Home > Combofix Log > Combofix Log (Patched.FL/AntimalwareDoctor/explorer.exe Infection)

Combofix Log (Patched.FL/AntimalwareDoctor/explorer.exe Infection)

Virus help please Started by RandAlThor420 , Apr 25 2011 04:28 PM Page 1 of 2 1 2 Next This topic is locked 16 replies to this topic #1 RandAlThor420 RandAlThor420 Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, C:\WINDOWS\tasks\At9.job moved successfully. http://libraryonlineweb.com/combofix-log/combofix-log-i-don-t-know-what-infection-i-have.php

C:\WINDOWS\system32\drivers\euaceyd.sys moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. I've rebooted into safe mode and I'm rerunning malwarebytes anti-malware and spybot search and destroy. C:\WINDOWS\SET4.tmp deleted successfully. check here

c:\windows\$NtUninstallKB900485$\aec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversi Please click here if you are not redirected within a Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\system32\kkh14mzcs.dll moved successfully. C:\WINDOWS\002913_.tmp deleted successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\sysedit.exe moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "F:\Program Files\World of Warcraft\Launcher.exe" = F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "F:\Program Files\World of Warcraft\WoW-" = F:\Program I close my topics if you have not replied in 5 days.

C:\WINDOWS\system32\kkh14mzcs.dll moved successfully. Several functions may not work. Buy the Full Version You're Reading a Free Preview Pages 182 to 199 are not shown in this preview. It didn’t offer a whole lot beyond being able to run in a window, or on higher resolutions.GLQuake was intended as an experimental build that enabled hardware acceleration, since no consumer

scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADAM_instance1]"ImagePath"="c:\windows\ADAM\dsamain.exe -sn:instance1"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADAM_instance2]"ImagePath"="c:\windows\ADAM\dsamain.exe -sn:instance2"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]"ImagePath"="\"c:\program files\MySQL\MySQL Server 7.0\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 7.0\my.ini\" MySQL".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1993962763-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDB0D8F5-7874-E346-B812-AD5FAA7C0F64}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"haokoijdaokecahl"=hex:66,61,6f,6b,6d,69,6d,66,68,66,70,67,00,14"haokoijdgiafhjdd"=hex:64,62,62,6c,62,61,69,67,62,6e,69,65,69,6f,6f,62,67,64, 64,6c,66,6b,61,6a,69,67,66,6d,6b,69,69,63,68,70,6e,6b,68,63,67,70,00,a4"iaokoijdgppjegnpnb"=hex:63,61,70,69,6d,61,00,67"namhhnpjddgccpcnbhfgebepgand"=hex:6a,61,70,69,6d,61,64,68,61,68,70,6e,6a,70, 62,6f,66,65,6b,67,00,f8"magjffhnaaikhdnbljcldolfbb"=hex:6a,61,70,69,6d,61,64,68,61,68,70,6e,6a,70,62, 6f,66,65,6b,67,00,00"iaalhimnbdkbhoihha"=hex:62,61,63,6a,00,61.--------------------- DLLs Loaded Under Running C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\SET3.tmp deleted successfully. Thanksm0le is a proud member of UNITE Back to top #3 m0le m0le Can U Dig It?

C:\WINDOWS\tasks\At7.job moved successfully. navigate here Live2010-07-18 23:32 . 2010-07-18 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative2010-07-18 23:30 . 2009-06-04 17:17 -------- d-----w- c:\program files\Hotspot Shield2010-07-18 23:27 . 2009-06-06 10:51 -------- d-----w- c:\program files\ArtMoney2010-07-18 23:27 . C:\WINDOWS\system32\xgdf7mp.dll moved successfully. Using the site is easy and fun.

When I went to reboot my computer, it went into an endless reboot cycle, where it would get to the screen where it says Windows Media Center with a loading bar Start here -> Malware Removal Forum. C:\WINDOWS\SET3.tmp deleted successfully. http://libraryonlineweb.com/combofix-log/combofix-log-can-someone-please-take-a-look.php Sam Edited by SamTes, 01 September 2010 - 03:18 PM. 0 #6 Rorschach112 Posted 01 September 2010 - 03:24 PM Rorschach112 Ralphie Retired Staff 47,710 posts Download ComboFix here :Link 1Link

c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\tasks\At24.job moved successfully.

L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co.

C:\WINDOWS\tasks\At23.job moved successfully. BLEEPINGCOMPUTER NEEDS YOUR HELP! This triggered a storm of such drivers from other card manufacturers, and helped to make graphics cards mainstream.And finally, there was QuakeWorld, a modified version of the game that adjusted the periferiagalattica FollowUnfollow windows età software informatica sistemi operativi domande humor umorismo satira gioventù 76 notesLoading...Show more notesReblog Microsoft has made an addition that will please pissed off people everywhere – the

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}\ not found. C:\WINDOWS\tasks\At15.job moved successfully. this contact form Click here to fight backIf I have helped you fix your PC then please donate.

C:\WINDOWS\system32\nyqfp.dll moved successfully. c:\windows\$NtServicePackUninstall$\aec.sys [7] 2004-08-03 12:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . I currently don’t have a video editing software that works with Windows 10 so I am currently a little slow at getting videos out, but if you have a recommendation for C:\WINDOWS\tasks\At5.job moved successfully.

Join 91116 other members! c:\windows\ServicePackFiles\i386\aec.sys [-] 2006-02-15 00:30 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . C:\WINDOWS\msdownld.tmp folder deleted successfully. There were a few different options, but one said something like boot up from recovery disc.

If we have ever helped you in the past, please consider helping us. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\system32\drivers\euaceyd.sys moved successfully.