Home > Antimalware Doctor > Antimalware Doctor Logs

Antimalware Doctor Logs

Help us fight Enigma Software's lawsuit! (more information in the link)Follow BleepingComputer on: Facebook | Twitter | Google+ Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbf70702.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, Issue resolved? have a peek here

Please include the address of this thread in your request.This applies only to the original topic starter.Everyone else please start a new topic.With Regards,myrti If I have been helping you and Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \AntiMalwareDoctor\5D5A25FDE56E54277147B4637E2EC65B\dbf70702.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.As mentioned before the full version of Malwarebytes' Anti-Malware Updater (YahooAUService) - Yahoo! More hints

That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. Then they try to sell you their software, claiming it will remove these threats. I apologize for the delay but the forum is very busy. Edited by Metallica, 03 April 2010 - 03:40 AM. 0 Back to top #10 ldtate Posted 04 April 2010 - 08:20 AM ldtate Malware Expert Expert 1,874 posts I hope you

Thanksedit: del unrequested pasted hjt log, and del pasted logs and attach same to facilitate disabling many malicious links, and to facilitate thread scrollability. Share this post Link to post Share on other sites ceet12    New Member Topic Starter Members 13 posts ID: 15   Posted May 12, 2011 Hi screen here is the trish100 12.04.2010 01:27 Hi, I ran the Malware per your instructions and the log shld be attached to this message.Also attached is the GSI zipfile.(these were attached in the previous reply)Since Thanks for voting!

I had to go to work, I will post it later this evening...thanks Do I need to do another scan to get that log to send you ? I ran (and keep running) rkill.com to get rid of these files, and used Malawarebytes and the online scanner (always mentioned, though I forget the name).Some of the files appearing in It may still be in your add/remove programs list, but you can get rid of it by clicking remove, and you will get a message telling you that it has already click site When the tool is finished, it will produce a report for you.

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). For more information please see the following:Not Applicable Scan ID: {16FDAD41-01AC-4631-AFB1-677D2026D689} User: Zig\B Name: Unknown ID: Severity ID: Category ID: Path Found: file:C:\Users\B\AppData\Local\Windows\winhelp.exe;startup:C:\Users\B\AppData\Local\Windows\winhelp.exe Alert Type: Unclassified software Detection Type: Record Number: Please send the file me through private messages (click to PM icon at right).Post back with OTM log + fresh RSIT log. bkribbs, Aug 27, 2010 #3 johnb35 Administrator Staff Member Messages: 38,196 You should post the hijackthis log from the account that is infected.

ESET Online Scanner v3 Norton 360 iolo technologies' Search and Recover Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities By continuing to use our site, you agree to our cookie policy. Please don't send help request via PM, unless I am already helping you. If you need assistance please start your own topic and someone will be happy to assist you.

We also need to insure you do not infect the machine you are posting from.Step 1.Please perform the following on the clean machine.Please download Flash_Disinfector.exe by sUBs and save it to navigate here I know I got one of the files off but I can't seem to figure out if there are any others.any help would be greatly welcomed at the moment.and of course Did full scan but antimalware doctor remains. Save the log to your desktop.Note: If it does not automatically open, then click Start -> Run, type notepad and press Enter.

Geeks to Go Blog Community Sign In Create Account Geeks to Go Forum 335,578 topics Quick Links FAQ Malware Cleaning Guide How it Works Downloads 1.9 million Live Chat 23 in Restart Kaspersky. Also, please don't forget to resume the Kaspersky that you paused.Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe--------------------The instructions posted here are for the original poster Only. Check This Out C:\Users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

I initially tried to remove the virus by running rkill and malwarebytes, but even after said removal, the problems still occur. I'm trying to upload the file here for you to analyze but it doesn't allow me since it's > 300kb richbuff 20.08.2010 08:07 Welcome. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your

In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Windows Defender can't undo changes that you allow. Share this post Link to post Share on other sites This topic is now closed to further replies. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run

Try installing something like AVG Free, nod32 or antivir, if you can. Logs that show these in them, will given the option to remove the P2P items. ADS - WINDOWS: deleted 24 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\audiograbber\audiograbber.exec:\documents and settings\Craig\Application Data\Adobe\plugsc:\documents and settings\Craig\Application Data\OfferBoxc:\documents and settings\Craig\Application Data\OfferBox\config.xmlc:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome.manifestc:\documents and this contact form To view the full version with more information, formatting and images, please click here.

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by Owner at 11:34:25.68 on Tue 07/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.727 [GMT -4:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Using the site is easy and fun. Please paste them directly into the reply box.Please do not make any changes to your system until we are through. james9999 5.08.2010 11:14 Yes, thanks.

Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Share this post Link to post Share on other sites ceet12    New Member Topic Starter Members 13 posts ID: 2   Posted March 22, 2011 HERE ARE MY LOGSDDS.DDS (Ver_11-03-05.01) Allow changes only if you trust the program or the software publisher. Share this post Link to post Share on other sites ceet12    New Member Topic Starter Members 13 posts ID: 10   Posted April 30, 2011 Hi screen sorry about the

Please note that your topic was not intentionally overlooked. PW Back to top #7 Jwhitney4 Jwhitney4 Topic Starter Members 12 posts OFFLINE Local time:06:28 PM Posted 31 July 2010 - 07:45 PM Hello,I am incredibly sorry I have been When I try to remove the program in the "Add or Remove" menu, another pop-up comes on the screen. C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Then anti malware doctor popped up and was running and scanning my filesSo I know how I got infected, from a java driveby download from some site (RWMAEONSXC.EXE ? ), I Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump PW Back to top #6 pwgib pwgib Malware Response Team 2,954 posts OFFLINE Gender:Male Location:God's Country Local time:04:28 PM Posted 27 July 2010 - 07:02 AM Hi Jwhitney4,Do you still Share this post Link to post Share on other sites screen317    Research Team Moderators 19,453 posts Location: CT ID: 5   Posted July 12, 2010 Since this issue is resolved

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). It started out with the usual pop-ups, but then changed my background and clock settings. Instead, please send it to the Lab, instructions are located in the third important topic located near the top of the Virus section of this forum. It quaritined it, but it is still sitting in my program files.

Contents of the 'Scheduled Tasks' folder . 2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . 2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003Core.job - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ My Anti Spyware Post your