Results 1 to 3 of 3

Thread: help! at my wits end!

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    16

    Default help! at my wits end!

    Hello all. I desperately need help. My computer was recently infected with multiple viruses win32.idele, cdilla, 2yourface, win32.nuke, of which I thought I removed. However when i scan with spybot there is remnants still left of something. I run spybot and it says removed but when I rescan it shows up again. Spybot is the only program that is detecting these and I cannot get rid of them no matter what program I run or if I try to manually delete it in the regedit. I am posting the logs for spybot. I have formatted reloaded, wrote 0's to the disk via dban and bc total wipeout, flash the bios, everything I could possibly think of and it WONT go away. As well as give it to two professionals who said it was gone, only to pick it up and still be there, I am not far from pulling my hair out!! Can someone please tell me if these files are harmful and how to remove them. I know it says tracks but, the fact that it is a level 5 and when I researched it to find out that it is a privacy issue, it scared me. Perhaps I am paranoid but I feel like my privacy has been invaded and am concerned about purchasing anything with a card on this computer until I am sure it is safe. Any help would be appreciated

    I am running....

    Windows 7 sp1
    Dell Inspiron n5050 4g/500g

    Here is the log...

    Search results from Spybot - Search & Destroy

    3/29/2013 7:08:21 AM
    Scan took 00:33:42.
    40 items found.

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\mogli\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\997DCKUE\fbstatic-a.akamaihd.net\www.iheart.com.sol
    Properties.size=83
    Properties.md5=C562715282DE16472B11773014B3B775
    Properties.filedate=1364528323
    Properties.filedatetext=2013-03-28 23:38:42

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\mogli\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\997DCKUE\s.ytimg.com\videostats.sol
    Properties.size=275
    Properties.md5=A4C4499C1CBAC6F58C6CFC8D56E4F5A2
    Properties.filedate=1364534103
    Properties.filedatetext=2013-03-29 01:15:03

    DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): mogli) (Browser: Cookie, nothing done)


    DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: mogli (default)) (Browser: Cookie, nothing done)


    Log: [SBI $8E73A7FB] Install: Directx.log (File, nothing done)
    C:\Windows\Directx.log
    Properties.size=38082
    Properties.md5=34032C7366AD6914FB7E5EED481B525D
    Properties.filedate=1364500124
    Properties.filedatetext=2013-03-28 15:48:43

    Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
    C:\Windows\setupact.log
    Properties.size=3797
    Properties.md5=0DB3C88432606D825305A36289E2E133
    Properties.filedate=1364519604
    Properties.filedatetext=2013-03-28 21:13:24

    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-4260962366-3266493628-1397919670-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Browser: Cookie (23) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (521) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (95) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (413) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

    2012-11-13 blindman.exe (2.0.12.151)
    2012-11-13 explorer.exe (2.0.12.173)
    2012-11-13 SDBootCD.exe (2.0.12.109)
    2012-11-13 SDCleaner.exe (2.0.12.110)
    2012-11-13 SDDelFile.exe (2.0.12.94)
    2012-11-13 SDFiles.exe (2.0.12.135)
    2012-11-13 SDFileScanHelper.exe (2.0.12.1)
    2012-11-13 SDFSSvc.exe (2.0.12.205)
    2012-11-13 SDImmunize.exe (2.0.12.130)
    2012-11-13 SDLogReport.exe (2.0.12.107)
    2012-11-13 SDPESetup.exe (2.0.12.3)
    2012-11-13 SDPEStart.exe (2.0.12.86)
    2012-11-13 SDPhoneScan.exe (2.0.12.27)
    2012-11-13 SDPRE.exe (2.0.12.13)
    2012-11-13 SDPrepPos.exe (2.0.12.10)
    2012-11-13 SDQuarantine.exe (2.0.12.103)
    2012-11-13 SDRootAlyzer.exe (2.0.12.116)
    2012-11-13 SDSBIEdit.exe (2.0.12.39)
    2012-11-13 SDScan.exe (2.0.12.173)
    2012-11-13 SDScript.exe (2.0.12.53)
    2012-11-13 SDSettings.exe (2.0.12.130)
    2012-11-13 SDShred.exe (2.0.12.105)
    2012-11-13 SDSysRepair.exe (2.0.12.101)
    2012-11-13 SDTools.exe (2.0.12.150)
    2012-11-13 SDTray.exe (2.0.12.127)
    2012-11-13 SDUpdate.exe (2.0.12.89)
    2012-11-13 SDUpdSvc.exe (2.0.12.76)
    2012-11-13 SDWelcome.exe (2.0.12.126)
    2012-11-13 SDWSCSvc.exe (2.0.12.2)
    2013-03-28 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
    2012-11-13 SDECon32.dll (2.0.12.113)
    2012-11-13 SDECon64.dll (2.0.12.113)
    2012-11-13 SDEvents.dll (2.0.12.2)
    2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
    2012-11-13 SDHelper.dll (2.0.12.88)
    2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
    2012-11-13 SDLists.dll (2.0.12.4)
    2012-11-13 SDResources.dll (2.0.12.7)
    2012-11-13 SDScanLibrary.dll (2.0.12.131)
    2012-11-13 SDTasks.dll (2.0.12.15)
    2012-11-13 SDWinLogon.dll (2.0.12.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2012-11-13 Tools.dll (2.0.12.36)
    2012-11-13 UninsSrv.dll (2.0.12.52)
    2012-12-18 Includes\Adware.sbi (*)
    2013-03-27 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2012-12-18 Includes\KeyloggersC.sbi (*)
    2012-11-21 Includes\Malware.sbi (*)
    2013-03-26 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-03-26 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2012-11-14 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-11-14 Includes\Spyware.sbi (*)
    2012-11-14 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-03-19 Includes\TrojansC-02.sbi (*)
    2013-03-26 Includes\TrojansC-03.sbi (*)
    2013-03-14 Includes\TrojansC-04.sbi (*)
    2012-11-14 Includes\TrojansC-05.sbi (*)
    2013-03-01 Includes\TrojansC.sbi (*)


    if there is anything else you need please let me know.

    Thank you,


    Crystal

  2. #2
    Junior Member
    Join Date
    Mar 2013
    Posts
    16

    Default more info

    also I suppose I should also post that sometimes whatever this is will not allow me to do certain things even though I am administrator.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello cbarneyc,
    Quote Originally Posted by cbarneyc View Post
    also I suppose I should also post that sometimes whatever this is will not allow me to do certain things even though I am administrator.
    How can I get administrator rights under Windows Vista / Windows 7 / Windows 8?

    Did you do that?

    If that doesn't help... to request malware removal assistance the FAQ includes forum guidelines in post #1 and instructions in post #2 on how to provide the preliminary DDSand aswMBR logs used for analysis.

    http://forums.spybot.info/showthread.php?t=288

    You'd need to start a new topic providing the DDS and aswMBR logs for a volunteer analyst to advise when available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •