Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Unable to delete 11 viruses... PLZ HELP!

Join Tech Support Forum Today

Reply
 
Thread Tools Search this Thread
 
Old 03-11-2010, 03:41 AM   #1
Registered Member
 
Join Date: Mar 2010
Posts: 2
OS: windows vista


Unable to delete 11 viruses... PLZ HELP!
Ok firstly I have no anti virus software due to virus not allowing me to download and run any I try put on my computer.

I found out i had a 11 viruses by using malwarebyte and when i attempted to delete them i was told i couldnt.

I have downloaded the two logs (dds and attach) but when i i tried to run the rootscanner log my computer kept denying access despite me disabling all the software mentioned on your malware blog. So I am gona need further help with that one!

Also i do not have any reboot Cds

Please help me it would all be much appreciated!

Kacey





DDS (Ver_09-12-01.01) - NTFSx86
Run by kara at 11:00:29.89 on 11/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.984.194 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Messaging\MessagingApp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OEM\OSD_1.2\osd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\kara.andre-PC\Downloads\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [HideMyIP] c:\program files\hide my ip\HideMyIP.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [SpareMessaging] "c:\program files\spare messaging\MessagingApp.exe"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE
mRun: [UpdateP2GShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [Skytel] Skytel.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\kara~1.and\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_1F0B30F16FFA954160D1AF.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
IFEO: image file execution options - svchost.exe
IFEO: bdagent.exe - svchost.exe
IFEO: bdsubwiz.exe - svchost.exe
IFEO: bdwizreg.exe - svchost.exe
IFEO: livesrv.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 94.75.207.107 google.com
Hosts: 94.75.207.107 google.com.au

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R2 OsdService;OSD Service;c:\program files\oem\osd_1.2\OsdService.exe [2008-2-22 94208]
R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-5-21 7168]
R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-4-22 8192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-1 103040]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-3 112128]

=============== Created Last 30 ================

2010-03-10 01:08:46 98816 ----a-w- c:\windows\sed.exe
2010-03-10 01:08:46 77312 ----a-w- c:\windows\MBR.exe
2010-03-10 01:08:46 261632 ----a-w- c:\windows\PEV.exe
2010-03-10 01:08:46 161792 ----a-w- c:\windows\SWREG.exe
2010-03-10 01:08:31 0 d-s---w- C:\anger
2010-03-10 00:39:24 0 d-----w- c:\program files\RegTweaker
2010-03-10 00:33:40 0 d-----w- c:\program files\FileASSASSIN
2010-03-09 23:15:08 0 d-----w- C:\VundoFix Backups
2010-03-09 22:24:18 0 d-----w- c:\users\kara~1.and\appdata\roaming\Malwarebytes
2010-03-09 22:24:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 22:23:59 0 d-----w- c:\programdata\Malwarebytes
2010-03-09 22:23:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 22:23:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 22:07:59 0 d-----w- c:\program files\BitDefender
2010-03-09 22:05:10 0 d-----w- c:\program files\common files\BitDefender
2010-03-09 10:03:24 0 d-----w- c:\program files\common files\DivX Shared
2010-03-09 10:03:08 0 d-----w- c:\program files\DivX
2010-02-24 11:24:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-18 18:24:49 0 d-----w- c:\programdata\WindowsSearch
2010-02-10 09:44:42 0 d-----w- C:\cfce426fac72daa9d07e9862564dc1e3
2010-02-10 07:27:37 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:27:37 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:27:22 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 07:27:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 07:27:13 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 07:27:11 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 07:27:00 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 07:27:00 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 07:27:00 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 07:27:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 07:27:00 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 07:26:59 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 07:26:59 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 07:26:59 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 07:26:59 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 07:26:53 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 07:26:53 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

==================== Find3M ====================

2010-03-09 21:08:24 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 21:08:24 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-09 21:08:24 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-25 22:07:48 1276 ----a-w- c:\users\kara~1.and\appdata\roaming\wklnhst.dat
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-05 21:45:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-05 21:33:48 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-30 10:48:22 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-04-21 14:46:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:02:12.57 ===============
Attached Files
File Type: zip Attach1.zip (457 Bytes, 2 views)

__________________
mzk87 is offline   Reply With Quote
Old 03-11-2010, 05:48 AM   #2
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 38,586
OS: WinXP Home, Vista, Windows 7 64bit


Re: Unable to delete 11 viruses... PLZ HELP!
I see you also ran ComboFix. Are you being assisted at another forum? If not, that log is crucial to any review of the state of your system. Kindly post the log it produced at C:\ComboFix.txt.

If ComboFix did not complete, please explain in detail what happened when you tried to run it.
__________________
Member of ASAP since 2005
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Reply

« System infected with "Vista Antivirus 2010" malware | [SOLVED] Antivirus XP 2010 Problems »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question





Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

RV & Travel Trailer Communities

Our RV & Travel Trailer sites encompasses virtually all types of Recreational Vehicles, from brand-specific to general RV communities.

» More about our RV Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


All times are GMT -7. The time now is 02:42 AM.

Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Service - Privacy - Top

Copyright 2001 - 2010, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security