Virus/Spyware Issue - Cannot Clean!!!

View previous topic View next topic Go down

Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 9:51 pm

I got a problem with a virus that is blocking Microsoft updates and its website. Blocking all anti-virus sites and blocking virus programs from updating. Also in yahoo or google when i search for a page, it redirect me to a different sites. I ran Malwarebytes, SUPER Antispyware & Ad-Aware. They didnt help so im asking if someone can help me. Here is my HiJackThis log to see if u can find a problem or help me out Smile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:09 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - [You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - [You must be registered and logged in to see this link.]
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - [You must be registered and logged in to see this link.]
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - [You must be registered and logged in to see this link.]
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [You must be registered and logged in to see this link.]
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9484 bytes

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 9:57 pm

Hello.
I suspect it might Daonol, your symptoms sound like the Daonol trojan.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

I strongly recommend you to remove Ask from your computer because it's:

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Ask Toolbar
Then please find and delete this folder in bold (if present):
C:\Program Files\AskSBar

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Next, I need to know if you can use the registry editor. Go to Start > Run.
In the run box, type in regedit and hit enter.

Does the machine freeze/crash? [if yes, then you have the trojan I suspected]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 10:16 pm

Yes i can use regedit and it freezes sometimes when im using the internet. i did all that so what do i do now?

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 10:46 pm

Hello.
Then I need to find a new theory, Daonol stops you from using regedit, but you can use it.
Lets run a quick rootkit scan.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop


Note: This tool was specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 10:48 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxcwerdjooruwmtbahpkbaiqjxvkixrvbrf.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 10:53 pm

Jackpot.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gxvxcserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gxvxcwerdjooruwmtbahpkbaiqjxvkixrvbrf.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 10:58 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gxvxcserv.sys" deleted successfully.

Error: could not open file "C:\Windows\system32\driverrs\gxvxcvuvkierexquddttfoyvgtikipbjnieqv.sys"
Deletion of file "C:\Windows\system32\driverrs\gxvxcvuvkierexquddttfoyvgtikipbjnieqv.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 11:00 pm

Okay, update and run MBAM now, it should work fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 11:04 pm

well i cant update programs remember? if u can send the MBAM updated file then it will

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 11:11 pm

You can now, the rootkit driver is dead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 24th April 2009, 11:15 pm

its still blocked my updating to it...

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 24th April 2009, 11:50 pm

Okay, just run the scan without updating it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 10:54 am

It didnt work...it still blocks program updates, etc..

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 25th April 2009, 1:31 pm

Lets try this.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:06 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Admin at 13:02:44.77 on Sat 04/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.118 [GMT -4:00]

FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [cnfgCav] "c:\program files\comodo\comodo antivirus\CMain.exe"
dPolicies-system: DisableTaskMgr = 1
dPolicies-system: DisableRegistryTools = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\CavEmLSP.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - [You must be registered and logged in to see this link.]
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - [You must be registered and logged in to see this link.]
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - [You must be registered and logged in to see this link.]
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - [You must be registered and logged in to see this link.]
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - [You must be registered and logged in to see this link.]
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - [You must be registered and logged in to see this link.]
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - [You must be registered and logged in to see this link.]
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - [You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: monln - monln.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRIaYpM

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-24 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-24 24208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2009-4-24 519936]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2005-4-21 92550]
S0 prupvkua;prupvkua;c:\windows\system32\drivers\sqdemtgi.sys [2009-1-13 25088]
S0 vunl;vunl;c:\windows\system32\drivers\shwrl.sys --> c:\windows\system32\drivers\shwrl.sys [?]
S0 ynovcufi;ynovcufi;c:\windows\system32\drivers\dhglicow.sys [2009-1-13 25088]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 XDva219;XDva219; [x]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-29 33176]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-2 24652]

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:06 pm

=============== Created Last 30 ================

2009-04-24 20:32 5,967,499 a------- C:\Kanye West feat. Young Jeezy - Amazing.mp3
2009-04-24 19:06 --d----- c:\docume~1\admin\applic~1\LimeWire
2009-04-24 16:49 7,694,592 a------- C:\Thisis50.com-Eminem - 3 A.M..mp3
2009-04-24 14:25 9,004 a------- c:\windows\5b7as9arse190z5.bin
2009-04-24 13:06 73,728 a------- c:\windows\system32\CavEmLSP.dll
2009-04-24 13:06 102,400 a------- c:\windows\system32\drivers\cavasm.sys
2009-04-24 13:05 434,252 a------- c:\windows\system32\MSVCRTD.DLL
2009-04-24 13:05 216,576 a------- c:\windows\system32\monln.dll
2009-04-24 10:54 249,592 a------- c:\windows\system32\cssdll32.dll
2009-04-24 10:53 --d----- c:\docume~1\admin\applic~1\Comodo
2009-04-24 10:53 143,104 a------- c:\windows\system32\guard32.dll
2009-04-24 10:53 87,056 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-24 10:53 24,208 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-24 10:53 --d----- c:\docume~1\alluse~1\applic~1\comodo
2009-04-24 10:53 --d----- c:\program files\COMODO
2009-04-24 10:46 5,115 a------- c:\windows\system32\38e5vi91318z.exe
2009-04-24 01:15 6,182,998 a------- C:\readyrockproductions+kanyewestfkidcudilonelyfreedownload.mp3
2009-04-23 19:51 --d----- C:\Asher_Roth-Asleep_In_The_Bread_Aisle-2009-404
2009-04-22 16:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-22 16:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 16:10 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-22 15:52 107 a------- c:\windows\WININIT.INI
2009-04-21 22:12 3,287 a------- c:\windows\system32\598ethzef3102.cpl
2009-04-21 16:51 7,149,610 a------- C:\Lost In The Crowd (Prod. By Sinima).mp3
2009-04-20 21:20 7,405,319 a------- C:\thepuzzleproductions+feelinmyselfthecarter2freedl.mp3
2009-04-20 21:10 3,230,116 a------- C:\flawlesstracks+justmusicfreebeat.mp3
2009-04-20 16:39 3,852 a------- c:\windows\52z4t5rea924573.exe
2009-04-20 14:37 --d----- c:\program files\Driver Magician Lite
2009-04-20 05:37 11,833 a------- c:\windows\2z107ha5ktoo96e.cpl
2009-04-20 00:16 9,273 a------- c:\windows\system32\580dzw9loader2558.ocx
2009-04-19 21:24 --d----- c:\program files\Marcos Velasco Security
2009-04-19 21:02 --d----- c:\docume~1\admin\applic~1\Uniblue
2009-04-19 20:02 --d----- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2009-04-19 11:17 --d----- C:\The Inner City V3
2009-04-19 11:11 --d----- c:\documents and settings\admin\Tracing
2009-04-19 03:17 15,277 a------- c:\windows\system32\3bbd5wnlo9der141z.ocx
2009-04-18 22:12 --d----- c:\docume~1\admin\applic~1\uTorrent
2009-04-18 22:09 --dsh--- c:\documents and settings\admin\IETldCache
2009-04-18 22:03 --dsh--- c:\documents and settings\admin\IECompatCache
2009-04-18 22:02 --dsh--- c:\documents and settings\admin\PrivacIE
2009-04-18 22:00 --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-04-18 21:55 --d----- c:\documents and settings\Admin
2009-04-18 16:02 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-18 10:01 6,461 a------- c:\windows\20282not-a5ziru956a.cpl
2009-04-18 09:13 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-18 09:05 2,979 a------- c:\windows\system32\28753wor97z0.ocx
2009-04-18 02:22 --d----- c:\program files\SUPERAntiSpyware
2009-04-18 02:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-17 20:52 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
2009-04-17 20:51 37,888 ac------ c:\windows\system32\dllcache\md5filt.dll
2009-04-17 20:50 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-04-17 20:49 598,071 ac------ c:\windows\system32\dllcache\fpmmc.dll
2009-04-17 20:46 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-17 20:45 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-17 20:29 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-04-17 19:42 32,256 a------- c:\windows\system32\drivers\gxvxcwwbwwkmrdlypdqvpphxdultmesrqxewh.sys
2009-04-17 16:40 32,256 a------- c:\windows\system32\drivers\gxvxcmqlxnbekxyxtetrqmeycdjoownhhepav.sys
2009-04-17 16:23 32,256 a------- c:\windows\system32\drivers\gxvxcqjpiewfoeyxnstidvipmbnepbfboirlk.sys
2009-04-17 16:08 --d----- c:\windows\dell
2009-04-17 15:57 32,256 a------- c:\windows\system32\drivers\gxvxcoevbnykmxewbmkyxmbpfwxvdnkbwrrir.sys
2009-04-17 15:49 3,011 a------- c:\windows\4de5spyzare1589.exe
2009-04-17 15:39 32,256 a------- c:\windows\system32\drivers\gxvxcxbfpobfdxymhwvbquyoejwbxpfvkpdpa.sys
2009-04-17 13:39 32,256 a------- c:\windows\system32\drivers\gxvxcwerdjooruwmtbahpkbaiqjxvkixrvbrf.sys
2009-04-17 13:39 14,336 a------- c:\windows\system32\gxvxcvpvqplvdurbqlaswrndyxvmphoqxstou.dll
2009-04-17 13:39 4 a------- c:\windows\system32\gxvxccounter
2009-04-17 13:02 15,681 a------- c:\windows\system32\3f009hreatz1540.cpl
2009-04-14 08:32 12,739 a------- c:\windows\system32\3b75ba9kzoor1541.cpl
2009-04-12 02:44 10,297 a------- c:\windows\system32\242th5ef279z.ocx
2009-04-09 17:14 3,307 a------- c:\windows\system32\9e0cad5ware1z6.dll
2009-04-08 09:18 13,491 a------- c:\windows\system32\168edo9n5oader2431z.ocx
2009-04-07 21:59 5,880 a------- c:\windows\system32\29548wormzad.bin
2009-04-06 22:35 16,678 a------- c:\windows\system32\109abackdoo52576z.bin
2009-04-06 01:43 15,406 a------- c:\windows\system32\17717vi95z671.bin
2009-04-05 03:08 10,753 a------- c:\windows\3a9dspzr5e2999.bin
2009-04-04 17:38 9,271 a------- c:\windows\9955wzrm27c9.ocx
2009-04-04 14:58 13,920 a------- c:\windows\system32\5ef5thze9t8444.dll
2009-04-03 15:02 4,765 a------- c:\windows\system32\6069st5az2302.dll
2009-04-03 12:03 9,597 a------- c:\windows\z0899w5rm58d.bin
2009-04-02 18:00 --d----- c:\program files\common files\DivX Shared
2009-03-30 22:32 8,985 ---sh--- C:\AlbumArt_{1956C33A-1D27-4A4F-BB0B-31EFC5D3DDE8}_Large.jpg
2009-03-30 22:32 2,679 ---sh--- C:\AlbumArt_{1956C33A-1D27-4A4F-BB0B-31EFC5D3DDE8}_Small.jpg
2009-03-30 15:17 87,472 a------- c:\windows\system32\ijjiChannelingPlugin.dll
2009-03-30 15:17 62,976 a------- c:\windows\system32\uc_sfighters_launching.dll
2009-03-29 13:31 --d----- C:\d846a9b8cd6581d07b
2009-03-29 13:31 --d----- c:\program files\common files\Software Update Utility
2009-03-29 13:27 --d-h--- c:\windows\msdownld.tmp
2009-03-28 14:24 --d----- c:\windows\ie8updates
2009-03-28 14:03 -cd-h--- c:\windows\ie8
2009-03-28 01:49 6,447 a------- c:\windows\4d55spzware2689.exe
2009-03-27 22:25 16,454 a------- c:\windows\5az6backdoo9452.exe
2009-03-27 05:25 9,078 a------- c:\windows\system32\32076v5ru9z22.exe

==================== Find3M ====================

2009-04-24 13:05 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-24 13:05 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 13:05 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-18 12:02 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-18 02:09 1,097,216 a------- c:\windows\system32\setup2.exe
2009-04-17 20:36 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-03-29 10:04 25,088 a------- c:\windows\system32\drivers\dhglicow.sys
2009-03-29 10:04 25,088 a------- c:\windows\system32\drivers\sqdemtgi.sys
2009-03-25 10:38 18,018 a------- c:\windows\system32\5a36zddw59e3255.bin
2009-03-25 03:51 3,873 a------- c:\windows\27861tr9j6z5.bin
2009-03-22 11:28 17,386 a------- c:\windows\system32\522doznloader30399.bin
2009-03-21 21:10 5,698 a------- c:\windows\system32\z1169not-a-vi5us3d4.bin
2009-03-20 08:34 6,808 a------- c:\windows\system32\19597worm2bz.exe
2009-03-17 13:28 15,963 a------- c:\windows\system32\66caaddw5re34z9.exe
2009-03-16 16:11 15,759 a------- c:\windows\system32\54d95hief9z15.bin
2009-03-15 06:25 56,268 a------- c:\windows\system32\drivers\scdemu.sys
2009-03-12 15:29 13,159 a------- c:\windows\system32\2ba6downloade9z295.dll
2009-03-12 04:07 9,589 a------- c:\windows\11929zorm5aa5.bin
2009-03-10 01:44 7,167 a------- c:\windows\4c9z5pa9se1285.exe
2009-03-09 21:18 12,610 a------- c:\windows\system32\6edbthrz9t15475.bin
2009-03-09 11:11 8,613 a------- c:\windows\system32\z8951spambot4b.bin
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 05:59 7,530 a------- c:\windows\9d76steal250z.bin
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-07 11:38 16,998 a------- c:\windows\z7059pa5bot5a4.exe
2009-03-05 04:33 3,243 a------- c:\windows\system32\26zthreat11954.exe
2009-03-04 21:53 4,554 a------- c:\windows\system32\z20f5ownlo9der2045.exe
2009-03-04 09:02 17,468 a------- c:\windows\system32\6365spyware9061z.bin
2009-03-04 07:14 7,413 a------- c:\windows\system32\6acastealz5759.exe
2009-03-03 19:45 11,704 a------- c:\windows\5z44downloader2196.exe
2009-03-03 03:46 5,495 a------- c:\windows\635d59dzare2498.exe
2009-02-28 03:03 11,343 a------- c:\windows\1bbat5reat9466z.bin
2009-02-27 14:06 8,065 a------- c:\windows\15ed9pywa5z1334.exe
2009-02-26 03:16 16,616 a------- c:\windows\system32\5d34sp59sez330.dll
2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-23 15:11 16,980 a------- c:\windows\system32\91359acktool608z.exe
2009-02-21 08:45 4,060 a------- c:\windows\system32\269775ro95e3z.exe
2009-02-20 17:36 16,848 a------- c:\windows\system32\z95bvir900.bin
2009-02-19 18:40 16,812 a------- c:\windows\system32\990not-a5virzs359.dll
2009-02-19 10:03 11,961 a------- c:\windows\system32\5a05spazse2009.bin
2009-02-19 00:22 5,399 a------- c:\windows\system32\375fspywa9e1z24.exe
2009-02-18 14:46 13,586 a------- c:\windows\system32\191519orm66z.bin
2009-02-16 03:36 9,490 a------- c:\windows\6215sz5rs93150.exe
2009-02-12 23:26 10,020 a------- c:\windows\system32\12717hack5oo955z.exe
2009-02-12 16:39 15,652 a------- c:\windows\69f2s5e9l2z0.exe
2009-02-11 21:49 12,343 a------- c:\windows\system32\5145addwa9e213z.dll
2009-02-10 02:46 13,964 a------- c:\windows\3d85t9ief11z.exe
2009-02-09 09:30 17,776 a------- c:\windows\system32\274189a5ktooz11f.exe
2009-02-06 22:56 11,025 a------- c:\windows\50529pyware230z.dll
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 15:23 12,336 a------- c:\windows\system32\325289pambzt796.bin
2009-02-06 15:11 8,337 a------- c:\windows\5z60backd9or2954.dll
2009-02-06 14:27 3,035 a------- c:\windows\7zafs5yware6039.bin
2009-01-27 07:59 9,819 a------- c:\windows\2311ztro51709.dll
2009-01-27 00:06 10,746 a------- c:\windows\system32\3e475a9zdoor1747.bin
2009-01-25 15:31 17,564 a------- c:\windows\58402not-z9virus71a.exe
2008-12-28 21:02 703,914 a--sh--- c:\windows\system32\CdcLmnpo.ini2
2009-01-15 03:44 1,648,377 a--sh--- c:\windows\system32\MpYaIRqr.ini2
2008-12-27 17:39 16,384 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-08-22 18:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat
2008-12-22 22:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat
2008-12-27 17:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122720081228\index.dat
2009-01-14 00:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011320090114\index.dat

============= FINISH: 13:03:34.14 ===============

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 25th April 2009, 5:17 pm

Hello.
Bad news.

By using P2P program, I see Limewire/uTorrent, and besides the fact your not even running an AV, there is serious damage done by the malware.

I can't be certain that this can be fixed, DDS shows signs of a file infecter known as Sality. If you do have Sality, your only way out is formatting.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:50 pm

Running from: C:\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CdcLmnpo.ini2
c:\windows\system32\drivers\gxvxcmqlxnbekxyxtetrqmeycdjoownhhepav.sys
c:\windows\system32\drivers\gxvxcoevbnykmxewbmkyxmbpfwxvdnkbwrrir.sys
c:\windows\system32\drivers\gxvxcqjpiewfoeyxnstidvipmbnepbfboirlk.sys
c:\windows\system32\drivers\gxvxcwerdjooruwmtbahpkbaiqjxvkixrvbrf.sys
c:\windows\system32\drivers\gxvxcwwbwwkmrdlypdqvpphxdultmesrqxewh.sys
c:\windows\system32\drivers\gxvxcxbfpobfdxymhwvbquyoejwbxpfvkpdpa.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcvpvqplvdurbqlaswrndyxvmphoqxstou.dll
c:\windows\system32\MnmVDJjl.ini
c:\windows\system32\MpYaIRqr.ini
c:\windows\system32\MpYaIRqr.ini2
c:\windows\system32\uc_sfighters_launching.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-12-28 17:23 . 2009-12-28 17:23 4088 ----a-w c:\windows\21985szy931.exe
2009-12-28 17:00 . 2009-12-28 17:00 17002 ----a-w c:\windows\system32\9284sp5rse115z.cpl
2009-12-27 07:24 . 2009-12-27 07:24 11885 ----a-w c:\windows\system32\459szy45d.ocx
2009-12-25 11:54 . 2009-12-25 11:54 16259 ----a-w c:\windows\system32\5d6dviz591.dll
2009-12-25 08:43 . 2009-12-25 08:43 8713 ----a-w c:\windows\4c05steal1z49.cpl
2009-12-25 00:26 . 2009-12-25 00:26 14042 ----a-w c:\windows\system32\8615wz9m4f0.bin
2009-12-24 10:15 . 2009-12-24 10:15 17747 ----a-w c:\windows\system32\72739orz8f5.ocx
2009-12-23 18:01 . 2009-12-23 18:01 13030 ----a-w c:\windows\55544wo9mz95.cpl
2009-12-22 23:59 . 2009-12-22 23:59 6415 ----a-w c:\windows\system32\5ez5t5ief2092.exe
2009-12-22 09:23 . 2009-12-22 09:23 11990 ----a-w c:\windows\215z59roj572.exe
2009-12-21 12:06 . 2009-12-21 12:06 8377 ----a-w c:\windows\system32\4fa5t9zef530.cpl
2009-12-20 16:05 . 2009-12-20 16:05 3144 ----a-w c:\windows\system32\19359s9y5az.bin
2009-12-16 14:10 . 2009-12-16 14:10 14261 ----a-w c:\windows\64cebackdoo51933z.dll
2009-12-15 05:21 . 2009-12-15 05:21 3594 ----a-w c:\windows\system32\17539zackto9l737.dll
2009-12-11 15:55 . 2009-12-11 15:55 5114 ----a-w c:\windows\5f5evi921z0.ocx
2009-12-11 15:11 . 2009-12-11 15:11 14043 ----a-w c:\windows\system32\zc93vi59124.exe
2009-12-11 13:54 . 2009-12-11 13:54 3542 ----a-w c:\windows\57e95aczdoor2470.ocx
2009-12-11 08:37 . 2009-12-11 08:37 16655 ----a-w c:\windows\system32\5f8zspar9e1558.ocx
2009-12-11 00:00 . 2009-12-11 00:00 14664 ----a-w c:\windows\system32\498z9ackdo5r1117.cpl
2009-12-10 19:55 . 2009-12-10 19:55 5029 ----a-w c:\windows\1507spyware9z89.exe
2009-12-10 15:06 . 2009-12-10 15:06 12495 ----a-w c:\windows\system32\36c6backdooz9566.exe
2009-12-10 13:30 . 2009-12-10 13:30 6336 ----a-w c:\windows\system32\95espyzare292.ocx
2009-12-09 23:09 . 2009-12-09 23:09 3097 ----a-w c:\windows\system32\26727no9-a5virus65z.ocx
2009-12-09 10:05 . 2009-12-09 10:05 10778 ----a-w c:\windows\system32\995ethr5az14511.cpl
2009-12-08 22:41 . 2009-12-08 22:41 7899 ----a-w c:\windows\system32\2e09downloadz52144.exe
2009-12-08 16:17 . 2009-12-08 16:17 9311 ----a-w c:\windows\system32\z94vir3589.cpl
2009-12-05 20:33 . 2009-12-05 20:33 11728 ----a-w c:\windows\system32\z8590troj2dd.ocx
2009-12-05 19:29 . 2009-12-05 19:29 15728 ----a-w c:\windows\system32\1fz1th9eat106955.ocx
2009-12-03 00:33 . 2009-12-03 00:33 16642 ----a-w c:\windows\5z56s9yware2995.ocx
2009-12-02 14:46 . 2009-12-02 14:46 10803 ----a-w c:\windows\5c99thie5157z.cpl
2009-12-02 05:57 . 2009-12-02 05:57 15468 ----a-w c:\windows\13351zack95ol173.bin
2009-11-28 01:46 . 2009-11-28 01:46 9623 ----a-w c:\windows\944cdownzoader1567.exe
2009-11-26 01:34 . 2009-11-26 01:34 5349 ----a-w c:\windows\system32\995spzware1428.exe
2009-11-25 09:14 . 2009-11-25 09:14 6150 ----a-w c:\windows\3ba2dowzloa9er325.dll
2009-11-23 12:29 . 2009-11-23 12:29 18243 ----a-w c:\windows\256da9dwaze2942.cpl
2009-11-23 12:24 . 2009-11-23 12:24 17944 ----a-w c:\windows\system32\3dzdvi92558.bin
2009-11-23 10:12 . 2009-11-23 10:12 12552 ----a-w c:\windows\system32\2d9zs9ea5195.cpl
2009-11-22 14:30 . 2009-11-22 14:30 10535 ----a-w c:\windows\5936downloazer1387.dll
2009-11-22 05:30 . 2009-11-22 05:30 16963 ----a-w c:\windows\system32\21099ha59tooz7de.bin
2009-11-19 01:55 . 2009-11-19 01:55 7721 ----a-w c:\windows\1a58v9z1951.dll
2009-11-19 01:49 . 2009-11-19 01:49 16490 ----a-w c:\windows\system32\295915pyz43.exe
2009-11-18 22:15 . 2009-11-18 22:15 17951 ----a-w c:\windows\system32\28z0159y369.ocx
2009-11-17 20:07 . 2009-11-17 20:07 8227 ----a-w c:\windows\system32\zc9cst9al12385.exe
2009-11-15 18:46 . 2009-11-15 18:46 12978 ----a-w c:\windows\system32\z459vir7195.exe
2009-11-15 01:21 . 2009-11-15 01:21 5836 ----a-w c:\windows\2bfthr9zt27745.cpl
2009-11-13 14:07 . 2009-11-13 14:07 6885 ----a-w c:\windows\system32\25940spambo9z75.bin
2009-11-13 11:28 . 2009-11-13 11:28 18034 ----a-w c:\windows\1601z9ot-a-vir5s754.cpl
2009-11-13 06:57 . 2009-11-13 06:57 5094 ----a-w c:\windows\3953viru9z1f.ocx
2009-11-13 04:29 . 2009-11-13 04:29 5627 ----a-w c:\windows\system32\25696szam5ot570.bin
2009-11-10 08:30 . 2009-11-10 08:30 3398 ----a-w c:\windows\system32\3d9dst9zl5514.bin
2009-11-10 06:53 . 2009-11-10 06:53 17512 ----a-w c:\windows\34z5add9are2752.exe
2009-11-10 01:02 . 2009-11-10 01:02 14585 ----a-w c:\windows\3149wzrm1d95.exe
2009-11-09 03:33 . 2009-11-09 03:33 17659 ----a-w c:\windows\system32\5b55addwzre1297.ocx
2009-11-07 03:07 . 2009-11-07 03:07 4585 ----a-w c:\windows\523e5hreatz0499.dll
2009-11-06 04:54 . 2009-11-06 04:54 12290 ----a-w c:\windows\z43fbackdoor9550.dll
2009-11-05 10:50 . 2009-11-05 10:50 5277 ----a-w c:\windows\system32\3005zsp53dc9.exe
2009-10-27 10:03 . 2009-10-27 10:03 11505 ----a-w c:\windows\z5b9ir1617.cpl
2009-10-26 01:21 . 2009-10-26 01:21 9197 ----a-w c:\windows\z512spar9e1912.ocx
2009-10-24 21:14 . 2009-10-24 21:14 12208 ----a-w c:\windows\6529vir3119z.bin
2009-10-20 16:21 . 2009-10-20 16:21 5326 ----a-w c:\windows\5e0bazkd9or1306.cpl
2009-10-17 19:16 . 2009-10-17 19:16 13473 ----a-w c:\windows\system32\1c59bazkdoor140.exe
2009-10-17 07:22 . 2009-10-17 07:22 3895 ----a-w c:\windows\826bazkd9o52378.bin
2009-10-15 16:54 . 2009-10-15 16:54 5118 ----a-w c:\windows\796zhack5ool1629.dll
2009-10-13 22:39 . 2009-10-13 22:39 14923 ----a-w c:\windows\system32\z95dthi9f54.ocx
2009-10-12 18:44 . 2009-10-12 18:44 9726 ----a-w c:\windows\z950s5am9ot40f.exe
2009-10-10 18:52 . 2009-10-10 18:52 15553 ----a-w c:\windows\system32\169z3n5t-a-virus230.exe
2009-10-10 07:03 . 2009-10-10 07:03 4740 ----a-w c:\windows\system32\7551thre9t2z476.bin
2009-10-08 09:03 . 2009-10-08 09:03 11615 ----a-w c:\windows\system32\2559ste9l3265z.dll
2009-10-08 01:58 . 2009-10-08 01:58 14293 ----a-w c:\windows\15z33ha9ktool75.bin
2009-10-06 19:10 . 2009-10-06 19:10 9234 ----a-w c:\windows\system32\33zfsp5ware1793.ocx
2009-10-05 19:02 . 2009-10-05 19:02 6696 ----a-w c:\windows\system32\29403tr5j4z3.bin
2009-10-04 15:48 . 2009-10-04 15:48 3933 ----a-w c:\windows\z5763vi9us5d2.bin
2009-10-03 21:08 . 2009-10-03 21:08 17566 ----a-w c:\windows\95977z5y5c.bin
2009-10-03 06:29 . 2009-10-03 06:29 4828 ----a-w c:\windows\system32\7e70th5ef148z9.ocx
2009-09-26 17:45 . 2009-09-26 17:45 18311 ----a-w c:\windows\system32\77d8backdo95z26.ocx
2009-09-26 16:51 . 2009-09-26 16:51 10573 ----a-w c:\windows\2053z9reat5946.ocx
2009-09-26 09:11 . 2009-09-26 09:11 9890 ----a-w c:\windows\19942sp53a3z.bin
2009-09-26 06:34 . 2009-09-26 06:34 5326 ----a-w c:\windows\system32\48ddszars59137.ocx
2009-09-25 03:23 . 2009-09-25 03:23 14559 ----a-w c:\windows\system32\53995pyz09.ocx
2009-09-23 04:38 . 2009-09-23 04:38 16126 ----a-w c:\windows\23626no9-a-5irus1c2z.bin
2009-09-21 22:06 . 2009-09-21 22:06 4724 ----a-w c:\windows\149bsp5zare459.bin
2009-09-18 08:03 . 2009-09-18 08:03 2875 ----a-w c:\windows\1z4ad59are3151.ocx
2009-09-15 23:34 . 2009-09-15 23:34 17028 ----a-w c:\windows\5ezdthief39845.dll
2009-09-14 23:26 . 2009-09-14 23:26 11819 ----a-w c:\windows\27282s9am5ot49z.ocx
2009-09-14 11:50 . 2009-09-14 11:50 2778 ----a-w c:\windows\41z5ba9kdoor635.exe
2009-09-14 03:25 . 2009-09-14 03:25 16571 ----a-w c:\windows\system32\323589ot-z-virus2f6.ocx
2009-09-13 23:51 . 2009-09-13 23:51 5507 ----a-w c:\windows\system32\7435spywa5z9821.cpl
2009-09-13 05:41 . 2009-09-13 05:41 10026 ----a-w c:\windows\system32\15fzsp9rse16145.dll
2009-09-12 19:00 . 2009-09-12 19:00 12781 ----a-w c:\windows\715zth9ef584.exe
2009-09-12 10:56 . 2009-09-12 10:56 10705 ----a-w c:\windows\5d5c95r135z.dll
2009-09-08 13:54 . 2009-09-08 13:54 8823 ----a-w c:\windows\90z3thief9955.bin
2009-09-07 12:31 . 2009-09-07 12:31 8850 ----a-w c:\windows\system32\8796virzs588.cpl
2009-09-06 10:29 . 2009-09-06 10:29 13040 ----a-w c:\windows\31399tr5z75.cpl
2009-09-05 17:15 . 2009-09-05 17:15 15204 ----a-w c:\windows\15665sp91z2.bin
2009-09-05 03:49 . 2009-09-05 03:49 4899 ----a-w c:\windows\527v9r185z.dll
2009-09-04 10:57 . 2009-09-04 10:57 9461 ----a-w c:\windows\955sze9l735.ocx
2009-09-03 22:18 . 2009-09-03 22:18 13099 ----a-w c:\windows\6486backd95rz20.ocx
2009-09-02 05:01 . 2009-09-02 05:01 17690 ----a-w c:\windows\7zaestea53944.cpl
2009-09-01 13:33 . 2009-09-01 13:33 4465 ----a-w c:\windows\3ca2stealz5349.ocx
2009-08-28 05:06 . 2009-08-28 05:06 3174 ----a-w c:\windows\254czhief5935.dll
2009-08-28 01:12 . 2009-08-28 01:12 15609 ----a-w c:\windows\system32\41579ackdozr2805.exe
2009-08-27 05:03 . 2009-08-27 05:03 5746 ----a-w c:\windows\36azthrea519987.bin
2009-08-27 03:30 . 2009-08-27 03:30 11960 ----a-w c:\windows\system32\4846addwar9255z.bin
2009-08-25 17:42 . 2009-08-25 17:42 14928 ----a-w c:\windows\19557wormz95.ocx
2009-08-21 20:50 . 2009-08-21 20:50 4263 ----a-w c:\windows\system32\21055troz599.exe
2009-08-21 18:23 . 2009-08-21 18:23 4860 ----a-w c:\windows\65z7sp9ware2956.bin
2009-08-20 13:32 . 2009-08-20 13:32 9017 ----a-w c:\windows\system32\5z695r905.ocx
2009-08-19 10:57 . 2009-08-19 10:57 9695 ----a-w c:\windows\system32\95f5adzware335.bin
2009-08-19 04:01 . 2009-08-19 04:01 11622 ----a-w c:\windows\system32\1z65859y9e.ocx
2009-08-17 08:06 . 2009-08-17 08:06 11997 ----a-w c:\windows\system32\95712trojz50.cpl
2009-08-16 12:41 . 2009-08-16 12:41 3128 ----a-w c:\windows\system32\57219tzoj67a9.cpl
2009-08-12 12:56 . 2009-08-12 12:56 11770 ----a-w c:\windows\system32\7ez1addwar91056.dll
2009-08-12 10:32 . 2009-08-12 10:32 10667 ----a-w c:\windows\system32\399ez5r1299.dll
2009-08-11 23:48 . 2009-08-11 23:48 6297 ----a-w c:\windows\25389vzrus1db.ocx
2009-08-10 01:20 . 2009-08-10 01:20 5146 ----a-w c:\windows\system32\970z5wo5m54f.bin
2009-08-09 15:28 . 2009-08-09 15:28 15500 ----a-w c:\windows\system32\9579no9-a-vizus65c.exe
2009-08-09 01:58 . 2009-08-09 01:58 5775 ----a-w c:\windows\system32\7c5dst9zl2765.cpl
2009-08-09 00:53 . 2009-08-09 00:53 10193 ----a-w c:\windows\52a2tz9eat22012.exe
2009-08-08 01:56 . 2009-08-08 01:56 17715 ----a-w c:\windows\185fsparz92298.dll
2009-08-06 18:06 . 2009-08-06 18:06 12051 ----a-w c:\windows\1z865viru9425.bin
2009-08-05 15:16 . 2009-08-05 15:16 11007 ----a-w c:\windows\295339roz158.exe
2009-08-03 12:20 . 2009-08-03 12:20 12067 ----a-w c:\windows\2195zroj6dc.ocx
2009-08-03 04:38 . 2009-08-03 04:38 13620 ----a-w c:\windows\ff7zd9ware5539.bin
2009-08-03 03:42 . 2009-08-03 03:42 9070 ----a-w c:\windows\14685sp95bz.dll
2009-08-01 04:23 . 2009-08-01 04:23 3218 ----a-w c:\windows\4dca5ac9dooz901.cpl

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:50 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 22:36 . 2008-02-03 00:27 -------- d-----w c:\program files\Yahoo!
2009-04-24 22:16 . 2009-01-28 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-24 21:58 . 2009-04-24 15:24 1788 ----a-w C:\aaw7boot.log
2009-04-24 17:06 . 2009-04-24 14:53 -------- d-----w c:\program files\COMODO
2009-04-24 17:05 . 2008-01-18 02:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-24 17:05 . 2008-01-18 02:23 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-24 17:05 . 2008-01-18 02:23 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-22 20:12 . 2009-04-22 20:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 20:05 . 2008-02-20 18:13 -------- d-----w c:\program files\PowerISO
2009-04-20 18:37 . 2009-04-20 18:37 -------- d-----w c:\program files\Driver Magician Lite
2009-04-20 01:24 . 2009-04-20 01:24 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-18 16:02 . 2008-01-16 03:18 87263 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-18 13:13 . 2009-04-18 06:22 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-18 06:22 . 2009-04-18 06:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-18 02:06 . 2008-02-03 00:29 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-18 00:36 . 2008-01-16 03:16 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-16 17:18 . 2008-01-18 02:33 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-06 17:29 . 2008-02-03 00:25 -------- d-----w c:\program files\DivX
2009-04-02 22:00 . 2009-04-02 22:00 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-31 02:32 . 2008-03-27 23:27 376 --sh--w C:\desktop.ini
2009-03-31 02:32 . 2008-03-27 23:24 2679 --sh--w C:\AlbumArtSmall.jpg
2009-03-31 02:32 . 2008-03-27 23:24 8985 --sh--w C:\Folder.jpg
2009-03-29 19:32 . 2008-01-18 02:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-29 19:27 . 2009-03-29 19:27 -------- d-----w c:\program files\NOS
2009-03-29 17:31 . 2009-03-29 17:31 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-03-29 17:29 . 2009-03-29 06:43 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-29 17:12 . 2008-02-03 18:27 -------- d-----w c:\program files\Java
2009-03-29 14:04 . 2009-01-14 01:17 25088 ----a-w c:\windows\system32\drivers\dhglicow.sys
2009-03-29 14:04 . 2009-01-14 01:14 25088 ----a-w c:\windows\system32\drivers\sqdemtgi.sys
2009-03-25 14:38 . 2009-03-25 14:38 18018 ----a-w c:\windows\system32\5a36zddw59e3255.bin
2009-03-25 07:51 . 2009-03-25 07:51 3873 ----a-w c:\windows\27861tr9j6z5.bin
2009-03-22 15:28 . 2009-03-22 15:28 17386 ----a-w c:\windows\system32\522doznloader30399.bin
2009-03-22 01:10 . 2009-03-22 01:10 5698 ----a-w c:\windows\system32\z1169not-a-vi5us3d4.bin
2009-03-20 23:02 . 2009-03-20 23:02 -------- d-----w c:\program files\SilentMusicBand
2009-03-20 12:34 . 2009-03-20 12:34 6808 ----a-w c:\windows\system32\19597worm2bz.exe
2009-03-17 17:28 . 2009-03-17 17:28 15963 ----a-w c:\windows\system32\66caaddw5re34z9.exe
2009-03-16 20:11 . 2009-03-16 20:11 15759 ----a-w c:\windows\system32\54d95hief9z15.bin
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-15 04:34 . 2008-12-23 01:14 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 22:01 . 2008-02-28 01:20 -------- d-----w c:\program files\Windows Live
2009-03-14 22:00 . 2009-03-14 22:00 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-14 21:57 . 2009-03-14 21:57 -------- d-----w c:\program files\Microsoft
2009-03-14 21:56 . 2009-03-14 21:56 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-14 21:50 . 2009-03-14 21:50 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 19:37 . 2008-02-03 18:26 -------- d-----w c:\program files\LimeWire
2009-03-12 19:29 . 2009-03-12 19:29 13159 ----a-w c:\windows\system32\2ba6downloade9z295.dll
2009-03-12 08:07 . 2009-03-12 08:07 9589 ----a-w c:\windows\11929zorm5aa5.bin
2009-03-10 05:44 . 2009-03-10 05:44 7167 ----a-w c:\windows\4c9z5pa9se1285.exe
2009-03-10 01:18 . 2009-03-10 01:18 12610 ----a-w c:\windows\system32\6edbthrz9t15475.bin
2009-03-09 21:18 . 2009-03-09 21:18 2832 --sh--w C:\AlbumArt_{490346A1-3318-4B4C-94C4-C6A74FB24AD0}_Small.jpg
2009-03-09 21:18 . 2009-03-09 21:18 12169 --sh--w C:\AlbumArt_{490346A1-3318-4B4C-94C4-C6A74FB24AD0}_Large.jpg
2009-03-09 15:11 . 2009-03-09 15:11 8613 ----a-w c:\windows\system32\z8951spambot4b.bin
2009-03-09 09:19 . 2008-12-14 15:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:59 . 2009-03-08 09:59 7530 ----a-w c:\windows\9d76steal250z.bin
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 11:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 11:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 11:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 11:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 11:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 11:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 11:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 11:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 11:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 15:38 . 2009-03-07 15:38 16998 ----a-w c:\windows\z7059pa5bot5a4.exe
2009-03-05 08:33 . 2009-03-05 08:33 3243 ----a-w c:\windows\system32\26zthreat11954.exe
2009-03-05 01:53 . 2009-03-05 01:53 4554 ----a-w c:\windows\system32\z20f5ownlo9der2045.exe
2009-03-04 13:02 . 2009-03-04 13:02 17468 ----a-w c:\windows\system32\6365spyware9061z.bin
2009-03-04 11:14 . 2009-03-04 11:14 7413 ----a-w c:\windows\system32\6acastealz5759.exe
2009-03-03 23:45 . 2009-03-03 23:45 11704 ----a-w c:\windows\5z44downloader2196.exe
2009-03-03 07:46 . 2009-03-03 07:46 5495 ----a-w c:\windows\635d59dzare2498.exe
2009-02-28 07:03 . 2009-02-28 07:03 11343 ----a-w c:\windows\1bbat5reat9466z.bin
2009-02-27 18:06 . 2009-02-27 18:06 8065 ----a-w c:\windows\15ed9pywa5z1334.exe
2009-02-26 07:16 . 2009-02-26 07:16 16616 ----a-w c:\windows\system32\5d34sp59sez330.dll
2009-02-26 05:45 . 2009-02-26 05:45 268 ---ha-w C:\sqmdata01.sqm
2009-02-26 05:45 . 2009-02-26 05:45 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-23 19:11 . 2009-02-23 19:11 16980 ----a-w c:\windows\system32\91359acktool608z.exe
2009-02-21 12:45 . 2009-02-21 12:45 4060 ----a-w c:\windows\system32\269775ro95e3z.exe
2009-02-20 21:36 . 2009-02-20 21:36 16848 ----a-w c:\windows\system32\z95bvir900.bin
2009-02-19 22:40 . 2009-02-19 22:40 16812 ----a-w c:\windows\system32\990not-a5virzs359.dll
2009-02-19 14:03 . 2009-02-19 14:03 11961 ----a-w c:\windows\system32\5a05spazse2009.bin
2009-02-19 04:22 . 2009-02-19 04:22 5399 ----a-w c:\windows\system32\375fspywa9e1z24.exe
2009-02-19 02:04 . 2009-02-19 02:04 7566 --sh--w C:\AlbumArt_{706731EF-F89C-4F52-BDED-CCE2CC854CC7}_Large.jpg
2009-02-19 02:04 . 2009-02-19 02:04 2226 --sh--w C:\AlbumArt_{706731EF-F89C-4F52-BDED-CCE2CC854CC7}_Small.jpg
2009-02-18 18:46 . 2009-02-18 18:46 13586 ----a-w c:\windows\system32\191519orm66z.bin
2009-02-16 07:36 . 2009-02-16 07:36 9490 ----a-w c:\windows\6215sz5rs93150.exe
2009-02-13 03:26 . 2009-02-13 03:26 10020 ----a-w c:\windows\system32\12717hack5oo955z.exe
2009-02-12 20:39 . 2009-02-12 20:39 15652 ----a-w c:\windows\69f2s5e9l2z0.exe
2009-02-12 01:49 . 2009-02-12 01:49 12343 ----a-w c:\windows\system32\5145addwa9e213z.dll
2009-02-10 06:46 . 2009-02-10 06:46 13964 ----a-w c:\windows\3d85t9ief11z.exe
2009-02-09 13:30 . 2009-02-09 13:30 17776 ----a-w c:\windows\system32\274189a5ktooz11f.exe
2009-02-07 02:56 . 2009-02-07 02:56 11025 ----a-w c:\windows\50529pyware230z.dll
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-27 21:39 . 2008-12-27 21:39 16384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-08-22 22:18 . 2008-08-22 22:18 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
2008-12-23 02:10 . 2008-12-23 02:10 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081223\index.dat
2008-12-27 21:39 . 2008-12-27 21:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122720081228\index.dat
2009-01-14 04:07 . 2009-01-14 04:07 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011320090114\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-23 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-04-24 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-04-24 1655552]
"cnfgCav"="c:\program files\Comodo\Comodo AntiVirus\CMain.exe" [2009-04-24 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2009-04-24 17:05 216576 ----a-w c:\windows\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 prupvkua;prupvkua;c:\windows\system32\drivers\sqdemtgi.sys [2009-03-29 25088]
R0 vunl;vunl; [x]
R0 ynovcufi;ynovcufi;c:\windows\system32\drivers\dhglicow.sys [2009-03-29 25088]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 XDva219;XDva219; [x]
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-24 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-24 24208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2005-04-22 92550]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-08-19 21:57]

2009-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{1E818F85-EE84-4DFC-AB9B-445E7F13C0AA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{CD5ECD4B-51F4-4CD8-95B9-6F9B0BBF57B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\CavEmLSP.dll
.

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:50 pm

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-25 13:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\monln.dll

- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\CavEmLSP.dll

- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\COMODO\Common\CAVASpy\cavasm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\COMODO\Comodo AntiVirus\cavse.exe
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\Comodo AntiVirus\cavse.exe
c:\program files\COMODO\Comodo AntiVirus\CavAUD.exe
c:\program files\COMODO\Comodo AntiVirus\CAVSubmit.exe
.
**************************************************************************
.
Completion time: 2009-04-25 13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 17:48

Pre-Run: 35,602,698,240 bytes free
Post-Run: 35,781,844,992 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=2,3,4,5,6
389 --- E O F --- 2009-04-16 17:25

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 25th April 2009, 5:53 pm

i couldnt d/l Microsoft Windows Recovery Console cuz its blocking mircosoft website

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 25th April 2009, 6:24 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
prupvkua
vunl
ynovcufi

File::
c:\windows\21985szy931.exe
c:\windows\system32\9284sp5rse115z.cpl
c:\windows\system32\459szy45d.ocx
c:\windows\system32\5d6dviz591.dll
c:\windows\4c05steal1z49.cpl
c:\windows\system32\8615wz9m4f0.bin
c:\windows\system32\72739orz8f5.ocx
c:\windows\55544wo9mz95.cpl
c:\windows\system32\5ez5t5ief2092.exe
c:\windows\215z59roj572.exe
c:\windows\system32\19359s9y5az.bin
c:\windows\64cebackdoo51933z.dll
c:\windows\system32\17539zackto9l737.dll
c:\windows\5f5evi921z0.ocx
c:\windows\system32\zc93vi59124.exe
c:\windows\57e95aczdoor2470.ocx
c:\windows\system32\5f8zspar9e1558.ocx
c:\windows\system32\498z9ackdo5r1117.cpl
c:\windows\1507spyware9z89.exe
c:\windows\system32\36c6backdooz9566.exe
c:\windows\system32\95espyzare292.ocx
c:\windows\system32\26727no9-a5virus65z.ocx
c:\windows\system32\995ethr5az14511.cpl
c:\windows\system32\2e09downloadz52144.exe
c:\windows\system32\z94vir3589.cpl
c:\windows\system32\z8590troj2dd.ocx
c:\windows\system32\1fz1th9eat106955.ocx
c:\windows\5z56s9yware2995.ocx
c:\windows\5c99thie5157z.cpl
c:\windows\13351zack95ol173.bin
c:\windows\944cdownzoader1567.exe
c:\windows\system32\995spzware1428.exe
c:\windows\3ba2dowzloa9er325.dll
c:\windows\256da9dwaze2942.cpl
c:\windows\system32\3dzdvi92558.bin
c:\windows\system32\2d9zs9ea5195.cpl
c:\windows\5936downloazer1387.dll
c:\windows\system32\21099ha59tooz7de.bin
c:\windows\1a58v9z1951.dll
c:\windows\system32\295915pyz43.exe
c:\windows\system32\28z0159y369.ocx
c:\windows\system32\zc9cst9al12385.exe
c:\windows\system32\z459vir7195.exe
c:\windows\2bfthr9zt27745.cpl
c:\windows\system32\25940spambo9z75.bin
c:\windows\1601z9ot-a-vir5s754.cpl
c:\windows\3953viru9z1f.ocx
c:\windows\system32\25696szam5ot570.bin
c:\windows\system32\3d9dst9zl5514.bin
c:\windows\34z5add9are2752.exe
c:\windows\3149wzrm1d95.exe
c:\windows\system32\5b55addwzre1297.ocx
c:\windows\523e5hreatz0499.dll
c:\windows\z43fbackdoor9550.dll
c:\windows\system32\3005zsp53dc9.exe
c:\windows\z5b9ir1617.cpl
c:\windows\z512spar9e1912.ocx
c:\windows\6529vir3119z.bin
c:\windows\5e0bazkd9or1306.cpl
c:\windows\system32\1c59bazkdoor140.exe
c:\windows\826bazkd9o52378.bin
c:\windows\796zhack5ool1629.dll
c:\windows\system32\z95dthi9f54.ocx
c:\windows\z950s5am9ot40f.exe
c:\windows\system32\169z3n5t-a-virus230.exe
c:\windows\system32\7551thre9t2z476.bin
c:\windows\system32\2559ste9l3265z.dll
c:\windows\15z33ha9ktool75.bin
c:\windows\system32\33zfsp5ware1793.ocx
c:\windows\system32\29403tr5j4z3.bin
c:\windows\z5763vi9us5d2.bin
c:\windows\95977z5y5c.bin
c:\windows\system32\7e70th5ef148z9.ocx
c:\windows\system32\77d8backdo95z26.ocx
c:\windows\2053z9reat5946.ocx
c:\windows\19942sp53a3z.bin
c:\windows\system32\48ddszars59137.ocx
c:\windows\system32\53995pyz09.ocx
c:\windows\23626no9-a-5irus1c2z.bin
c:\windows\149bsp5zare459.bin
c:\windows\1z4ad59are3151.ocx
c:\windows\5ezdthief39845.dll
c:\windows\27282s9am5ot49z.ocx
c:\windows\41z5ba9kdoor635.exe
c:\windows\system32\323589ot-z-virus2f6.ocx
c:\windows\system32\7435spywa5z9821.cpl
c:\windows\system32\15fzsp9rse16145.dll
c:\windows\715zth9ef584.exe
c:\windows\5d5c95r135z.dll
c:\windows\90z3thief9955.bin
c:\windows\system32\8796virzs588.cpl
c:\windows\31399tr5z75.cpl
c:\windows\15665sp91z2.bin
c:\windows\527v9r185z.dll
c:\windows\955sze9l735.ocx
c:\windows\6486backd95rz20.ocx
c:\windows\7zaestea53944.cpl
c:\windows\3ca2stealz5349.ocx
c:\windows\254czhief5935.dll
c:\windows\system32\41579ackdozr2805.exe
c:\windows\36azthrea519987.bin
c:\windows\system32\4846addwar9255z.bin
c:\windows\19557wormz95.ocx
c:\windows\system32\21055troz599.exe
c:\windows\65z7sp9ware2956.bin
c:\windows\system32\5z695r905.ocx
c:\windows\system32\95f5adzware335.bin
c:\windows\system32\1z65859y9e.ocx
c:\windows\system32\95712trojz50.cpl
c:\windows\system32\57219tzoj67a9.cpl
c:\windows\system32\7ez1addwar91056.dll
c:\windows\system32\399ez5r1299.dll
c:\windows\25389vzrus1db.ocx
c:\windows\system32\970z5wo5m54f.bin
c:\windows\system32\9579no9-a-vizus65c.exe
c:\windows\system32\7c5dst9zl2765.cpl
c:\windows\52a2tz9eat22012.exe
c:\windows\185fsparz92298.dll
c:\windows\1z865viru9425.bin
c:\windows\295339roz158.exe
c:\windows\2195zroj6dc.ocx
c:\windows\ff7zd9ware5539.bin
c:\windows\14685sp95bz.dll
c:\windows\4dca5ac9dooz901.cpl
c:\windows\system32\drivers\dhglicow.sys
c:\windows\system32\drivers\sqdemtgi.sys
c:\windows\system32\5a36zddw59e3255.bin
c:\windows\27861tr9j6z5.bin
c:\windows\system32\522doznloader30399.bin
c:\windows\system32\z1169not-a-vi5us3d4.bin
c:\windows\system32\19597worm2bz.exe
c:\windows\system32\66caaddw5re34z9.exe
c:\windows\system32\54d95hief9z15.bin
c:\windows\system32\drivers\scdemu.sys
c:\windows\system32\2ba6downloade9z295.dll
c:\windows\11929zorm5aa5.bin
c:\windows\4c9z5pa9se1285.exe
c:\windows\system32\6edbthrz9t15475.bin
c:\windows\system32\z8951spambot4b.bin
c:\windows\9d76steal250z.bin
c:\windows\z7059pa5bot5a4.exe
c:\windows\system32\26zthreat11954.exe
c:\windows\system32\z20f5ownlo9der2045.exe
c:\windows\system32\6365spyware9061z.bin
c:\windows\system32\6acastealz5759.exe
c:\windows\5z44downloader2196.exe
c:\windows\635d59dzare2498.exe
c:\windows\1bbat5reat9466z.bin
c:\windows\15ed9pywa5z1334.exe
c:\windows\system32\5d34sp59sez330.dll
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
c:\windows\system32\91359acktool608z.exe
c:\windows\system32\269775ro95e3z.exe
c:\windows\system32\z95bvir900.bin
c:\windows\system32\990not-a5virzs359.dll
c:\windows\system32\5a05spazse2009.bin
c:\windows\system32\375fspywa9e1z24.exe
c:\windows\system32\191519orm66z.bin
c:\windows\6215sz5rs93150.exe
c:\windows\system32\12717hack5oo955z.exe
c:\windows\69f2s5e9l2z0.exe
c:\windows\system32\5145addwa9e213z.dll
c:\windows\3d85t9ief11z.exe
c:\windows\system32\274189a5ktooz11f.exe
c:\windows\50529pyware230z.dll

Folder::
c:\program files\LimeWire
c:\Program Files\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 3:14 pm

with many attempts i cant do it. everytime it progress i get that (blue screen of death) that is dumping physical memory. I fear i have to format my hard drive Sad tearing

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 3:55 pm

Lets try this.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    prupvkua
    vunl
    ynovcufi

    :files
    c:\windows\21985szy931.exe
    c:\windows\system32\9284sp5rse115z.cpl
    c:\windows\system32\459szy45d.ocx
    c:\windows\system32\5d6dviz591.dll
    c:\windows\4c05steal1z49.cpl
    c:\windows\system32\8615wz9m4f0.bin
    c:\windows\system32\72739orz8f5.ocx
    c:\windows\55544wo9mz95.cpl
    c:\windows\system32\5ez5t5ief2092.exe
    c:\windows\215z59roj572.exe
    c:\windows\system32\19359s9y5az.bin
    c:\windows\64cebackdoo51933z.dll
    c:\windows\system32\17539zackto9l737.dll
    c:\windows\5f5evi921z0.ocx
    c:\windows\system32\zc93vi59124.exe
    c:\windows\57e95aczdoor2470.ocx
    c:\windows\system32\5f8zspar9e1558.ocx
    c:\windows\system32\498z9ackdo5r1117.cpl
    c:\windows\1507spyware9z89.exe
    c:\windows\system32\36c6backdooz9566.exe
    c:\windows\system32\95espyzare292.ocx
    c:\windows\system32\26727no9-a5virus65z.ocx
    c:\windows\system32\995ethr5az14511.cpl
    c:\windows\system32\2e09downloadz52144.exe
    c:\windows\system32\z94vir3589.cpl
    c:\windows\system32\z8590troj2dd.ocx
    c:\windows\system32\1fz1th9eat106955.ocx
    c:\windows\5z56s9yware2995.ocx
    c:\windows\5c99thie5157z.cpl
    c:\windows\13351zack95ol173.bin
    c:\windows\944cdownzoader1567.exe
    c:\windows\system32\995spzware1428.exe
    c:\windows\3ba2dowzloa9er325.dll
    c:\windows\256da9dwaze2942.cpl
    c:\windows\system32\3dzdvi92558.bin
    c:\windows\system32\2d9zs9ea5195.cpl
    c:\windows\5936downloazer1387.dll
    c:\windows\system32\21099ha59tooz7de.bin
    c:\windows\1a58v9z1951.dll
    c:\windows\system32\295915pyz43.exe
    c:\windows\system32\28z0159y369.ocx
    c:\windows\system32\zc9cst9al12385.exe
    c:\windows\system32\z459vir7195.exe
    c:\windows\2bfthr9zt27745.cpl
    c:\windows\system32\25940spambo9z75.bin
    c:\windows\1601z9ot-a-vir5s754.cpl
    c:\windows\3953viru9z1f.ocx
    c:\windows\system32\25696szam5ot570.bin
    c:\windows\system32\3d9dst9zl5514.bin
    c:\windows\34z5add9are2752.exe
    c:\windows\3149wzrm1d95.exe
    c:\windows\system32\5b55addwzre1297.ocx
    c:\windows\523e5hreatz0499.dll
    c:\windows\z43fbackdoor9550.dll
    c:\windows\system32\3005zsp53dc9.exe
    c:\windows\z5b9ir1617.cpl
    c:\windows\z512spar9e1912.ocx
    c:\windows\6529vir3119z.bin
    c:\windows\5e0bazkd9or1306.cpl
    c:\windows\system32\1c59bazkdoor140.exe
    c:\windows\826bazkd9o52378.bin
    c:\windows\796zhack5ool1629.dll
    c:\windows\system32\z95dthi9f54.ocx
    c:\windows\z950s5am9ot40f.exe
    c:\windows\system32\169z3n5t-a-virus230.exe
    c:\windows\system32\7551thre9t2z476.bin
    c:\windows\system32\2559ste9l3265z.dll
    c:\windows\15z33ha9ktool75.bin
    c:\windows\system32\33zfsp5ware1793.ocx
    c:\windows\system32\29403tr5j4z3.bin
    c:\windows\z5763vi9us5d2.bin
    c:\windows\95977z5y5c.bin
    c:\windows\system32\7e70th5ef148z9.ocx
    c:\windows\system32\77d8backdo95z26.ocx
    c:\windows\2053z9reat5946.ocx
    c:\windows\19942sp53a3z.bin
    c:\windows\system32\48ddszars59137.ocx
    c:\windows\system32\53995pyz09.ocx
    c:\windows\23626no9-a-5irus1c2z.bin
    c:\windows\149bsp5zare459.bin
    c:\windows\1z4ad59are3151.ocx
    c:\windows\5ezdthief39845.dll
    c:\windows\27282s9am5ot49z.ocx
    c:\windows\41z5ba9kdoor635.exe
    c:\windows\system32\323589ot-z-virus2f6.ocx
    c:\windows\system32\7435spywa5z9821.cpl
    c:\windows\system32\15fzsp9rse16145.dll
    c:\windows\715zth9ef584.exe
    c:\windows\5d5c95r135z.dll
    c:\windows\90z3thief9955.bin
    c:\windows\system32\8796virzs588.cpl
    c:\windows\31399tr5z75.cpl
    c:\windows\15665sp91z2.bin
    c:\windows\527v9r185z.dll
    c:\windows\955sze9l735.ocx
    c:\windows\6486backd95rz20.ocx
    c:\windows\7zaestea53944.cpl
    c:\windows\3ca2stealz5349.ocx
    c:\windows\254czhief5935.dll
    c:\windows\system32\41579ackdozr2805.exe
    c:\windows\36azthrea519987.bin
    c:\windows\system32\4846addwar9255z.bin
    c:\windows\19557wormz95.ocx
    c:\windows\system32\21055troz599.exe
    c:\windows\65z7sp9ware2956.bin
    c:\windows\system32\5z695r905.ocx
    c:\windows\system32\95f5adzware335.bin
    c:\windows\system32\1z65859y9e.ocx
    c:\windows\system32\95712trojz50.cpl
    c:\windows\system32\57219tzoj67a9.cpl
    c:\windows\system32\7ez1addwar91056.dll
    c:\windows\system32\399ez5r1299.dll
    c:\windows\25389vzrus1db.ocx
    c:\windows\system32\970z5wo5m54f.bin
    c:\windows\system32\9579no9-a-vizus65c.exe
    c:\windows\system32\7c5dst9zl2765.cpl
    c:\windows\52a2tz9eat22012.exe
    c:\windows\185fsparz92298.dll
    c:\windows\1z865viru9425.bin
    c:\windows\295339roz158.exe
    c:\windows\2195zroj6dc.ocx
    c:\windows\ff7zd9ware5539.bin
    c:\windows\14685sp95bz.dll
    c:\windows\4dca5ac9dooz901.cpl
    c:\windows\system32\drivers\dhglicow.sys
    c:\windows\system32\drivers\sqdemtgi.sys
    c:\windows\system32\5a36zddw59e3255.bin
    c:\windows\27861tr9j6z5.bin
    c:\windows\system32\522doznloader30399.bin
    c:\windows\system32\z1169not-a-vi5us3d4.bin
    c:\windows\system32\19597worm2bz.exe
    c:\windows\system32\66caaddw5re34z9.exe
    c:\windows\system32\54d95hief9z15.bin
    c:\windows\system32\drivers\scdemu.sys
    c:\windows\system32\2ba6downloade9z295.dll
    c:\windows\11929zorm5aa5.bin
    c:\windows\4c9z5pa9se1285.exe
    c:\windows\system32\6edbthrz9t15475.bin
    c:\windows\system32\z8951spambot4b.bin
    c:\windows\9d76steal250z.bin
    c:\windows\z7059pa5bot5a4.exe
    c:\windows\system32\26zthreat11954.exe
    c:\windows\system32\z20f5ownlo9der2045.exe
    c:\windows\system32\6365spyware9061z.bin
    c:\windows\system32\6acastealz5759.exe
    c:\windows\5z44downloader2196.exe
    c:\windows\635d59dzare2498.exe
    c:\windows\1bbat5reat9466z.bin
    c:\windows\15ed9pywa5z1334.exe
    c:\windows\system32\5d34sp59sez330.dll
    C:\sqmdata01.sqm
    C:\sqmnoopt01.sqm
    c:\windows\system32\91359acktool608z.exe
    c:\windows\system32\269775ro95e3z.exe
    c:\windows\system32\z95bvir900.bin
    c:\windows\system32\990not-a5virzs359.dll
    c:\windows\system32\5a05spazse2009.bin
    c:\windows\system32\375fspywa9e1z24.exe
    c:\windows\system32\191519orm66z.bin
    c:\windows\6215sz5rs93150.exe
    c:\windows\system32\12717hack5oo955z.exe
    c:\windows\69f2s5e9l2z0.exe
    c:\windows\system32\5145addwa9e213z.dll
    c:\windows\3d85t9ief11z.exe
    c:\windows\system32\274189a5ktooz11f.exe
    c:\windows\50529pyware230z.dll
    c:\program files\LimeWire
    c:\Program Files\uTorrent


