cyesergio

Thanks for replying back so fast. Just got word back from my mom that everything's A-OK now (no more pop ups from malware doctor etc). Should I still follow those last steps?

Malware bytes log with updated database: Malwarebytes' Anti-Malware 1.34 Database versie: 1879 Windows 5.1.2600 Service Pack 2 21-3-2009 2:44:34 mbam-log-2009-03-21 (02-44-34).txt Scan type: Snelle Scan Objecten gescand: 75707 Verstreken tijd: 7 minute(s), 1 second(s) Geheugenprocessen ge Attach.txt.zip DrWeb.csv.zip Attach.txt.zip DrWeb.csv.zip

will do, I wasn't pressing you (my mom was B) )

please?

anyone?

Sorry about that the sub-title was a bit vague! I'm havig trouble getting rid of MalwareDoc. I'm able to run MBAM. Here's the MBAM Log: Malwarebytes' Anti-Malware 1.34 Database versie: 1848 Windows 5.1.2600 Service Pack 2 15-3-2009 13:33:57 mbam-log-2009-03-15 (13-33-57).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 106808 Verstreken tijd: 21 minute(s), 5 second(s) Geheugenprocessen ge

Any suggestions on further steps? Thanks in advance! I'm using my mom over Teamviewer! I'm in Brazil she's in Holland. lol! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:02, on 14-3-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\TEMP\35F6138D.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe c:\program files\logitech\quickcam\lu\lulnchr.exe c:\program files\logitech\quickcam\lu\LogitechUpdate.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Cynthia Slagtand\temp\TeamViewer3\TeamViewer.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [wmagent.exe] C:\WINDOWS\TEMP\35F6138D.exe O4 - HKLM\..\Run: [Alcmtr] C:\Program Files\C0C8E5FD-B629-4644-81CD-E8E0FDF6A85D\Malware Doctor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [A00F66B6AD.exe] C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\_A00F66B6AD.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{139E22E7-B9C9-4312-8858-57AAE24ABB33}: NameServer = 195.121.1.34,195.121.1.66 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: emqsys.dll O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HTTP SSL HTTPFilterdmadmin (HTTPFilterdmadmin) - Unknown owner - C:\WINDOWS\system32\wpv341235998315.cpx.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: XAudioService - Unknown owner - C:\WINDOWS\system32\DRIVERS\xaudio.exe (file missing) -- End of file - 5415 bytes --- Any help would be appreciated! Cye