rid off of the malware "Malware Doctor". I used Malwarebytes' but no use. every time i remove and restart, i get the problem again. here is my Hijackthis log file. Please help me. thanks.
m

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:44 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Chrome copyright - {AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmcd.dll (file missing)
O2 - BHO: Google Gears Helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &download by orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &grab video by orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: do&wnload selected by orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: down&load all by orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ee890c83655c46408a4a02d1fa839d7f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ee890c83655c46408a4a02d1fa839d7f
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227877026859
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://www.tellmemore-online.com/bin/tol7inst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D3BAB5-34E9-430D-B90D-B1D92A7BC08F}: NameServer = 139.165.32.13,139.165.40.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\WINDOWS\
O20 - Winlogon Notify: dgbtew - dgbtew.dll (file missing)
O20 - Winlogon Notify: spba - C:\WINDOWS\
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c987759e870c06) (gupdate1c987759e870c06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10145 bytes

Re: Malware Doctor problems17th June 2009, 12:39 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: Chrome copyright - {AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmcd.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\WINDOWS\
O20 - Winlogon Notify: dgbtew - dgbtew.dll (file missing)
O20 - Winlogon Notify: spba - C:\WINDOWS\
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Malware Doctor problems17th June 2009, 4:45 pm

hi belahzur,
many thanks for your response. I did as you said.
it still didn't solve the problem. upon every reboot, i'm getting this Malware Doctor. while I ran Hijackthis file and fix problems, there was an error message "Registry is locked by administrator"
here is Malwarebytes' log file

Malwarebytes' Anti-Malware 1.37
Database version: 2296
Windows 5.1.2600 Service Pack 3

6/17/2009 6:41:20 PM
mbam-log-2009-06-17 (18-41-20).txt

Scan type: Quick Scan
Objects scanned: 97810
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\492fefaa.sys (Rootkit.Rustock) -> Delete on reboot.

thanks again
m

Re: Malware Doctor problems17th June 2009, 5:01 pm

Download combofix from here
Link 1
Link 2
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Malware Doctor problems18th June 2009, 10:30 am

hi Belahzur,

thanks again for the response.
but unfortunately, after starting combifix, its almost one day and i see a message "combifix is preparing to run" and nothing on a command prompt like window. Is it usual with combifix or there is something wrong?

m

Re: Malware Doctor problems18th June 2009, 10:39 am

Malware is likely interfering.

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try Combofix again.

Re: Malware Doctor problems18th June 2009, 11:19 am

hi,
its still like that only in safe mode with networking. is it usual?
by the way initially it updated combifix to latest version and then on it is like how it was before. i also cound't find and file named combifix.txt in the C drive.
thanks in advance
m

Re: Malware Doctor problems18th June 2009, 1:25 pm

Your machine is in a pretty bad state, as far as one of your needed system files are infected.

Delete your copy of Combofix.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Malware Doctor problems CF_download_FF

Malware Doctor problems CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Re: Malware Doctor problems18th June 2009, 2:37 pm

sorry to say but it is still same situation.
is there any other alternative for me?
thanks
m

Re: Malware Doctor problems18th June 2009, 3:05 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Re: Malware Doctor problems18th June 2009, 4:45 pm

here it is....

DDS (Ver_09-05-14.01) - NTFSx86
Run by User at 18:40:47.23 on Thu 06/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1351 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Chrome copyright: {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: &D&ownload &with BitComet -
IE: &D&ownload all video with BitComet -
IE: &D&ownload all with BitComet -
IE: &download by orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &grab video by orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Vbuzzer RSS list -
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: do&wnload selected by orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: down&load all by orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel -
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?ee890c83655c46408a4a02d1fa839d7f
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?ee890c83655c46408a4a02d1fa839d7f
IE: Save Page As PDF ... -
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C}
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227877026859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} - hxxp://www.tellmemore-online.com/bin/tol7inst.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E3D3BAB5-34E9-430D-B90D-B1D92A7BC08F} = 139.165.32.13,139.165.40.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: dgbtew - dgbtew.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

