Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i have antimalware doctor too >_<

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i have antimalware doctor too >_<

Unread postby inexplicably me » August 28th, 2010, 1:27 am

so, i've looked on many different sites in hopes of finding a way to solve this problem... and i've come up with nothing. on almost every one of them i've looked at, they suggest PC Tools Spyware/Antivirus. so i went to download it from the pc tools site, and it says, almost automatically, "google chrome could not find pctools.com"... i used a search engine to find the correct site, so it can't just be the wrong url... and i tried on different days, as well, same result. pretty sure that the virus is blocking it...
anyway... finally got it through cnet... but, apparently, PC Tools has to automatically update itself before it will run AT ALL. whenever i click on the shortcut, or the icon in the system tray, a little dialog box pops up saying "new updates are available. run smart update". when i attempt to update, it says "update failed. error downloading the list of updates. try again later." then it suggests i check my internet connection. obviously, the virus is blocking the program from updating, as well.

so... my question is this: how do i stop it from blocking pctools.com? that's all i really care about... v_v" unless you don't think PCtools would clear all of it up..?
any suggestions at all would be greatly appreciated. oh yeah, and if it matters, i have win7 32-bit.
(more information about things i've already done to remove most of it at the bottom)

Running processes:
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\bArBiE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\bArBiE\AppData\Local\Temp\Rfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Antimalware Doctor.lnk = bArBiE\AppData\Roaming\722334A1AD6E38BF90BB0F2C81D18A22\secureapp70700.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bArBiE\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

Uninstall List:

7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.6
Adobe Reader 9.3.4
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BioShock 2
Color Efex Pro 3.0 Complete
Combined Community Codec Pack 2009-09-09
Counter-Strike: Source
Dfine 2.0
Download Updater (AOL LLC)
Fallout 3
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
Haali Media Splitter
HijackThis 2.0.2
Java(TM) 6 Update 17
LG Burning Tools
LG Power Tools
LG Power Tools
LucisArt 3 ED/SE
Malwarebytes' Anti-Malware
Matroska Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PC Tools AntiVirus Free
PDF Settings
RadLight 4.0 FINAL
Realtek High Definition Audio Driver
Sharpener Pro 3.0
Silver Efex Pro
Team Fortress 2
The Sims™ 3
Ventrilo Client
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

i deleted all the registry files that the sites suggested... but i think i must have a new strain of the virus (pun, most certainly, intended :3). many of the names of files that AVG has caught (i will most likely be getting NOD32 after this is all cleared up 0.o") were never even mentioned on the sites i looked on...
here's a list of them all: neacrowmxs.exe, xwemorscan.exe, earmxocswn.exe, rfp.exe, 3u79iQG9.sys, WS9eI7.sys, Rfu.exe, Rwejoc.exe, Rwejoa.exe, and Rwejob.exe (sorry for the long list :X just wanted to include them all)...
i also deleted all the temp files that i could... there are only four remaining that are being stubborn. i've tried deleting them in safe mode, as well, but they just came back when i re-booted.
the only signs of me still having the virus: random pop-ups (even on safe sites) that i never had before, and of course the blocking of PCtools' update.

btw, if any of the programs i have on my computer are insecure or all around worthless, let me know, and i will remove them.
inexplicably me
Active Member
Posts: 3
Joined: August 28th, 2010, 1:00 am
Register to Remove

Re: i have antimalware doctor too >_<

Unread postby NonSuch » August 28th, 2010, 1:40 am

In order for someone to analyze your HijackThis log, you must post the entire log, first line through last. The log you have posted has the header missing, which includes important information about your computer. You will need to provide us with a complete HijackThis log before we can help you. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
Posts: 27256
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 8 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware