Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

sigh... antimalware doctor

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

sigh... antimalware doctor

Unread postby inexplicably me » August 31st, 2010, 12:29 am

so, i've looked on many different sites in hopes of finding a way to solve this problem... and i've come up with nothing. on almost every one of them i've looked at, they suggest PC Tools Spyware/Antivirus. so i went to download it from the pc tools site, and it says, almost automatically, "google chrome could not find pctools.com"... i used a search engine to find the correct site, so it can't just be the wrong url... and i tried on different days, as well, same result. pretty sure that the virus is blocking it...
anyway... finally got it through cnet... but, apparently, PC Tools has to automatically update itself before it will run AT ALL. whenever i click on the shortcut, or the icon in the system tray, a little dialog box pops up saying "new updates are available. run smart update". when i attempt to update, it says "update failed. error downloading the list of updates. try again later." then it suggests i check my internet connection. obviously, the virus is blocking the program from updating, as well.

so... my question is this: how do i stop it from blocking pctools.com? that's all i really care about... v_v" unless you don't think PCtools would clear all of it up..?
any suggestions at all would be greatly appreciated.
(more information about things i've already done to remove most of it at the bottom)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:28 AM, on 8/28/2010
Platform: Windows 7 Ultimate (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\bArBiE\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\bArBiE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\bArBiE\AppData\Local\Temp\Rfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Antimalware Doctor.lnk = bArBiE\AppData\Roaming\722334A1AD6E38BF90BB0F2C81D18A22\secureapp70700.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bArBiE\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6355 bytes


Uninstall List:

7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.6
Adobe Reader 9.3.4
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BioShock
BioShock 2
Color Efex Pro 3.0 Complete
Counter-Strike: Source
Download Updater (AOL LLC)
Fallout 3
Free Audio CD Burner version 1.4
Haali Media Splitter
HijackThis 2.0.2
iTunes
Java(TM) 6 Update 17
LG Burning Tools
LG Power Tools
LG Power Tools
LucisArt 3 ED/SE
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PC Tools AntiVirus Free
PDF Settings
PhotoScape
Portal
PVSonyDll
QuickTime
RadLight 4.0 FINAL
Realtek High Definition Audio Driver
Safari
Sharpener Pro 3.0
Silver Efex Pro
Steam
Team Fortress 2
The Sims™ 3
Uninstall 1.0.0.1
VCRedistSetup
Ventrilo Client
Viveza
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Zune
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)


i deleted all the registry files that the sites suggested... but i think i must have a new strain of the virus (pun, most certainly, intended :3). many of the names of files that AVG has caught (i will most likely be getting NOD32 after this is all cleared up 0.o") were never even mentioned on the sites i looked on...
here's a list of them all: neacrowmxs.exe, xwemorscan.exe, earmxocswn.exe, rfp.exe, 3u79iQG9.sys, WS9eI7.sys, Rfu.exe, Rwejoc.exe, Rwejoa.exe, and Rwejob.exe (sorry for the long list :X just wanted to include them all)...
i also deleted all the temp files that i could... there are only four remaining that are being stubborn. i've tried deleting them in safe mode, as well, but they just came back when i re-booted.
the only signs of me still having the virus: pop-ups when i open a new tab, or when clicking on a link (even on safe sites), the blocking of PCtools' update, along with the blocking of other related programs sites' (and i can't connect to the Steam network for some reason O_o).
oh yeah, and if it matters, i have win7 32-bit...

if any of the programs i have on my computer are insecure or all around worthless, let me know, and i will remove them.
inexplicably me
Active Member
 
Posts: 3
Joined: August 28th, 2010, 1:00 am
Top
Advertisement
Register to Remove

Re: sigh... antimalware doctor

Unread postby askey127 » September 1st, 2010, 1:18 pm

Hi inexplicably me,
It's better for you if you don't go anywhere near ask.com.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - Startup: Antimalware Doctor.lnk = bArBiE\AppData\Roaming\722334A1AD6E38BF90BB0F2C81D18A22\secureapp70700.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

AVG Free 9.0
Java(TM) 6 Update 17
HijackThis 2.0.2
Uninstall 1.0.0.1
Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 21 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then right click and choose "Run as administrator", and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------
Download, Install, and Scan with the Newest HiJackThis
The Downloads for HiJackThis 2.0.4 are here: http://free.antivirus.com/hijackthis/
  • Choose the Installer version and save to your Desktop. It will be named HiJackThis.msi.
  • for Vista/Win7, Right click and choose "Run as administrator" to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and a text log file will open in notepad.
  • Make sure Notepad's Format Menu has Word Wrap Unchecked.
  • Copy/Paste the entire log to your next reply please.
  • No matter what it says in the QuickStart Guide or elsewhere, DON'T USE the "ANALYZE THIS" button.
    Its Findings can be Dangerous for your machine.
  • Please Don't have Hijackthis fix anything yet.
    Most of what it is in the log are legitimate entries, necessary for the operation of your computer.

You may still get redirects. Let me know of any problems in performing the steps.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top

Re: sigh... antimalware doctor

Unread postby inexplicably me » September 2nd, 2010, 11:11 pm

no problem completing these steps at all. running an update for PC Tools as i type this ^_^
although, as i was looking through this log, i noticed that Rfu.exe from my temp files is still running (which was one of the original files that was picked up by AVG)... so i used HijackThis to "fix" it. will that get rid of it for good?

btw, i've never intentionally gone to ask.com =P got it as a pop-up once a long time ago... *shrug*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:35 PM, on 9/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\bArBiE\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\bArBiE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\bArBiE\AppData\Local\Temp\Rfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5051 bytes
inexplicably me
Active Member
 
Posts: 3
Joined: August 28th, 2010, 1:00 am
Top

Re: sigh... antimalware doctor

Unread postby askey127 » September 3rd, 2010, 9:39 am

inexplicably me,
Please do not scan, install, or remove anything unless I ask.
It makes the analysis more difficult.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Right click and "Run as Administrator"
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

It is not likely that removing the startup entry with HJT will fix the problem.
First, and VERY important- I need to know if your version of PCTools has the additional AntiVirus, or only the Anti-Spyware application.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top

Re: sigh... antimalware doctor

Unread postby muppy03 » September 7th, 2010, 4:23 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 202 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index