Re: Malware Doctor problems18th June 2009, 4:46 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\bt83poyf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1235698&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1235698&SearchSource=2&q=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\{921d0658-ee27-4e62-9f19-62ac80f32eaf}\components\FFAlert.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\bt83poyf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-11-22 42608]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-17 55640]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-18 55152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-22 110080]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43608]
S1 1073be11;1073be11;c:\windows\system32\drivers\1073be11.sys --> c:\windows\system32\drivers\1073be11.sys [?]
S1 15a5346b;15a5346b;c:\windows\system32\drivers\15a5346b.sys --> c:\windows\system32\drivers\15a5346b.sys [?]
S1 198b7c7e;198b7c7e;c:\windows\system32\drivers\198b7c7e.sys --> c:\windows\system32\drivers\198b7c7e.sys [?]
S1 3b2a9855;3b2a9855;c:\windows\system32\drivers\3b2a9855.sys --> c:\windows\system32\drivers\3b2a9855.sys [?]
S1 41f35360;41f35360;c:\windows\system32\drivers\41f35360.sys --> c:\windows\system32\drivers\41f35360.sys [?]
S1 492fefaa;492fefaa;c:\windows\system32\drivers\492fefaa.sys --> c:\windows\system32\drivers\492fefaa.sys [?]
S1 58bb812d;58bb812d;c:\windows\system32\drivers\58bb812d.sys --> c:\windows\system32\drivers\58bb812d.sys [?]
S1 62af9375;62af9375;c:\windows\system32\drivers\62af9375.sys [2009-5-6 0]
S1 73108add;73108add;c:\windows\system32\drivers\73108add.sys --> c:\windows\system32\drivers\73108add.sys [?]
S1 812b811c;812b811c;c:\windows\system32\drivers\812b811c.sys --> c:\windows\system32\drivers\812b811c.sys [?]
S1 81362424;81362424;c:\windows\system32\drivers\81362424.sys --> c:\windows\system32\drivers\81362424.sys [?]
S1 831e6087;831e6087;c:\windows\system32\drivers\831e6087.sys --> c:\windows\system32\drivers\831e6087.sys [?]
S1 832225ef;832225ef;c:\windows\system32\drivers\832225ef.sys --> c:\windows\system32\drivers\832225ef.sys [?]
S1 88bcbf38;88bcbf38;c:\windows\system32\drivers\88bcbf38.sys --> c:\windows\system32\drivers\88bcbf38.sys [?]
S1 90539704;90539704;c:\windows\system32\drivers\90539704.sys --> c:\windows\system32\drivers\90539704.sys [?]
S1 92516a75;92516a75;c:\windows\system32\drivers\92516a75.sys --> c:\windows\system32\drivers\92516a75.sys [?]
S1 aa76f012;aa76f012;c:\windows\system32\drivers\aa76f012.sys --> c:\windows\system32\drivers\aa76f012.sys [?]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S1 cb16b33f;cb16b33f;c:\windows\system32\drivers\cb16b33f.sys --> c:\windows\system32\drivers\cb16b33f.sys [?]
S1 d89c86f;d89c86f;c:\windows\system32\drivers\d89c86f.sys --> c:\windows\system32\drivers\d89c86f.sys [?]
S1 e13b65d0;e13b65d0;c:\windows\system32\drivers\e13b65d0.sys --> c:\windows\system32\drivers\e13b65d0.sys [?]
S1 e5a226fa;e5a226fa;c:\windows\system32\drivers\e5a226fa.sys --> c:\windows\system32\drivers\e5a226fa.sys [?]
S1 fc91970c;fc91970c;c:\windows\system32\drivers\fc91970c.sys --> c:\windows\system32\drivers\fc91970c.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-18 185089]
S2 gupdate1c987759e870c06;Google Update Service (gupdate1c987759e870c06);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 qfzzpopneadbmm;qfzzpopneadbmm;\??\c:\windows\system32\drivers\mwcrcrwehyeyypb.sys --> c:\windows\system32\drivers\mwcrcrwehyeyypb.sys [?]
S2 qkmgsdbmgiy;qkmgsdbmgiy;\??\c:\windows\system32\drivers\qzjspjakpcujia.sys --> c:\windows\system32\drivers\qzjspjakpcujia.sys [?]
S2 tuarvlmchmjpffo;tuarvlmchmjpffo;\??\c:\windows\system32\drivers\gzjhzhljcl.sys --> c:\windows\system32\drivers\gzjhzhljcl.sys [?]
S2 zjauqfflos;zjauqfflos;\??\c:\windows\system32\drivers\snclbfqd.sys --> c:\windows\system32\drivers\snclbfqd.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-11 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-11 3072]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-11-22 3566080]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S4 Windows SteadyState;Windows SteadyState Service;c:\program files\windows steadystate\SCTSvc.exe [2008-5-30 115728]

=============== Created Last 30 ================

2009-06-18 16:49 99,422 a------- c:\windows\system32\drivers\70509fa9.sys
2009-06-18 16:49 29,184 a------- c:\windows\system32\jbnmck.dll
2009-06-18 16:49 134 a------- c:\windows\system32\sft.res
2009-06-18 16:49 36,864 a------- c:\windows\system32\avast!Antivirus.exe
2009-06-18 16:47 --ds---- C:\Combo-Fix
2009-06-18 16:47 389,120 a------- c:\windows\system32\CF6664.exe
2009-06-18 16:02 389,120 a------- c:\windows\system32\CF30709.exe
2009-06-18 16:01 389,120 a------- c:\windows\system32\CF30497.exe
2009-06-18 15:54 389,120 a------- c:\windows\system32\CF29148.exe
2009-06-18 15:38 389,120 a------- c:\windows\system32\CF25945.exe
2009-06-18 12:50 --ds---- C:\ComboFix
2009-06-18 12:50 389,120 a------- c:\windows\system32\CF25757.exe
2009-06-18 12:49 389,120 a------- c:\windows\system32\CF25642.exe
2009-06-18 12:38 61,440 a------- c:\windows\system32\drivers\awzve.sys
2009-06-18 12:36 61,440 a------- c:\windows\system32\drivers\rjghwht.sys
2009-06-18 09:26 389,120 a------- c:\windows\system32\CF18623.exe
2009-06-18 09:22 58,880 a------- c:\windows\system32\22.tmp
2009-06-18 08:18 58,880 a------- c:\windows\system32\20.tmp
2009-06-18 08:08 --d----- c:\program files\Avira
2009-06-18 07:38 147,456 a------- c:\windows\PLAUNCH.EXE
2009-06-18 07:08 --d----- c:\program files\DVD Shrink
2009-06-18 06:46 654 -------- c:\windows\remove.iss
2009-06-18 06:46 --d----- c:\program files\InterVideo Information Service
2009-06-18 06:46 --d----- c:\program files\common files\Ulead
2009-06-18 06:29 58,880 a------- c:\windows\system32\1E.tmp
2009-06-17 21:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-17 21:30 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-17 21:16 389,120 a------- c:\windows\system32\CF6574.exe
2009-06-17 21:15 389,120 a------- c:\windows\system32\CF6411.exe
2009-06-17 20:55 389,120 a------- c:\windows\system32\CF2414.exe
2009-06-17 11:47 61,440 a------- c:\windows\system32\drivers\pmwicz.sys
2009-06-17 09:42 61,440 a------- c:\windows\system32\drivers\gegli.sys
2009-06-17 05:40 --d----- C:\elements
2009-06-16 23:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 23:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 23:12 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 21:11 16,244 a------- c:\windows\system32\rrt_is.wav
2009-06-16 21:11 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-06-16 21:11 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-06-16 21:11 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-06-16 16:13 0 a------- C:\XES1C2.tmp
2009-06-16 15:48 --d----- c:\documents and settings\user\Option
2009-06-16 12:58 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 12:58 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:41 --d----- c:\program files\DAMBE
2009-06-10 11:50 --d----- c:\program files\Registry Easy
2009-06-03 21:28 --d----- c:\docume~1\alluse~1\applic~1\SymplisIT
2009-06-03 21:14 90 a------- c:\windows\vmreg32.dll
2009-06-03 21:14 --d----- c:\program files\SymplisIT
2009-06-03 21:10 --d----- c:\program files\XP Repair Pro 2007
2009-05-28 21:53 959 a------- C:\rollback.ini
2009-05-28 21:27 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-28 21:27 --d----- c:\windows\system32\ZoneLabs
2009-05-28 21:27 --d----- c:\program files\Zone Labs
2009-05-28 11:49 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-05-28 11:48 --d----- c:\documents and settings\user\.housecall6.6
2009-05-28 10:56 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-28 10:55 --d----- c:\program files\SUPERAntiSpyware
2009-05-28 10:55 --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-05-26 21:27 2,285,056 a------- c:\windows\system32\TUKernel.exe
2009-05-26 10:49 389,120 a------- c:\windows\system32\CF770.exe
2009-05-26 10:44 389,120 a------- c:\windows\system32\CF32496.exe
2009-05-26 09:50 389,120 a------- c:\windows\system32\CF21720.exe
2009-05-25 22:26 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-05-25 22:26 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-25 17:46 389,120 a------- c:\windows\system32\CF29626.exe
2009-05-25 14:59 161,792 a------- c:\windows\SWREG.exe
2009-05-25 14:59 155,136 a------- c:\windows\PEV.exe
2009-05-25 14:59 98,816 a------- c:\windows\sed.exe
2009-05-25 14:58 389,120 a------- c:\windows\system32\CF29356.exe
2009-05-25 12:51 --d----- c:\program files\Trend Micro
2009-05-24 12:28 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-24 12:02 --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-20 11:11 --d----- c:\docume~1\user\applic~1\GrabPro
2009-05-20 11:11 --d----- c:\program files\Orbitdownloader
2009-05-20 10:21 --d----- c:\program files\Geospiza
2009-05-19 20:03 10 a------- c:\windows\WININIT.INI

==================== Find3M ====================

2009-06-18 12:38 2,482 a------- c:\program files\uoygyf.txt
2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-11 18:35 0 a------- c:\windows\system32\drivers\62af9375.sys
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 16:34 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-18 07:48 6,656 a------- c:\windows\system32\haspvdd.dll
2009-04-17 20:14 94,208 a------- c:\windows\system32\DistClock.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 18:53 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-02 18:11 100,176 a------- c:\windows\BricoPackUninst.cmd
2009-03-31 17:24 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 23:19 952 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

============= FINISH: 18:41:01.67 ===============

Re: Malware Doctor problems18th June 2009, 7:51 pm

Hello.
Do you have your XP disc?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind ndis.sys
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Malware Doctor problems

descriptionMalware Doctor problems17th June 2009, 10:55 am

descriptionRe: Malware Doctor problems17th June 2009, 12:39 pm

descriptionRe: Malware Doctor problems17th June 2009, 4:45 pm

descriptionRe: Malware Doctor problems17th June 2009, 5:01 pm

descriptionRe: Malware Doctor problems18th June 2009, 10:30 am

descriptionRe: Malware Doctor problems18th June 2009, 10:39 am

descriptionRe: Malware Doctor problems18th June 2009, 11:19 am

descriptionRe: Malware Doctor problems18th June 2009, 1:25 pm

descriptionRe: Malware Doctor problems18th June 2009, 2:37 pm

descriptionRe: Malware Doctor problems18th June 2009, 3:05 pm

descriptionRe: Malware Doctor problems18th June 2009, 4:45 pm

descriptionRe: Malware Doctor problems18th June 2009, 4:46 pm

descriptionRe: Malware Doctor problems18th June 2009, 7:51 pm

descriptionRe: Malware Doctor problems