Hello. I'm having very similar problems on my computer as rocio25 describes in his first post at http://www.geekpolice.net/virus-spyware-malware-removal-f11/error-starting-on-demand-scanner-t12398.htm. I have the same problem running Malwarebytes, the same problem updating Java and running HijackThis and I can't even get to download combofix. It seems that a lot of software designed to catalogue and fix the malware is recognised and prevented from running or even downloading/accessing the download sites. Spyware Doctor has been successfully installed and has found and (apparently) eradicated many of the maleware generated bugs, but I still have the problems described above.
If it helps, SystemLook has generated the following when ...
:filefind
scecli.dll
netlogon.dll:
... was pasted into it:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:26 on 05/09/2009 by Peter Fraser (Administrator - Elevation successful)
========== filefind ==========
Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll --a--c 180224 bytes [07:48 10/07/2008] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll --a--- 181248 bytes [07:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [11:41 29/08/2002] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll --a--c 407040 bytes [07:48 10/07/2008] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll --a--- 407040 bytes [07:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [11:41 29/08/2002] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
-=End Of File=-
Basically I'm at the point where Belhazur posted in the rocio25 thread on Sun 09 Aug 2009, 7:15 pm, where he informs us not to continue further with any procedures tailored for fixing rocio25's computer. I've downloaded and extracted avenger.exe to my desktop in anticipation, but have not run it yet.
I noticed that a.exe, and msa.exe were seen running in Task Manager. I read up about them on the internet and decided that they were malware, so I deleted them. a.exe was in the %Temp% directory and I think msa.exe was in the C:\WINDOWS directory. I also deleted b.exe, which was also running in the %Temp% directory. I also noticed something called 'monopod' in the startup listings viewed using msconfig. I think 'monopod' is related to the malware and have deleted it from the startup with CCC cleaner. I also deleted a monopod listing in XP's registry in the software listing. I still have the original .reg file I exported just before deleting that monopod entry. I've also disabled XP's System Restore and will re-enable it once, or if, I can get my system cleared of the malware.
Any assistance would be greatly appreciated, believe me - I've been working on this for three days now!
If it helps, SystemLook has generated the following when ...
:filefind
scecli.dll
netlogon.dll:
... was pasted into it:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:26 on 05/09/2009 by Peter Fraser (Administrator - Elevation successful)
========== filefind ==========
Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll --a--c 180224 bytes [07:48 10/07/2008] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll --a--- 181248 bytes [07:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [11:41 29/08/2002] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll --a--c 407040 bytes [07:48 10/07/2008] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll --a--- 407040 bytes [07:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [11:41 29/08/2002] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
-=End Of File=-
Basically I'm at the point where Belhazur posted in the rocio25 thread on Sun 09 Aug 2009, 7:15 pm, where he informs us not to continue further with any procedures tailored for fixing rocio25's computer. I've downloaded and extracted avenger.exe to my desktop in anticipation, but have not run it yet.
I noticed that a.exe, and msa.exe were seen running in Task Manager. I read up about them on the internet and decided that they were malware, so I deleted them. a.exe was in the %Temp% directory and I think msa.exe was in the C:\WINDOWS directory. I also deleted b.exe, which was also running in the %Temp% directory. I also noticed something called 'monopod' in the startup listings viewed using msconfig. I think 'monopod' is related to the malware and have deleted it from the startup with CCC cleaner. I also deleted a monopod listing in XP's registry in the software listing. I still have the original .reg file I exported just before deleting that monopod entry. I've also disabled XP's System Restore and will re-enable it once, or if, I can get my system cleared of the malware.
Any assistance would be greatly appreciated, believe me - I've been working on this for three days now!