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 5:37 pm

========== SERVICES/DRIVERS ==========

Service\Driver prupvkua deleted successfully.

Service\Driver vunl deleted successfully.

Service\Driver ynovcufi deleted successfully.
========== FILES ==========
c:\windows\21985szy931.exe moved successfully.
c:\windows\system32\9284sp5rse115z.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\459szy45d.ocx
c:\windows\system32\459szy45d.ocx NOT unregistered.
c:\windows\system32\459szy45d.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\5d6dviz591.dll
c:\windows\system32\5d6dviz591.dll NOT unregistered.
c:\windows\system32\5d6dviz591.dll moved successfully.
c:\windows\4c05steal1z49.cpl moved successfully.
c:\windows\system32\8615wz9m4f0.bin moved successfully.
LoadLibrary failed for c:\windows\system32\72739orz8f5.ocx
c:\windows\system32\72739orz8f5.ocx NOT unregistered.
c:\windows\system32\72739orz8f5.ocx moved successfully.
c:\windows\55544wo9mz95.cpl moved successfully.
c:\windows\system32\5ez5t5ief2092.exe moved successfully.
c:\windows\215z59roj572.exe moved successfully.
c:\windows\system32\19359s9y5az.bin moved successfully.
LoadLibrary failed for c:\windows\64cebackdoo51933z.dll
c:\windows\64cebackdoo51933z.dll NOT unregistered.
c:\windows\64cebackdoo51933z.dll moved successfully.
LoadLibrary failed for c:\windows\system32\17539zackto9l737.dll
c:\windows\system32\17539zackto9l737.dll NOT unregistered.
c:\windows\system32\17539zackto9l737.dll moved successfully.
LoadLibrary failed for c:\windows\5f5evi921z0.ocx
c:\windows\5f5evi921z0.ocx NOT unregistered.
c:\windows\5f5evi921z0.ocx moved successfully.
c:\windows\system32\zc93vi59124.exe moved successfully.
LoadLibrary failed for c:\windows\57e95aczdoor2470.ocx
c:\windows\57e95aczdoor2470.ocx NOT unregistered.
c:\windows\57e95aczdoor2470.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\5f8zspar9e1558.ocx
c:\windows\system32\5f8zspar9e1558.ocx NOT unregistered.
c:\windows\system32\5f8zspar9e1558.ocx moved successfully.
c:\windows\system32\498z9ackdo5r1117.cpl moved successfully.
c:\windows\1507spyware9z89.exe moved successfully.
c:\windows\system32\36c6backdooz9566.exe moved successfully.
LoadLibrary failed for c:\windows\system32\95espyzare292.ocx
c:\windows\system32\95espyzare292.ocx NOT unregistered.
c:\windows\system32\95espyzare292.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\26727no9-a5virus65z.ocx
c:\windows\system32\26727no9-a5virus65z.ocx NOT unregistered.
c:\windows\system32\26727no9-a5virus65z.ocx moved successfully.
c:\windows\system32\995ethr5az14511.cpl moved successfully.
c:\windows\system32\2e09downloadz52144.exe moved successfully.
c:\windows\system32\z94vir3589.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\z8590troj2dd.ocx
c:\windows\system32\z8590troj2dd.ocx NOT unregistered.
c:\windows\system32\z8590troj2dd.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\1fz1th9eat106955.ocx
c:\windows\system32\1fz1th9eat106955.ocx NOT unregistered.
c:\windows\system32\1fz1th9eat106955.ocx moved successfully.
LoadLibrary failed for c:\windows\5z56s9yware2995.ocx
c:\windows\5z56s9yware2995.ocx NOT unregistered.
c:\windows\5z56s9yware2995.ocx moved successfully.
c:\windows\5c99thie5157z.cpl moved successfully.
c:\windows\13351zack95ol173.bin moved successfully.
c:\windows\944cdownzoader1567.exe moved successfully.
c:\windows\system32\995spzware1428.exe moved successfully.
LoadLibrary failed for c:\windows\3ba2dowzloa9er325.dll
c:\windows\3ba2dowzloa9er325.dll NOT unregistered.
c:\windows\3ba2dowzloa9er325.dll moved successfully.
c:\windows\256da9dwaze2942.cpl moved successfully.
c:\windows\system32\3dzdvi92558.bin moved successfully.
c:\windows\system32\2d9zs9ea5195.cpl moved successfully.
LoadLibrary failed for c:\windows\5936downloazer1387.dll
c:\windows\5936downloazer1387.dll NOT unregistered.
c:\windows\5936downloazer1387.dll moved successfully.
c:\windows\system32\21099ha59tooz7de.bin moved successfully.
LoadLibrary failed for c:\windows\1a58v9z1951.dll
c:\windows\1a58v9z1951.dll NOT unregistered.
c:\windows\1a58v9z1951.dll moved successfully.
c:\windows\system32\295915pyz43.exe moved successfully.
LoadLibrary failed for c:\windows\system32\28z0159y369.ocx
c:\windows\system32\28z0159y369.ocx NOT unregistered.
c:\windows\system32\28z0159y369.ocx moved successfully.
c:\windows\system32\zc9cst9al12385.exe moved successfully.
c:\windows\system32\z459vir7195.exe moved successfully.
c:\windows\2bfthr9zt27745.cpl moved successfully.
c:\windows\system32\25940spambo9z75.bin moved successfully.
c:\windows\1601z9ot-a-vir5s754.cpl moved successfully.
LoadLibrary failed for c:\windows\3953viru9z1f.ocx
c:\windows\3953viru9z1f.ocx NOT unregistered.
c:\windows\3953viru9z1f.ocx moved successfully.
c:\windows\system32\25696szam5ot570.bin moved successfully.
c:\windows\system32\3d9dst9zl5514.bin moved successfully.
c:\windows\34z5add9are2752.exe moved successfully.
c:\windows\3149wzrm1d95.exe moved successfully.
LoadLibrary failed for c:\windows\system32\5b55addwzre1297.ocx
c:\windows\system32\5b55addwzre1297.ocx NOT unregistered.
c:\windows\system32\5b55addwzre1297.ocx moved successfully.
LoadLibrary failed for c:\windows\523e5hreatz0499.dll
c:\windows\523e5hreatz0499.dll NOT unregistered.
c:\windows\523e5hreatz0499.dll moved successfully.
LoadLibrary failed for c:\windows\z43fbackdoor9550.dll
c:\windows\z43fbackdoor9550.dll NOT unregistered.
c:\windows\z43fbackdoor9550.dll moved successfully.
c:\windows\system32\3005zsp53dc9.exe moved successfully.
c:\windows\z5b9ir1617.cpl moved successfully.
LoadLibrary failed for c:\windows\z512spar9e1912.ocx
c:\windows\z512spar9e1912.ocx NOT unregistered.
c:\windows\z512spar9e1912.ocx moved successfully.
c:\windows\6529vir3119z.bin moved successfully.
c:\windows\5e0bazkd9or1306.cpl moved successfully.
c:\windows\system32\1c59bazkdoor140.exe moved successfully.
c:\windows\826bazkd9o52378.bin moved successfully.
LoadLibrary failed for c:\windows\796zhack5ool1629.dll
c:\windows\796zhack5ool1629.dll NOT unregistered.
c:\windows\796zhack5ool1629.dll moved successfully.
LoadLibrary failed for c:\windows\system32\z95dthi9f54.ocx
c:\windows\system32\z95dthi9f54.ocx NOT unregistered.
c:\windows\system32\z95dthi9f54.ocx moved successfully.
c:\windows\z950s5am9ot40f.exe moved successfully.

