Home > Combofix Log > Combofix Log (Patched.FL/AntimalwareDoctor/explorer.exe Infection)

Combofix Log (Patched.FL/AntimalwareDoctor/explorer.exe Infection)

Real md5: b45a4e625ec603300666828d5021db1c, Fake md5: 23c74d75e36e7158768dd63d92789a91 2010/09/01 07:05:57.0234 Backup copy found, using it.. 2010/09/01 07:05:57.0281 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot 2010/09/01 07:05:57.0281 Rootkit.Win32.TDSS.tdl3(IPSec) - User select action: Cure 2010/09/01 C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\SET3.tmp deleted successfully. So it looks clean. http://copyprotecteddvd.net/combofix-log/combofix-log-i-don-t-know-what-infection-i-have.html

Never run more than one scan at a time. C:\WINDOWS\tasks\At7.job moved successfully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer. File C:\WINDOWS\System32\drivers\euaceyd.sys not found. https://www.bleepingcomputer.com/forums/t/346690/combofix-log-patchedflantimalwaredoctorexplorerexe-infection/

L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. I really look up to your animaticsdoodle boards in whatever drawing program u have!! C:\WINDOWS\Gdivejo.bin moved successfully.

It was fairly late in the evening so I figured I would deal with it later. itrunsdoom FollowUnfollow gaming quake id software windows 95 it runs quake 88 notesLoading...Show more notesReblog 4when ISN’T there a mysterious tupperware of brown, though yourmythicalbest FollowUnfollow rhett and link okay my C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseCustomCalla.dll deleted successfully. E7CD0B7B4786B0C688A17C94E3B51C22 . 782336 . . [------] . .

Click here to fight backIf I have helped you fix your PC then please donate. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. C:\WINDOWS\tasks\At8.job moved successfully. https://forums.malwarebytes.com/topic/50105-antimalware-doctor-uninstall/?do=findComment&comment=253053 C:\WINDOWS\tasks\At16.job moved successfully.

Click here to Register a free account now! c:\windows\$NtUninstallKB900485$\aec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ------w- c:\documents and settings\Samh\Application Data\Dropbox\bin\DropboxExt.13.dll Bleeping Computer is being sued by EnigmaSoft. Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll O1 HOSTS File: ([2010/05/25 20:53:11 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: activate.adobe.com O2 - BHO:

NEVER A OR CHANGE ANY KEY*] "??"=hex:0b,ac,a6,b9,1e,29,c0,ba,66,84,02,23,cc,cd,63,dd,13,46,92,ec,ba,95,2a, 2a,96,32,84,86,1a,40,7f,45,04,56,a3,c5,35,06,5f,8c,f5,9b,e3,6a,93,74,6d,19,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d [HKEY_USERS\S-1-5-21-2025429265-682003330-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:36,32,55,71,4a,d6,77,45,07,6e,f8,fa,db,fe,94,e4,1d,aa,2a,00,51, 04,20,ba,f6,25,4b,60,52,bd,16,b1,1d,75,1d,67,b4,37,b8,2b,f9,6e,59,a0,90,cb,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - have a peek here Real md5: b45a4e625ec603300666828d5021db1c, Fake md5: 23c74d75e36e7158768dd63d92789a91 2010/09/01 07:05:37.0750 IPSec - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/09/01 07:05:37.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/01 07:05:37.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/01 07:05:37.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/01 07:05:37.0921 kbdhid C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\user.exe moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully. http://copyprotecteddvd.net/combofix-log/combofix-log-please-help.html C:\WINDOWS\tasks\At17.job moved successfully. Buy the Full Version AboutBrowse booksSite directoryAbout ScribdMeet the teamOur blogJoin our team!Contact UsPartnersPublishersDevelopers / APILegalTermsPrivacyCopyrightSupportHelpFAQAccessibilityPressPurchase helpAdChoicesMembershipsJoin todayInvite FriendsGiftsCopyright © 2017 Scribd Inc. .Terms of service.Accessibility.Privacy.Mobile Site.Site Language: English中文EspañolالعربيةPortuguês日本語DeutschFrançaisTurkceРусский языкTiếng việtJęzyk Registry value HKEY_USERS\Will_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

C:\WINDOWS\tasks\At4.job moved successfully. So i did a google search for the error message and found a thread saying that the sound was turned off, and to do a "run" command that would open up C:\WINDOWS\system32\kkh14mzcs.dll moved successfully. weblink You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes

Please re-enable javascript to access full functionality. C:\WINDOWS\login.exe moved successfully. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder

You guys are amazing!

Join the community here, it only takes a minute. C:\WINDOWS\tasks\At3.job moved successfully. Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where C:\WINDOWS\tasks\At18.job moved successfully.

Double-click on the OTLPE icon. it’s extremely buggy but it seems to work better on older computers??? C:\WINDOWS\tasks\At19.job moved successfully. check over here Registry value HKEY_USERS\Will_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

I clicked the X at the top right to close that window, then closed the tab that was open. C:\WINDOWS\tasks\At10.job moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. If a suspicious file is detected, the default action will be Skip, click on Continue.

Please refrain from running tools or applying updates other than those I suggest. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Yeah, it runs Quake.This is where things get interesting. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 m0le m0le Can U Dig It?

We invite you to ask questions, share experiences, and learn. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\sysedit.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom. (The content of Fix.txt should appear in the box) Then click the Run Fix button at Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully. Thanks for following!(btw i use vmware and i downloaded a premade machine…i’m very bad at setting these things up) relicsofadeletedworld FollowUnfollow retro computing windows 98 otaku mascot egames hello kitty kid Please download OTLPE (filesize 120,9 MB) When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive.