|
| ||
| Smitfraud-C & Zlob problems Good day. I've read several of the threads and I've tried several different programs to remove malwares off my machine. I've ran S&D (spybot), it removed three problems. However, I have the following: 1. Smitfraud - C 2. Smitfraud-C.MSVPS 3. Zlob. Downloader.vcd My computer is getting sluggish. Spybot detects the errors but cannot clean them. It says i'm not the administrator....even though i'm the only user. I'm using vista and tried to run it as an administrator, but to no avail. Still detecting the above-three mentioned trojans. No other programs pick them up...not even mcafee. Below is my hi-jack log. Thank you! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:02 AM, on 11/15/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxpers.exe C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Java\jre1.6.0\bin\javaw.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\VCExpress.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\program files\mcafee\msc\mcshell.exe C:\Windows\System32\mobsync.exe C:\Users\Neil\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\Windows\nsduo.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...b-20070115.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...PUplden-us.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: msmhost - {B055631F-E491-4650-9924-D07CB8DCFA17} - C:\Windows\msmhost.dll O21 - SSODL: msmdev - {74169A81-A814-41CA-8861-0626B3244558} - C:\Windows\msmdev.dll O23 - Service: McAfee Application Installer Cleanup (0315941195132132) (0315941195132132mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\031594~1.EXE O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: dlbf_device - - C:\Windows\system32\dlbfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11895 bytes |
| ||
| Re: Smitfraud-C & Zlob problems Ok....i think I've solved the problem. S&D has removed the items as i mentioned above. I'm posting my new Hi-jack log. Please let me know if there is anything additional that shouldn't be there. Also, what exactly do you look for in these logs..is there some type of tutorial...i'm interested. Since S&D didn't detect anything, is it safe to say that i don't need to run SmitfraudFix? AVG nor S&D found nothing after there removal.Thx: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:31 AM, on 11/15/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxpers.exe C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Java\jre1.6.0\bin\javaw.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG7\avgwb.dat c:\program files\mcafee\msc\mcuimgr.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Users\Neil\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\Windows\System32\cmd.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...b-20070115.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...PUplden-us.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: McAfee Application Installer Cleanup (0315941195132132) (0315941195132132mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\031594~1.EXE O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlbf_device - - C:\Windows\system32\dlbfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10907 bytes When i tried to run & download combo fix, i got the following error message: Please wait. ComboFix is preparing to run. Access violation at address 77BA7036. Read of address 00200068. I ran it a second time...and it said it's out of memory. Thx. |
| ||
| Re: Smitfraud-C & Zlob problems Ok...i got the ComboFix to finally work. Below is my log, but i still have a few questions: ComboFix 07-11-08.1 - Neil 2007-11-15 11:55:42.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.794 [GMT -6:00] Running from: C:\Users\Neil\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\main_uninstaller.exe C:\Windows\msmdev.dll C:\Windows\msmhost.dll C:\Windows\rs.txt C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-15 11:40 51,200 --a------ C:\Windows\NirCmd.exe 2007-11-15 10:51 <DIR> d-------- C:\Users\Neil\AppData\Roaming\AVG7 2007-11-15 10:50 9,216 --a------ C:\Windows\System32\avgwlntf.dll 2007-11-15 10:49 47,104 --a------ C:\Windows\System32\drivers\avgwfp.sys 2007-11-15 10:47 <DIR> d-------- C:\Users\All Users\Grisoft 2007-11-15 10:47 <DIR> d-------- C:\Users\All Users\avg7 2007-11-15 10:47 <DIR> d-------- C:\ProgramData\Grisoft 2007-11-15 10:47 <DIR> d-------- C:\ProgramData\avg7 2007-11-15 07:35 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-11-15 07:32 <DIR> d-------- C:\Program Files\Microsoft SDKs 2007-11-08 08:10 <DIR> d-------- C:\Program Files\ePrompter 2007-11-02 14:54 <DIR> d-------- C:\Program Files\Any DWG DXF Converter 2007-11-02 14:25 314,880 --a------ C:\Windows\IsUninst.exe 2007-11-01 23:21 <DIR> d-------- C:\Program Files\Opera 2007-10-19 22:54 <DIR> d-------- C:\Program Files\WinClamAVShield 2007-10-19 22:53 138,624 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys 2007-10-19 20:07 <DIR> d-------- C:\Users\Neil\AppData\Roaming\Application Data 2007-10-19 20:07 <DIR> d-------- C:\Users\All Users\Spyware Terminator 2007-10-19 20:07 <DIR> d-------- C:\ProgramData\Spyware Terminator 2007-10-19 20:07 <DIR> d-------- C:\Program Files\Spyware Terminator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 18:08 --------- d-----w C:\ProgramData\McAfee 2007-11-15 15:20 --------- d-----w C:\ProgramData\Microsoft Help 2007-11-15 13:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0 2007-11-15 00:04 --------- d-----w C:\Users\Neil\AppData\Roaming\MP3Rocket 2007-11-11 02:07 --------- d-----w C:\ProgramData\Roxio 2007-11-10 13:31 --------- d-----w C:\Program Files\MP3 Rocket 2007-11-08 02:35 --------- d---a-w C:\ProgramData\TEMP 2007-10-27 21:29 --------- d-----w C:\Program Files\NCH Swift Sound 2007-10-27 21:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-17 21:01 --------- d-----w C:\Users\Neil\AppData\Roaming\Autodesk 2007-10-13 02:23 88,576 ----a-w C:\Windows\System32\infocardapi.dll 2007-10-13 02:23 771,440 ----a-w C:\Windows\System32\PresentationNative_v0300.dll 2007-10-13 02:23 580,952 ----a-w C:\Windows\System32\icardagt.exe 2007-10-13 02:23 347,504 ----a-w C:\Windows\System32\PresentationHost.exe 2007-10-13 02:23 33,136 ----a-w C:\Windows\System32\PresentationHostProxy.dll 2007-10-13 02:23 12,120 ----a-w C:\Windows\System32\icardres.dll 2007-10-13 02:23 106,864 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2007-10-13 02:11 83,968 ----a-w C:\Windows\System32\dfshim.dll 2007-10-13 02:11 74,752 ----a-w C:\Windows\System32\mscories.dll 2007-10-13 02:11 275,456 ----a-w C:\Windows\System32\mscoree.dll 2007-10-13 02:11 155,648 ----a-w C:\Windows\System32\mscorier.dll 2007-10-12 20:05 --------- d-----w C:\ProgramData\Skype 2007-10-11 18:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2007-10-11 09:02 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-10-11 09:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-10-11 09:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-10-11 09:01 84,480 ----a-w C:\Windows\System32\INETRES.dll 2007-10-11 09:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2007-10-11 09:01 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2007-10-11 03:19 --------- d-----w C:\Program Files\FreeOcr 2007-10-10 19:54 --------- d-----w C:\Program Files\MSECache 2007-10-10 19:50 --------- d-----w C:\Users\Neil\AppData\Roaming\ICAClient 2007-10-10 19:49 --------- d-----w C:\Program Files\Citrix 2007-10-07 15:22 --------- d-----w C:\Program Files\FMS 2007-10-04 03:53 73,216 ----a-w C:\Windows\ST6UNST.EXE 2007-10-04 03:53 286,720 ------w C:\Windows\Setup1.exe 2007-10-04 03:51 --------- d-----w C:\ProgramData\WinZip 2007-10-04 03:50 --------- d-----w C:\Program Files\City Interactive 2007-10-04 03:42 --------- d-----w C:\Program Files\Taksofon 2.0 2007-09-27 02:23 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-27 02:21 --------- d-----w C:\Program Files\Investintech.com Inc 2007-09-27 02:11 --------- d-----w C:\ProgramData\MSScanAppDataDir 2007-09-10 17:55 692,224 ----a-w C:\Windows\System32\ijjiSetup.exe 2007-08-30 04:13 750,080 ----a-w C:\Windows\System32\qmgr.dll 2007-08-24 13:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2007-08-24 13:46 43,352 ----a-w C:\Windows\System32\wups2.dll 2007-08-24 13:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2007-08-24 13:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2007-08-24 13:45 80,896 ----a-w C:\Windows\System32\wudriver.dll 2007-08-24 13:45 549,720 ----a-w C:\Windows\System32\wuapi.dll 2007-08-24 13:45 33,624 ----a-w C:\Windows\System32\wups.dll 2007-08-24 13:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2007-08-24 13:44 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2007-08-15 08:13 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-08-15 08:13 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-08-15 08:13 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-08-15 08:13 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2007-08-15 08:12 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini 2003-08-05 17:41 53,248 ----a-w C:\Windows\inf\ap561.exe 2002-11-26 22:24 32,768 ----a-w C:\Windows\inf\Remove561.exe 2002-11-22 21:56 118,784 ----a-w C:\Windows\inf\ShowBmp.exe 2002-10-30 00:07 36,864 ----a-w C:\Windows\inf\Setup8a.exe 2002-10-01 20:43 119,798 ----a-w C:\Windows\inf\spca561.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 06:34] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 11:51] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-15 12:08] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-15 12:07] "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-15 12:07] "SigmatelSysTrayApp"="sttray.exe" [2007-02-07 23:11 C:\Windows\sttray.exe] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 15:19] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 03:45] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-08-31 07:51] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-10-19 20:08] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-15 10:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 06:35] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-15 10:49] C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ePrompter.lnk - C:\Program Files\ePrompter\ePrompter.exe [2007-11-08 08:10:25] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 16:55:50] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-09 14:17:49] MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-10-31 14:59:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-11-15 10:50 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=C:\Windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\Windows\system32\drivers\sp_rsdrv2.sys R2 dlbf_device;dlbf_device;C:\Windows\system32\dlbfcoms.exe -service R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\Windows\System32\DRIVERS\ASPI32.sys S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys S3 SndTDriverV32;SndTDriverV32;C:\Windows\system32\drivers\SndTDriverV32.sys S3 TIEHDUSB;TIEHDUSB;C:\Windows\system32\drivers\tiehdusb.sys S3 winusb;WinUSB Service;C:\Windows\system32\DRIVERS\WinUSB.SYS S3 WmaCDriverV32;WmaCDriverV32;C:\Windows\system32\drivers\WmaCDriverV32.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81415b30-fe67-11db-bd31-806e6f6e6963}] \shell\AutoRun\command - E:\autorun.exe E . Contents of the 'Scheduled Tasks' folder "2007-11-15 13:20:05 C:\Windows\Tasks\User_Feed_Synchronization-{D9885F34-E49D-4B6E-8C01-C45B1EBC0202}.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 12:11:06 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 12:13:15 - machine was rebooted . --- E O F --- Questions: 1. Since I ran this, in my control panel, under the security options..it says that "The security service can't be started" & "The security service is turned off". Any idea why and how to fix this? 2.Please let me know if there is anything additional that shouldn't be there. Also, what exactly do you look for in these logs..is there some type of tutorial...i'm interested. Since S&D didn't detect anything, is it safe to say that i don't need to run SmitfraudFix? AVG nor S&D found nothing after there removal. Thx guys. |
| All times are GMT -4. The time now is 9:13 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC