Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Idiot Here. Help Kill Spylocked.... With Log.....thanks


  • This topic is locked This topic is locked
2 replies to this topic

#1 pyro926

pyro926

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 05 June 2007 - 06:34 PM

I have spylocked, spyheal, Dr. Anti-spy......
Please help or send me to the right place.
Thanks.

SmitFraudFix v2.192
Scan done at 16:17:45.89, Tue 06/05/2007
Run from C:\Documents and Settings\D. Ray Hodson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
hosts

C:\

C:\WINDOWS

C:\WINDOWS\system

C:\WINDOWS\Web

C:\WINDOWS\system32
C:\WINDOWS\system32\indwvm.dll FOUND !
C:\WINDOWS\system32\LogFiles

C:\Documents and Settings\D. Ray Hodson

C:\Documents and Settings\D. Ray Hodson\Application Data

Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\D4C79~1.RAY\FAVORI~1
C:\DOCUME~1\D4C79~1.RAY\FAVORI~1\Online Security Test.url FOUND !
Desktop

C:\Program Files
C:\Program Files\SpyLocked 4.0\ FOUND !
C:\Program Files\Video ActiveX Access\ FOUND !
Corrupted keys

Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"
[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"

AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Rustock

DNS
Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.185.34.67
DNS Server Search Order: 68.185.32.10
DNS Server Search Order: 68.116.46.115
DNS Server Search Order: 68.116.46.70
HKLM\SYSTEM\CCS\Services\Tcpip\..\{481C8A8E-1D33-4780-85E4-2C1B31C8022E}: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70
HKLM\SYSTEM\CS1\Services\Tcpip\..\{481C8A8E-1D33-4780-85E4-2C1B31C8022E}: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70
HKLM\SYSTEM\CS3\Services\Tcpip\..\{481C8A8E-1D33-4780-85E4-2C1B31C8022E}: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.185.34.67 68.185.32.10 68.116.46.115 68.116.46.70

Scanning for wininet.dll infection

End

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 09 June 2007 - 02:52 PM

Hello pyro926,

You posted a log from an old version of SmitfruadFix. It is updated frequently, so it is important you download and run a current verions.

Delete the old version of SmitfruadFix you have on your computer.
then please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Edited by SifuMike, 09 June 2007 - 02:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:05 AM

Posted 16 June 2007 - 02:08 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users