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 5:38 pm

c:\windows\system32\169z3n5t-a-virus230.exe moved successfully.
c:\windows\system32\7551thre9t2z476.bin moved successfully.
LoadLibrary failed for c:\windows\system32\2559ste9l3265z.dll
c:\windows\system32\2559ste9l3265z.dll NOT unregistered.
c:\windows\system32\2559ste9l3265z.dll moved successfully.
c:\windows\15z33ha9ktool75.bin moved successfully.
LoadLibrary failed for c:\windows\system32\33zfsp5ware1793.ocx
c:\windows\system32\33zfsp5ware1793.ocx NOT unregistered.
c:\windows\system32\33zfsp5ware1793.ocx moved successfully.
c:\windows\system32\29403tr5j4z3.bin moved successfully.
c:\windows\z5763vi9us5d2.bin moved successfully.
c:\windows\95977z5y5c.bin moved successfully.
LoadLibrary failed for c:\windows\system32\7e70th5ef148z9.ocx
c:\windows\system32\7e70th5ef148z9.ocx NOT unregistered.
c:\windows\system32\7e70th5ef148z9.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\77d8backdo95z26.ocx
c:\windows\system32\77d8backdo95z26.ocx NOT unregistered.
c:\windows\system32\77d8backdo95z26.ocx moved successfully.
LoadLibrary failed for c:\windows\2053z9reat5946.ocx
c:\windows\2053z9reat5946.ocx NOT unregistered.
c:\windows\2053z9reat5946.ocx moved successfully.
c:\windows\19942sp53a3z.bin moved successfully.
LoadLibrary failed for c:\windows\system32\48ddszars59137.ocx
c:\windows\system32\48ddszars59137.ocx NOT unregistered.
c:\windows\system32\48ddszars59137.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\53995pyz09.ocx
c:\windows\system32\53995pyz09.ocx NOT unregistered.
c:\windows\system32\53995pyz09.ocx moved successfully.
c:\windows\23626no9-a-5irus1c2z.bin moved successfully.
c:\windows\149bsp5zare459.bin moved successfully.
LoadLibrary failed for c:\windows\1z4ad59are3151.ocx
c:\windows\1z4ad59are3151.ocx NOT unregistered.
c:\windows\1z4ad59are3151.ocx moved successfully.
LoadLibrary failed for c:\windows\5ezdthief39845.dll
c:\windows\5ezdthief39845.dll NOT unregistered.
c:\windows\5ezdthief39845.dll moved successfully.
LoadLibrary failed for c:\windows\27282s9am5ot49z.ocx
c:\windows\27282s9am5ot49z.ocx NOT unregistered.
c:\windows\27282s9am5ot49z.ocx moved successfully.
c:\windows\41z5ba9kdoor635.exe moved successfully.
LoadLibrary failed for c:\windows\system32\323589ot-z-virus2f6.ocx
c:\windows\system32\323589ot-z-virus2f6.ocx NOT unregistered.
c:\windows\system32\323589ot-z-virus2f6.ocx moved successfully.
c:\windows\system32\7435spywa5z9821.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\15fzsp9rse16145.dll
c:\windows\system32\15fzsp9rse16145.dll NOT unregistered.
c:\windows\system32\15fzsp9rse16145.dll moved successfully.
c:\windows\715zth9ef584.exe moved successfully.
LoadLibrary failed for c:\windows\5d5c95r135z.dll
c:\windows\5d5c95r135z.dll NOT unregistered.
c:\windows\5d5c95r135z.dll moved successfully.
c:\windows\90z3thief9955.bin moved successfully.
c:\windows\system32\8796virzs588.cpl moved successfully.
c:\windows\31399tr5z75.cpl moved successfully.
c:\windows\15665sp91z2.bin moved successfully.
LoadLibrary failed for c:\windows\527v9r185z.dll
c:\windows\527v9r185z.dll NOT unregistered.
c:\windows\527v9r185z.dll moved successfully.
LoadLibrary failed for c:\windows\955sze9l735.ocx
c:\windows\955sze9l735.ocx NOT unregistered.
c:\windows\955sze9l735.ocx moved successfully.
LoadLibrary failed for c:\windows\6486backd95rz20.ocx
c:\windows\6486backd95rz20.ocx NOT unregistered.
c:\windows\6486backd95rz20.ocx moved successfully.
c:\windows\7zaestea53944.cpl moved successfully.
LoadLibrary failed for c:\windows\3ca2stealz5349.ocx
c:\windows\3ca2stealz5349.ocx NOT unregistered.
c:\windows\3ca2stealz5349.ocx moved successfully.
LoadLibrary failed for c:\windows\254czhief5935.dll
c:\windows\254czhief5935.dll NOT unregistered.
c:\windows\254czhief5935.dll moved successfully.
c:\windows\system32\41579ackdozr2805.exe moved successfully.
c:\windows\36azthrea519987.bin moved successfully.
c:\windows\system32\4846addwar9255z.bin moved successfully.
LoadLibrary failed for c:\windows\19557wormz95.ocx
c:\windows\19557wormz95.ocx NOT unregistered.
c:\windows\19557wormz95.ocx moved successfully.
c:\windows\system32\21055troz599.exe moved successfully.
c:\windows\65z7sp9ware2956.bin moved successfully.
LoadLibrary failed for c:\windows\system32\5z695r905.ocx
c:\windows\system32\5z695r905.ocx NOT unregistered.
c:\windows\system32\5z695r905.ocx moved successfully.
c:\windows\system32\95f5adzware335.bin moved successfully.
LoadLibrary failed for c:\windows\system32\1z65859y9e.ocx
c:\windows\system32\1z65859y9e.ocx NOT unregistered.
c:\windows\system32\1z65859y9e.ocx moved successfully.
c:\windows\system32\95712trojz50.cpl moved successfully.
c:\windows\system32\57219tzoj67a9.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\7ez1addwar91056.dll
c:\windows\system32\7ez1addwar91056.dll NOT unregistered.
c:\windows\system32\7ez1addwar91056.dll moved successfully.
LoadLibrary failed for c:\windows\system32\399ez5r1299.dll
c:\windows\system32\399ez5r1299.dll NOT unregistered.
c:\windows\system32\399ez5r1299.dll moved successfully.
LoadLibrary failed for c:\windows\25389vzrus1db.ocx
c:\windows\25389vzrus1db.ocx NOT unregistered.
c:\windows\25389vzrus1db.ocx moved successfully.
c:\windows\system32\970z5wo5m54f.bin moved successfully.
c:\windows\system32\9579no9-a-vizus65c.exe moved successfully.
c:\windows\system32\7c5dst9zl2765.cpl moved successfully.
c:\windows\52a2tz9eat22012.exe moved successfully.
LoadLibrary failed for c:\windows\185fsparz92298.dll
c:\windows\185fsparz92298.dll NOT unregistered.
c:\windows\185fsparz92298.dll moved successfully.
c:\windows\1z865viru9425.bin moved successfully.
c:\windows\295339roz158.exe moved successfully.
LoadLibrary failed for c:\windows\2195zroj6dc.ocx
c:\windows\2195zroj6dc.ocx NOT unregistered.
c:\windows\2195zroj6dc.ocx moved successfully.
c:\windows\ff7zd9ware5539.bin moved successfully.
LoadLibrary failed for c:\windows\14685sp95bz.dll
c:\windows\14685sp95bz.dll NOT unregistered.
c:\windows\14685sp95bz.dll moved successfully.
c:\windows\4dca5ac9dooz901.cpl moved successfully.
c:\windows\system32\drivers\dhglicow.sys moved successfully.
c:\windows\system32\drivers\sqdemtgi.sys moved successfully.
c:\windows\system32\5a36zddw59e3255.bin moved successfully.
c:\windows\27861tr9j6z5.bin moved successfully.
c:\windows\system32\522doznloader30399.bin moved successfully.
c:\windows\system32\z1169not-a-vi5us3d4.bin moved successfully.
c:\windows\system32\19597worm2bz.exe moved successfully.
c:\windows\system32\66caaddw5re34z9.exe moved successfully.
c:\windows\system32\54d95hief9z15.bin moved successfully.
c:\windows\system32\drivers\scdemu.sys moved successfully.
LoadLibrary failed for c:\windows\system32\2ba6downloade9z295.dll
c:\windows\system32\2ba6downloade9z295.dll NOT unregistered.
c:\windows\system32\2ba6downloade9z295.dll moved successfully.
c:\windows\11929zorm5aa5.bin moved successfully.
c:\windows\4c9z5pa9se1285.exe moved successfully.
c:\windows\system32\6edbthrz9t15475.bin moved successfully.
c:\windows\system32\z8951spambot4b.bin moved successfully.
c:\windows\9d76steal250z.bin moved successfully.
c:\windows\z7059pa5bot5a4.exe moved successfully.
c:\windows\system32\26zthreat11954.exe moved successfully.
c:\windows\system32\z20f5ownlo9der2045.exe moved successfully.
c:\windows\system32\6365spyware9061z.bin moved successfully.
c:\windows\system32\6acastealz5759.exe moved successfully.
c:\windows\5z44downloader2196.exe moved successfully.
c:\windows\635d59dzare2498.exe moved successfully.
c:\windows\1bbat5reat9466z.bin moved successfully.
c:\windows\15ed9pywa5z1334.exe moved successfully.
LoadLibrary failed for c:\windows\system32\5d34sp59sez330.dll
c:\windows\system32\5d34sp59sez330.dll NOT unregistered.
c:\windows\system32\5d34sp59sez330.dll moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
c:\windows\system32\91359acktool608z.exe moved successfully.
c:\windows\system32\269775ro95e3z.exe moved successfully.
c:\windows\system32\z95bvir900.bin moved successfully.
LoadLibrary failed for c:\windows\system32\990not-a5virzs359.dll
c:\windows\system32\990not-a5virzs359.dll NOT unregistered.
c:\windows\system32\990not-a5virzs359.dll moved successfully.
c:\windows\system32\5a05spazse2009.bin moved successfully.
c:\windows\system32\375fspywa9e1z24.exe moved successfully.
c:\windows\system32\191519orm66z.bin moved successfully.
c:\windows\6215sz5rs93150.exe moved successfully.
c:\windows\system32\12717hack5oo955z.exe moved successfully.
c:\windows\69f2s5e9l2z0.exe moved successfully.
LoadLibrary failed for c:\windows\system32\5145addwa9e213z.dll
c:\windows\system32\5145addwa9e213z.dll NOT unregistered.
c:\windows\system32\5145addwa9e213z.dll moved successfully.
c:\windows\3d85t9ief11z.exe moved successfully.
c:\windows\system32\274189a5ktooz11f.exe moved successfully.
LoadLibrary failed for c:\windows\50529pyware230z.dll
c:\windows\50529pyware230z.dll NOT unregistered.
c:\windows\50529pyware230z.dll moved successfully.
c:\program files\LimeWire\root\magnet10 moved successfully.
c:\program files\LimeWire\root moved successfully.
c:\program files\LimeWire\lib moved successfully.
c:\program files\LimeWire\.NetworkShare moved successfully.
c:\program files\LimeWire moved successfully.
c:\Program Files\uTorrent moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04262009_133210

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 6:03 pm

Okay, now re-run DDS and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 6:06 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Admin at 14:05:11.03 on Sun 04/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.162 [GMT -4:00]

FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\CavEmLSP.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - [You must be registered and logged in to see this link.]
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - [You must be registered and logged in to see this link.]
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - [You must be registered and logged in to see this link.]
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - [You must be registered and logged in to see this link.]
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - [You must be registered and logged in to see this link.]
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - [You must be registered and logged in to see this link.]
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - [You must be registered and logged in to see this link.]
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - [You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 6:06 pm

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-24 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-24 24208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2009-4-24 519936]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2005-4-21 92550]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 XDva219;XDva219; [x]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-29 33176]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-2 24652]

=============== Created Last 30 ================

2009-04-26 13:32 --d----- C:\_OTMoveIt
2009-04-26 11:35 5,560,030 a------- C:\flawlesstracks+aceofclubsfreebeat.mp3
2009-04-26 11:32 10,071,984 a------- C:\flawlessrnb+simplerb.mp3
2009-04-26 11:03 388,608 a------- c:\windows\system32\cmd.execf
2009-04-26 05:34 15,821 a------- c:\windows\z9870troj595.ocx
2009-04-25 19:00 --d----- C:\ComboFix
2009-04-25 19:00 388,608 a------- c:\windows\system32\CF6199.exe
2009-04-25 14:52 388,608 a------- c:\windows\system32\CF23120.exe
2009-04-25 13:25 161,792 a------- c:\windows\SWREG.exe
2009-04-25 13:25 98,816 a------- c:\windows\sed.exe
2009-04-25 13:22 3,005,109 a----r-- C:\ComboFix.exe
2009-04-24 20:32 5,967,499 a------- C:\Kanye West feat. Young Jeezy - Amazing.mp3
2009-04-24 19:06 --d----- c:\docume~1\admin\applic~1\LimeWire
2009-04-24 16:49 7,694,592 a------- C:\Thisis50.com-Eminem - 3 A.M..mp3
2009-04-24 14:25 9,004 a------- c:\windows\5b7as9arse190z5.bin
2009-04-24 13:06 73,728 a------- c:\windows\system32\CavEmLSP.dll
2009-04-24 13:05 434,252 a------- c:\windows\system32\MSVCRTD.DLL
2009-04-24 13:05 216,576 a------- c:\windows\system32\monln.dll
2009-04-24 10:54 249,592 a------- c:\windows\system32\cssdll32.dll
2009-04-24 10:53 --d----- c:\docume~1\admin\applic~1\Comodo
2009-04-24 10:53 143,104 a------- c:\windows\system32\guard32.dll
2009-04-24 10:53 87,056 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-24 10:53 24,208 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-24 10:53 --d----- c:\docume~1\alluse~1\applic~1\comodo
2009-04-24 10:53 --d----- c:\program files\COMODO
2009-04-24 10:46 5,115 a------- c:\windows\system32\38e5vi91318z.exe
2009-04-24 01:15 6,182,998 a------- C:\readyrockproductions+kanyewestfkidcudilonelyfreedownload.mp3
2009-04-22 16:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-22 16:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 16:10 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-22 15:52 107 a------- c:\windows\WININIT.INI
2009-04-21 22:12 3,287 a------- c:\windows\system32\598ethzef3102.cpl
2009-04-21 16:51 7,149,610 a------- C:\Lost In The Crowd (Prod. By Sinima).mp3
2009-04-20 21:20 7,405,319 a------- C:\thepuzzleproductions+feelinmyselfthecarter2freedl.mp3
2009-04-20 21:10 3,230,116 a------- C:\flawlesstracks+justmusicfreebeat.mp3
2009-04-20 16:39 3,852 a------- c:\windows\52z4t5rea924573.exe
2009-04-20 14:37 --d----- c:\program files\Driver Magician Lite
2009-04-20 05:37 11,833 a------- c:\windows\2z107ha5ktoo96e.cpl
2009-04-20 00:16 9,273 a------- c:\windows\system32\580dzw9loader2558.ocx
2009-04-19 21:24 --d----- c:\program files\Marcos Velasco Security
2009-04-19 21:02 --d----- c:\docume~1\admin\applic~1\Uniblue
2009-04-19 20:02 --d----- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2009-04-19 11:17 --d----- C:\The Inner City V3
2009-04-19 11:11 --d----- c:\documents and settings\admin\Tracing
2009-04-19 03:17 15,277 a------- c:\windows\system32\3bbd5wnlo9der141z.ocx
2009-04-18 22:12 --d----- c:\docume~1\admin\applic~1\uTorrent
2009-04-18 22:09 --dsh--- c:\documents and settings\admin\IETldCache
2009-04-18 22:03 --dsh--- c:\documents and settings\admin\IECompatCache
2009-04-18 22:02 --dsh--- c:\documents and settings\admin\PrivacIE
2009-04-18 22:00 --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-04-18 21:55 --d----- c:\documents and settings\Admin
2009-04-18 16:02 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-18 10:01 6,461 a------- c:\windows\20282not-a5ziru956a.cpl
2009-04-18 09:13 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-18 09:05 2,979 a------- c:\windows\system32\28753wor97z0.ocx
2009-04-18 02:22 --d----- c:\program files\SUPERAntiSpyware
2009-04-18 02:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-17 20:52 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
2009-04-17 20:51 37,888 ac------ c:\windows\system32\dllcache\md5filt.dll
2009-04-17 20:50 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-04-17 20:49 598,071 ac------ c:\windows\system32\dllcache\fpmmc.dll
2009-04-17 20:46 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-17 20:46 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-17 20:45 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-17 20:29 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-04-17 16:08 --d----- c:\windows\dell
2009-04-17 16:08 536,162,304 a------- c:\windows\MEMORY.DMP
2009-04-17 15:49 3,011 a------- c:\windows\4de5spyzare1589.exe
2009-04-17 13:02 15,681 a------- c:\windows\system32\3f009hreatz1540.cpl
2009-04-14 08:32 12,739 a------- c:\windows\system32\3b75ba9kzoor1541.cpl
2009-04-12 02:44 10,297 a------- c:\windows\system32\242th5ef279z.ocx
2009-04-09 17:14 3,307 a------- c:\windows\system32\9e0cad5ware1z6.dll
2009-04-08 09:18 13,491 a------- c:\windows\system32\168edo9n5oader2431z.ocx
2009-04-07 21:59 5,880 a------- c:\windows\system32\29548wormzad.bin
2009-04-06 22:35 16,678 a------- c:\windows\system32\109abackdoo52576z.bin
2009-04-06 01:43 15,406 a------- c:\windows\system32\17717vi95z671.bin
2009-04-05 03:08 10,753 a------- c:\windows\3a9dspzr5e2999.bin
2009-04-04 17:38 9,271 a------- c:\windows\9955wzrm27c9.ocx
2009-04-04 14:58 13,920 a------- c:\windows\system32\5ef5thze9t8444.dll
2009-04-03 15:02 4,765 a------- c:\windows\system32\6069st5az2302.dll
2009-04-03 12:03 9,597 a------- c:\windows\z0899w5rm58d.bin
2009-04-02 18:00 --d----- c:\program files\common files\DivX Shared
2009-03-30 22:32 8,985 ---sh--- C:\AlbumArt_{1956C33A-1D27-4A4F-BB0B-31EFC5D3DDE8}_Large.jpg
2009-03-30 22:32 2,679 ---sh--- C:\AlbumArt_{1956C33A-1D27-4A4F-BB0B-31EFC5D3DDE8}_Small.jpg
2009-03-30 15:17 87,472 a------- c:\windows\system32\ijjiChannelingPlugin.dll
2009-03-29 13:31 --d----- C:\d846a9b8cd6581d07b
2009-03-29 13:31 --d----- c:\program files\common files\Software Update Utility
2009-03-29 13:27 --d-h--- c:\windows\msdownld.tmp
2009-03-28 14:24 --d----- c:\windows\ie8updates
2009-03-28 14:03 -cd-h--- c:\windows\ie8
2009-03-28 01:49 6,447 a------- c:\windows\4d55spzware2689.exe
2009-03-27 22:25 16,454 a------- c:\windows\5az6backdoo9452.exe

==================== Find3M ====================

2009-04-24 13:05 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-24 13:05 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 13:05 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-18 12:02 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-18 02:09 1,097,216 a------- c:\windows\system32\setup2.exe
2009-04-17 20:36 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-03-27 05:25 9,078 a------- c:\windows\system32\32076v5ru9z22.exe
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 15:23 12,336 a------- c:\windows\system32\325289pambzt796.bin
2009-02-06 15:11 8,337 a------- c:\windows\5z60backd9or2954.dll
2009-02-06 14:27 3,035 a------- c:\windows\7zafs5yware6039.bin
2009-01-27 07:59 9,819 a------- c:\windows\2311ztro51709.dll
2009-01-27 00:06 10,746 a------- c:\windows\system32\3e475a9zdoor1747.bin
2008-12-27 17:39 16,384 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-08-22 18:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat
2008-12-22 22:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat
2008-12-27 17:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122720081228\index.dat
2009-01-14 00:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011320090114\index.dat

============= FINISH: 14:05:58.17 ===============

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 6:10 pm

Hello.
One more script to run.

