i have allready posted a topic on this here:
http://www.geekstogo...11#entry1523911
i have fallowed the mallware and spyware cleaning guide from this link:
http://www.geekstogo...uide-t2852.html
when reaching "System Restore (Windows Vista, XP and ME)" on the mallware and spyware cleaning guide. i downloaded the System Restore program and tryed to run it and got this message
"the application failed to initialize properly (0xc0000135) click on ok to terminate the application."
this is my mallwarebytes scan log whitch i was told to post within this topic:
Malwarebytes' Anti-Malware 1.36
Database version: 2059
Windows 5.1.2600 Service Pack 2
29/04/2009 22:08:19
mbam-log-2009-04-29 (22-08-19).txt
Scan type: Quick Scan
Objects scanned: 66611
Time elapsed: 3 minute(s), 35 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 18
Memory Processes Infected:
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
Memory Modules Infected:
c:\WINDOWS\system32\msncache.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msncache.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\LUKEEEE\Local Settings\Temp\1207631520.exe (Trojan.Downloader) ->
thanks
luke
Edited by djmarzy, 29 April 2009 - 04:58 PM.
Sign In
Create Account