  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\flawlesstracks+aceofclubsfreebeat.mp3
    C:\flawlessrnb+simplerb.mp3
    c:\windows\z9870troj595.ocx
    C:\Kanye West feat. Young Jeezy - Amazing.mp3
    c:\docume~1\admin\applic~1\LimeWire
    C:\Thisis50.com-Eminem - 3 A.M..mp3
    c:\windows\5b7as9arse190z5.bin
    c:\windows\system32\38e5vi91318z.exe
    C:\readyrockproductions+kanyewestfkidcudilonelyfreedownload.mp3
    C:\Lost In The Crowd (Prod. By Sinima).mp3
    c:\windows\system32\598ethzef3102.cpl
    C:\thepuzzleproductions+feelinmyselfthecarter2freedl.mp3
    C:\flawlesstracks+justmusicfreebeat.mp3
    c:\windows\52z4t5rea924573.exe
    c:\windows\2z107ha5ktoo96e.cpl
    c:\windows\system32\580dzw9loader2558.ocx
    c:\windows\system32\3bbd5wnlo9der141z.ocx
    c:\docume~1\admin\applic~1\uTorrent
    c:\windows\20282not-a5ziru956a.cpl
    c:\windows\system32\28753wor97z0.ocx
    c:\windows\4de5spyzare1589.exe
    c:\windows\system32\3f009hreatz1540.cpl
    c:\windows\system32\3b75ba9kzoor1541.cpl
    c:\windows\system32\242th5ef279z.ocx
    c:\windows\system32\9e0cad5ware1z6.dll
    c:\windows\system32\168edo9n5oader2431z.ocx
    c:\windows\system32\29548wormzad.bin
    c:\windows\system32\109abackdoo52576z.bin
    c:\windows\system32\17717vi95z671.bin
    c:\windows\3a9dspzr5e2999.bin
    c:\windows\9955wzrm27c9.ocx
    c:\windows\system32\5ef5thze9t8444.dll
    c:\windows\system32\6069st5az2302.dll
    c:\windows\z0899w5rm58d.bin
    c:\windows\4d55spzware2689.exe
    c:\windows\5az6backdoo9452.exe
    c:\windows\system32\32076v5ru9z22.exe
    c:\windows\system32\325289pambzt796.bin
    c:\windows\5z60backd9or2954.dll
    c:\windows\7zafs5yware6039.bin
    c:\windows\2311ztro51709.dll
    c:\windows\system32\3e475a9zdoor1747.bin


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 6:12 pm

========== FILES ==========
C:\flawlesstracks+aceofclubsfreebeat.mp3 moved successfully.
C:\flawlessrnb+simplerb.mp3 moved successfully.
LoadLibrary failed for c:\windows\z9870troj595.ocx
c:\windows\z9870troj595.ocx NOT unregistered.
c:\windows\z9870troj595.ocx moved successfully.
C:\Kanye West feat. Young Jeezy - Amazing.mp3 moved successfully.
c:\docume~1\admin\applic~1\LimeWire\promotion moved successfully.
c:\docume~1\admin\applic~1\LimeWire\mozilla-profile\updates\0 moved successfully.
c:\docume~1\admin\applic~1\LimeWire\mozilla-profile\updates moved successfully.
c:\docume~1\admin\applic~1\LimeWire\mozilla-profile\extensions moved successfully.
c:\docume~1\admin\applic~1\LimeWire\mozilla-profile\Cache moved successfully.
c:\docume~1\admin\applic~1\LimeWire\mozilla-profile moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\res\html moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\res\fonts moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\res\entityTables moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\res\dtd moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\res moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\plugins moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\modules moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\greprefs moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\dictionaries moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\profile moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\pref moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\defaults moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\components moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner\chrome moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser\xulrunner moved successfully.
c:\docume~1\admin\applic~1\LimeWire\browser moved successfully.
c:\docume~1\admin\applic~1\LimeWire\.AppSpecialShare moved successfully.
c:\docume~1\admin\applic~1\LimeWire moved successfully.
C:\Thisis50.com-Eminem - 3 A.M..mp3 moved successfully.
c:\windows\5b7as9arse190z5.bin moved successfully.
c:\windows\system32\38e5vi91318z.exe moved successfully.
C:\readyrockproductions+kanyewestfkidcudilonelyfreedownload.mp3 moved successfully.
C:\Lost In The Crowd (Prod. By Sinima).mp3 moved successfully.
c:\windows\system32\598ethzef3102.cpl moved successfully.
C:\thepuzzleproductions+feelinmyselfthecarter2freedl.mp3 moved successfully.
C:\flawlesstracks+justmusicfreebeat.mp3 moved successfully.
c:\windows\52z4t5rea924573.exe moved successfully.
c:\windows\2z107ha5ktoo96e.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\580dzw9loader2558.ocx
c:\windows\system32\580dzw9loader2558.ocx NOT unregistered.
c:\windows\system32\580dzw9loader2558.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\3bbd5wnlo9der141z.ocx
c:\windows\system32\3bbd5wnlo9der141z.ocx NOT unregistered.
c:\windows\system32\3bbd5wnlo9der141z.ocx moved successfully.
c:\docume~1\admin\applic~1\uTorrent moved successfully.
c:\windows\20282not-a5ziru956a.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\28753wor97z0.ocx
c:\windows\system32\28753wor97z0.ocx NOT unregistered.
c:\windows\system32\28753wor97z0.ocx moved successfully.
c:\windows\4de5spyzare1589.exe moved successfully.
c:\windows\system32\3f009hreatz1540.cpl moved successfully.
c:\windows\system32\3b75ba9kzoor1541.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\242th5ef279z.ocx
c:\windows\system32\242th5ef279z.ocx NOT unregistered.
c:\windows\system32\242th5ef279z.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\9e0cad5ware1z6.dll
c:\windows\system32\9e0cad5ware1z6.dll NOT unregistered.
c:\windows\system32\9e0cad5ware1z6.dll moved successfully.
LoadLibrary failed for c:\windows\system32\168edo9n5oader2431z.ocx
c:\windows\system32\168edo9n5oader2431z.ocx NOT unregistered.
c:\windows\system32\168edo9n5oader2431z.ocx moved successfully.
c:\windows\system32\29548wormzad.bin moved successfully.
c:\windows\system32\109abackdoo52576z.bin moved successfully.
c:\windows\system32\17717vi95z671.bin moved successfully.
c:\windows\3a9dspzr5e2999.bin moved successfully.
LoadLibrary failed for c:\windows\9955wzrm27c9.ocx
c:\windows\9955wzrm27c9.ocx NOT unregistered.
c:\windows\9955wzrm27c9.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\5ef5thze9t8444.dll
c:\windows\system32\5ef5thze9t8444.dll NOT unregistered.
c:\windows\system32\5ef5thze9t8444.dll moved successfully.
LoadLibrary failed for c:\windows\system32\6069st5az2302.dll
c:\windows\system32\6069st5az2302.dll NOT unregistered.
c:\windows\system32\6069st5az2302.dll moved successfully.
c:\windows\z0899w5rm58d.bin moved successfully.
c:\windows\4d55spzware2689.exe moved successfully.
c:\windows\5az6backdoo9452.exe moved successfully.
c:\windows\system32\32076v5ru9z22.exe moved successfully.
c:\windows\system32\325289pambzt796.bin moved successfully.
LoadLibrary failed for c:\windows\5z60backd9or2954.dll
c:\windows\5z60backd9or2954.dll NOT unregistered.
c:\windows\5z60backd9or2954.dll moved successfully.
c:\windows\7zafs5yware6039.bin moved successfully.
LoadLibrary failed for c:\windows\2311ztro51709.dll
c:\windows\2311ztro51709.dll NOT unregistered.
c:\windows\2311ztro51709.dll moved successfully.
c:\windows\system32\3e475a9zdoor1747.bin moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04262009_141146

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 6:18 pm

Okay, that should do it for the malware, but now lets get you protected.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

  • Now open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 6:24 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Antares Auto-Tune v4.39
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
Choice Guard
COMODO Firewall Pro
COMODO SafeSurf
Cool Edit Pro 2.0
Dell Wireless WLAN Card
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Updater (AOL LLC)
Driver Magician Lite 3.5
getPlus(R) for Adobe
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB943232)
ijji Auto Installer
Java(TM) 6 Update 13
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
Learning Essentials for Microsoft Office
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student with Encarta Premium 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
musicshakeENG
MV RegClean 5.9 English
Nero 8
neroxml
PDF Settings
PLAYSTATION(R)Network Downloader
PowerISO
PSP Video 9 2.25
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows XP (KB923789)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
Uniblue RegistryBooster 2
Unity Web Player
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Defender
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yahoo! Software Update

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 6:29 pm

Hello.
I don't see Avira on that list, please install it now using my above instructions. You will get infected again if you don't.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java(TM) 6 Update 4
  • Java(TM) 6 Update 5
  • Java(TM) 6 Update 6
  • Java(TM) 6 Update 7
  • LimeWire 5.1.2
  • Uniblue RegistryBooster 2
  • Viewpoint Media Player

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 7:13 pm

well i was able to do what u said...i was able to d/l and update Avira, gonna use the scan now...but still cant update malwarebytes and still seems like microsoft is still being blocked.

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 7:16 pm

I think the downloading updates is most likely causing by the Comodo firewall you have installed.
Right click the Comodo tray icon > Exit it.

Try again now.

[or temporarily uninstall it]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 26th April 2009, 7:22 pm

hmm its not that...just turned it off and still cant d/l updates to anti virus programs

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 26th April 2009, 7:35 pm

Okay, run this next scan and see if it picks anything up.

* Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 27th April 2009, 12:48 pm

Well it says no viruses found...alright now this is getting weird. now i dont know what could be blocking mircosoft and anti virus program updates...

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 27th April 2009, 12:53 pm

Download Combofix again, but just run it normally this time. Don't try a CFScript.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 27th April 2009, 3:16 pm

ComboFix 09-04-25.A3 - Admin 04/27/2009 11:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.268 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-12-21 12:06 . 2009-12-21 12:06 8377 ----a-w c:\windows\system32\4fa5t9zef530.cpl
2009-07-26 20:29 . 2009-07-26 20:29 16883 ----a-w c:\windows\7f9cdownloaz5r1948.cpl
2009-07-22 23:13 . 2009-07-22 23:13 12505 ----a-w c:\windows\system32\2f29th5zat10422.exe
2009-07-21 00:31 . 2009-07-21 00:31 6973 ----a-w c:\windows\system32\59101spyze5.exe
2009-07-17 13:39 . 2009-07-17 13:39 11311 ----a-w c:\windows\system32\56549rojdz.exe
2009-07-16 17:51 . 2009-07-16 17:51 7602 ----a-w c:\windows\7bf9thrza52974.exe
2009-07-16 00:44 . 2009-07-16 00:44 10747 ----a-w c:\windows\system32\6b095zdware17279.exe
2009-07-14 19:00 . 2009-07-14 19:00 11557 ----a-w c:\windows\1z3eba5kdo9r1613.ocx
2009-07-11 04:38 . 2009-07-11 04:38 17601 ----a-w c:\windows\system32\29570sp955z.bin
2009-07-04 10:10 . 2009-07-04 10:10 13637 ----a-w c:\windows\5527szy9are2860.exe
2009-07-02 16:01 . 2009-07-02 16:01 10568 ----a-w c:\windows\20907z59us6dc.cpl
2009-07-01 18:42 . 2009-07-01 18:42 13548 ----a-w c:\windows\157bthzef3905.dll
2009-07-01 17:51 . 2009-07-01 17:51 17526 ----a-w c:\windows\system32\6894azd5are2493.bin
2009-06-28 23:44 . 2009-06-28 23:44 14649 ----a-w c:\windows\22598not-a5virzsab.dll
2009-06-28 02:30 . 2009-06-28 02:30 7072 ----a-w c:\windows\system32\96avi5z738.cpl
2009-06-26 21:16 . 2009-06-26 21:16 9991 ----a-w c:\windows\system32\69e45owzloader3214.ocx
2009-06-26 17:40 . 2009-06-26 17:40 9026 ----a-w c:\windows\system32\2c5e9pzrse1809.bin
2009-06-26 04:04 . 2009-06-26 04:04 9588 ----a-w c:\windows\system32\1c4e9ownzoader1650.ocx
2009-06-25 12:08 . 2009-06-25 12:08 8860 ----a-w c:\windows\system32\199005pz747.ocx
2009-06-24 12:59 . 2009-06-24 12:59 8257 ----a-w c:\windows\8915virz95ff.bin
2009-06-23 12:27 . 2009-06-23 12:27 17967 ----a-w c:\windows\6b56spz9se2994.bin
2009-06-21 21:28 . 2009-06-21 21:28 11646 ----a-w c:\windows\10550tzoj419.exe
2009-06-21 18:41 . 2009-06-21 18:41 18397 ----a-w c:\windows\system32\1385zspy93f.bin
2009-06-20 07:26 . 2009-06-20 07:26 3231 ----a-w c:\windows\14955sp513z.ocx
2009-06-18 13:38 . 2009-06-18 13:38 13147 ----a-w c:\windows\953tzief1291.exe
2009-06-17 20:00 . 2009-06-17 20:00 8490 ----a-w c:\windows\198959orm3ez5.exe
2009-06-17 16:02 . 2009-06-17 16:02 3932 ----a-w c:\windows\system32\91557spambzt55a.ocx
2009-06-14 17:12 . 2009-06-14 17:12 8610 ----a-w c:\windows\z3542n5t-a-vir9sec.ocx
2009-06-12 16:30 . 2009-06-12 16:30 12406 ----a-w c:\windows\51972zpy289.ocx
2009-06-11 22:46 . 2009-06-11 22:46 16775 ----a-w c:\windows\system32\6a9th5ezt99437.dll
2009-06-11 13:16 . 2009-06-11 13:16 6060 ----a-w c:\windows\9416hzcktoo560d.exe
2009-06-10 19:22 . 2009-06-10 19:22 4957 ----a-w c:\windows\z2551t9oj37.ocx
2009-06-10 02:50 . 2009-06-10 02:50 14671 ----a-w c:\windows\system32\58d6thre9520685z.dll
2009-06-08 03:34 . 2009-06-08 03:34 17853 ----a-w c:\windows\9944hz5kt9ol155.dll
2009-06-08 03:32 . 2009-06-08 03:32 8558 ----a-w c:\windows\system32\76349r5j592z.exe
2009-06-07 20:05 . 2009-06-07 20:05 11927 ----a-w c:\windows\system32\3d95thiz5551.cpl
2009-06-06 18:21 . 2009-06-06 18:21 17968 ----a-w c:\windows\27653zot-5-virus2559.bin
2009-06-06 07:34 . 2009-06-06 07:34 12709 ----a-w c:\windows\10254viruz6d9.exe
2009-06-06 02:06 . 2009-06-06 02:06 9452 ----a-w c:\windows\system32\27z33sp9mbot591.exe
2009-06-06 02:01 . 2009-06-06 02:01 8283 ----a-w c:\windows\system32\3395hazktoo51b2.exe
2009-06-06 00:52 . 2009-06-06 00:52 13763 ----a-w c:\windows\system32\z1007v9ru5544.cpl
2009-06-05 12:11 . 2009-06-05 12:11 3672 ----a-w c:\windows\system32\9653vizus859.dll
2009-06-05 12:03 . 2009-06-05 12:03 9594 ----a-w c:\windows\12399not-a-v5rus36z.bin
2009-06-03 12:20 . 2009-06-03 12:20 14855 ----a-w c:\windows\system32\5019szambot295.dll
2009-06-03 09:31 . 2009-06-03 09:31 8515 ----a-w c:\windows\system32\267z5w9rm7a4.dll
2009-06-03 03:42 . 2009-06-03 03:42 16534 ----a-w c:\windows\system32\53999spy6dz.cpl
2009-06-02 10:08 . 2009-06-02 10:08 11181 ----a-w c:\windows\9997steal575z.dll
2009-06-01 04:40 . 2009-06-01 04:40 6668 ----a-w c:\windows\system32\z535vi9202.bin
2009-05-26 05:27 . 2009-05-26 05:27 2556 ----a-w c:\windows\system32\290559reatz4993.bin
2009-05-25 20:21 . 2009-05-25 20:21 9325 ----a-w c:\windows\system32\7729t5iefz282.ocx
2009-05-23 01:03 . 2009-05-23 01:03 9789 ----a-w c:\windows\system32\10599spzf5.ocx
2009-05-22 16:40 . 2009-05-22 16:40 10254 ----a-w c:\windows\191fs5ealz543.bin
2009-05-21 22:03 . 2009-05-21 22:03 2766 ----a-w c:\windows\7f54baz9door3183.ocx
2009-05-21 08:42 . 2009-05-21 08:42 9533 ----a-w c:\windows\system32\74a1a5dwaze9599.bin
2009-05-21 05:11 . 2009-05-21 05:11 14942 ----a-w c:\windows\818359t-a-virusz49.dll
2009-05-20 18:21 . 2009-05-20 18:21 7755 ----a-w c:\windows\system32\1dd2z5re9t19943.cpl
2009-05-20 14:35 . 2009-05-20 14:35 9083 ----a-w c:\windows\system32\4z55vi91961.bin
2009-05-20 03:16 . 2009-05-20 03:16 8707 ----a-w c:\windows\19798hzcktool3295.exe
2009-05-18 16:08 . 2009-05-18 16:08 10220 ----a-w c:\windows\system32\23z599ot-a-virusa5.bin
2009-05-18 12:12 . 2009-05-18 12:12 5824 ----a-w c:\windows\system32\4c9teal5831z.cpl
2009-05-18 01:44 . 2009-05-18 01:44 15932 ----a-w c:\windows\6945thief2z165.cpl
2009-05-17 07:04 . 2009-05-17 07:04 3967 ----a-w c:\windows\system32\15d3b9ckdoor2752z.dll
2009-05-17 04:37 . 2009-05-17 04:37 13548 ----a-w c:\windows\system32\17775t9oz12f.bin
2009-05-17 00:26 . 2009-05-17 00:26 16673 ----a-w c:\windows\system32\94825orm2b9z.cpl
2009-05-15 08:20 . 2009-05-15 08:20 9584 ----a-w c:\windows\system32\29699noz-a-virus195.cpl
2009-05-15 00:13 . 2009-05-15 00:13 17264 ----a-w c:\windows\39190szambot5e4.exe
2009-05-14 07:35 . 2009-05-14 07:35 6659 ----a-w c:\windows\7czdspyw5re1988.dll
2009-05-14 07:22 . 2009-05-14 07:22 11712 ----a-w c:\windows\3179thiez26925.exe
2009-05-14 03:45 . 2009-05-14 03:45 8818 ----a-w c:\windows\34z5ba59door36.dll
2009-05-12 10:59 . 2009-05-12 10:59 8837 ----a-w c:\windows\system32\59c6zparse4025.cpl
2009-05-09 06:53 . 2009-05-09 06:53 17460 ----a-w c:\windows\z1926spa5bot2089.exe
2009-05-08 23:36 . 2009-05-08 23:36 17392 ----a-w c:\windows\4c57thief99z.exe
2009-05-07 15:19 . 2009-05-07 15:19 9447 ----a-w c:\windows\system32\6346thr5az263319.bin
2009-05-06 16:59 . 2009-05-06 16:59 8356 ----a-w c:\windows\system32\5774no5-9-virus37z.exe
2009-05-03 03:18 . 2009-05-03 03:18 7343 ----a-w c:\windows\15286hacktoo9zee.cpl
2009-05-01 22:13 . 2009-05-01 22:13 3209 ----a-w c:\windows\system32\769zw59m3b2.bin
2009-05-01 06:13 . 2009-05-01 06:13 3223 ----a-w c:\windows\system32\3ea19z5al2051.cpl
2009-04-26 23:35 . 2009-04-26 23:35 14655 ----a-w c:\windows\system32\f28stea598z.exe
2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w c:\documents and settings\Admin\DoctorWeb
2009-04-26 18:43 . 2009-02-13 15:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-26 18:39 . 2009-04-26 18:39 -------- d-----w c:\program files\Avira
2009-04-26 18:39 . 2009-04-26 18:39 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-24 17:16 . 2009-04-24 22:37 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Comodo
2009-04-24 17:06 . 2009-04-24 17:05 73728 ----a-w c:\windows\system32\CavEmLSP.dll
2009-04-24 17:05 . 2009-04-24 17:05 434252 ----a-w c:\windows\system32\MSVCRTD.DLL
2009-04-24 17:05 . 2009-04-24 17:05 216576 ----a-w c:\windows\system32\monln.dll
2009-04-24 14:54 . 2009-04-24 14:54 249592 ----a-w c:\windows\system32\cssdll32.dll
2009-04-24 14:53 . 2009-04-24 14:53 -------- d-----w c:\documents and settings\Admin\Application Data\Comodo
2009-04-24 14:53 . 2009-04-24 17:06 -------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-04-24 14:53 . 2009-04-24 14:53 87056 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-24 14:53 . 2009-04-24 14:53 24208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-24 14:53 . 2009-04-24 14:53 143104 ----a-w c:\windows\system32\guard32.dll
2009-04-24 14:53 . 2009-04-24 17:06 -------- d-----w c:\program files\COMODO
2009-04-22 20:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 20:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 20:10 . 2009-04-22 20:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 19:52 . 2009-04-22 19:52 107 ----a-w c:\windows\WININIT.INI
2009-04-20 02:40 . 2009-04-20 02:40 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2009-04-20 01:24 . 2009-04-20 01:24 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-20 01:02 . 2009-04-20 01:02 -------- d-----w c:\documents and settings\Admin\Application Data\Uniblue
2009-04-20 00:02 . 2009-04-20 00:02 -------- d-----w c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2009-04-19 19:40 . 2009-04-19 19:41 -------- d-----w c:\documents and settings\Admin\Application Data\acccore
2009-04-19 18:52 . 2009-04-19 18:52 -------- d-----w c:\documents and settings\Admin\Application Data\DivX
2009-04-19 18:52 . 2009-04-19 18:52 -------- d-----w c:\documents and settings\Admin\Application Data\Syntrillium
2009-04-19 15:47 . 2009-04-27 14:24 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Adobe
2009-04-19 15:17 . 2009-04-19 15:18 -------- d-----w C:\The Inner City V3
2009-04-19 15:16 . 2009-04-25 00:33 -------- d-----w c:\documents and settings\Admin\Application Data\U3
2009-04-19 15:11 . 2009-04-27 14:53 -------- d-----w c:\documents and settings\Admin\Tracing
2009-04-19 14:45 . 2009-04-19 14:45 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Yahoo
2009-04-19 04:54 . 2009-04-19 04:54 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\AOL OCP
2009-04-19 04:54 . 2009-04-19 04:54 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\AOL
2009-04-19 02:09 . 2009-04-19 02:09 -------- d-sh--w c:\documents and settings\Admin\IETldCache
2009-04-19 02:03 . 2009-04-19 02:03 -------- d-sh--w c:\documents and settings\Admin\IECompatCache
2009-04-19 02:02 . 2009-04-19 02:02 -------- d-sh--w c:\documents and settings\Admin\PrivacIE
2009-04-19 02:02 . 2009-04-19 02:02 -------- d-----w c:\documents and settings\Admin\Application Data\Yahoo!
2009-04-19 02:00 . 2009-04-19 02:00 -------- d-----w c:\documents and settings\Admin\Application Data\Malwarebytes
2009-04-19 01:57 . 2009-04-19 01:57 91736 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 01:57 . 2009-04-19 01:57 -------- d-----w c:\documents and settings\Admin\Application Data\Nero
2009-04-18 20:02 . 2009-04-18 20:09 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-18 13:13 . 2009-04-18 13:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-18 06:22 . 2009-04-18 13:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-18 06:22 . 2009-04-18 06:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-18 00:52 . 2001-08-18 02:36 26112 -c--a-w c:\windows\system32\dllcache\EXCH_seos.dll
2009-04-18 00:51 . 2004-08-10 11:00 37888 -c--a-w c:\windows\system32\dllcache\md5filt.dll
2009-04-18 00:50 . 2004-08-10 11:00 78848 -c--a-w c:\windows\system32\dllcache\dayi.ime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 18:36 . 2008-02-03 00:36 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-26 18:33 . 2008-02-03 18:27 -------- d-----w c:\program files\Java
2009-04-26 16:38 . 2008-03-27 23:24 7527 --sh--w C:\Folder.jpg
2009-04-26 16:38 . 2008-03-27 23:24 2220 --sh--w C:\AlbumArtSmall.jpg
2009-04-25 18:22 . 2008-12-26 17:22 3833 --sh--w C:\AlbumArt_{8A12F43A-4C49-4496-9179-E6528EF15051}_Large.jpg
2009-04-25 18:22 . 2008-12-26 17:22 1245 --sh--w C:\AlbumArt_{8A12F43A-4C49-4496-9179-E6528EF15051}_Small.jpg
2009-04-24 22:36 . 2008-02-03 00:27 -------- d-----w c:\program files\Yahoo!
2009-04-24 22:16 . 2009-01-28 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-24 17:05 . 2008-01-18 02:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-24 17:05 . 2008-01-18 02:23 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-24 17:05 . 2008-01-18 02:23 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-20 20:05 . 2008-02-20 18:13 -------- d-----w c:\program files\PowerISO
2009-04-18 16:02 . 2008-01-16 03:18 87263 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-18 02:06 . 2008-02-03 00:29 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-18 00:36 . 2008-01-16 03:16 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-16 17:18 . 2008-01-18 02:33 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-06 17:29 . 2008-02-03 00:25 -------- d-----w c:\program files\DivX
2009-03-31 02:32 . 2008-03-27 23:27 376 --sh--w C:\desktop.ini
2009-03-29 19:32 . 2008-01-18 02:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-20 23:02 . 2009-03-20 23:02 -------- d-----w c:\program files\SilentMusicBand
2009-03-15 04:34 . 2008-12-23 01:14 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 22:01 . 2008-02-28 01:20 -------- d-----w c:\program files\Windows Live
2009-03-14 22:00 . 2009-03-14 22:00 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-14 21:57 . 2009-03-14 21:57 -------- d-----w c:\program files\Microsoft
2009-03-14 21:56 . 2009-03-14 21:56 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-14 21:50 . 2009-03-14 21:50 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 21:18 . 2009-03-09 21:18 2832 --sh--w C:\AlbumArt_{490346A1-3318-4B4C-94C4-C6A74FB24AD0}_Small.jpg
2009-03-09 21:18 . 2009-03-09 21:18 12169 --sh--w C:\AlbumArt_{490346A1-3318-4B4C-94C4-C6A74FB24AD0}_Large.jpg
2009-03-09 09:19 . 2008-12-14 15:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 11:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 11:00 18944 ----a-w c:\windows\system32\corpol.dll

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 27th April 2009, 3:16 pm

2009-03-08 08:33 . 2004-08-10 11:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 11:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 11:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 11:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 11:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 11:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 11:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-19 02:04 . 2009-02-19 02:04 7566 --sh--w C:\AlbumArt_{706731EF-F89C-4F52-BDED-CCE2CC854CC7}_Large.jpg
2009-02-19 02:04 . 2009-02-19 02:04 2226 --sh--w C:\AlbumArt_{706731EF-F89C-4F52-BDED-CCE2CC854CC7}_Small.jpg
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-28 18:48 . 2009-01-28 18:48 244 ---ha-w C:\sqmnoopt00.sqm
2009-01-28 18:48 . 2009-01-28 18:48 232 ---ha-w C:\sqmdata00.sqm
2008-12-27 21:39 . 2008-12-27 21:39 16384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-08-22 22:18 . 2008-08-22 22:18 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
2008-12-23 02:10 . 2008-12-23 02:10 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081223\index.dat
2008-12-27 21:39 . 2008-12-27 21:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122720081228\index.dat
2009-01-14 04:07 . 2009-01-14 04:07 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011320090114\index.dat
2009-01-27 03:10 . 2009-01-27 03:10 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009012620090127\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-23 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-04-24 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-04-24 1655552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 XDva219;XDva219; [x]
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-24 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-24 24208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2005-04-22 92550]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-08-19 21:57]

2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-27 c:\windows\Tasks\User_Feed_Synchronization-{1E818F85-EE84-4DFC-AB9B-445E7F13C0AA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-04-27 c:\windows\Tasks\User_Feed_Synchronization-{CD5ECD4B-51F4-4CD8-95B9-6F9B0BBF57B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\CavEmLSP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-27 11:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\CavEmLSP.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-27 11:12
ComboFix-quarantined-files.txt 2009-04-27 15:12

Pre-Run: 34,424,688,640 bytes free
Post-Run: 35,016,413,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=2,3,4,5,6
301 --- E O F --- 2009-04-16 17:25

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Belahzur on 27th April 2009, 5:13 pm

Hello.
May I suggest formatting at this stage.

Before when you weren't running an AV, you've allowed the malware to open backdoors and damage the machine, whatever we do, the malware will regenerate.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus/Spyware Issue - Cannot Clean!!!

Post by Keenan21x on 27th April 2009, 6:17 pm

alright thx for helping Smile

Keenan21x
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-04-24
OS OS : XP
Points Points : 27908
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum