Cant get spybot running in vista

Try this

Please download Rooter Rootkit Detector to your Desktop
  • Doubleclick it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
  • Post the report for me to see.
 
Here it is

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 15 Model 95 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] STOPPED (state:1) : Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18828
.
C:\ [Fixed-NTFS] .. ( Total:66 Go - Free:37 Go )
D:\ [Fixed-NTFS] .. ( Total:66 Go - Free:66 Go )
E:\ [Removable]
F:\ [CD_Rom]
G:\ [Removable]
.
Scan : 08:12.45
Path : E:\Rooter.exe
User : cyrus ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (440)
______ C:\Windows\system32\csrss.exe (508)
______ C:\Windows\system32\wininit.exe (556)
______ C:\Windows\system32\csrss.exe (564)
______ C:\Windows\system32\services.exe (608)
______ C:\Windows\system32\lsass.exe (640)
______ C:\Windows\system32\lsm.exe (648)
______ C:\Windows\system32\winlogon.exe (656)
______ C:\Windows\system32\svchost.exe (836)
______ C:\Windows\system32\nvvsvc.exe (884)
______ C:\Windows\system32\svchost.exe (912)
______ C:\Windows\System32\svchost.exe (944)
______ C:\Windows\System32\svchost.exe (1028)
______ C:\Windows\System32\svchost.exe (1112)
______ C:\Windows\system32\svchost.exe (1128)
Locked audiodg.exe (1196)
______ C:\Windows\system32\svchost.exe (1216)
______ C:\Windows\system32\SLsvc.exe (1236)
______ C:\Windows\system32\rundll32.exe (1292)
______ C:\Windows\system32\svchost.exe (1300)
______ C:\Windows\system32\svchost.exe (1456)
______ C:\Windows\System32\spoolsv.exe (1628)
______ C:\Windows\system32\svchost.exe (1652)
______ C:\Windows\system32\agrsmsvc.exe (1872)
______ C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (1912)
______ C:\Program Files\iolo\common\lib\ioloServiceManager.exe (1976)
______ C:\Windows\system32\svchost.exe (428)
______ C:\Windows\system32\svchost.exe (488)
______ C:\Windows\System32\svchost.exe (844)
______ C:\Windows\system32\SearchIndexer.exe (1400)
______ C:\Windows\system32\WUDFHost.exe (468)
______ C:\Windows\system32\taskeng.exe (2524)
______ C:\Windows\system32\taskeng.exe (3652)
______ C:\Windows\system32\Dwm.exe (3700)
______ C:\Windows\Explorer.EXE (3780)
______ C:\Windows\System32\rundll32.exe (3908)
______ C:\Windows\RtHDVCpl.exe (3916)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3924)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (2952)
______ C:\Windows\system32\vssvc.exe (3564)
______ C:\Windows\System32\svchost.exe (1544)
______ C:\Program Files\Internet Explorer\iexplore.exe (3832)
______ C:\Program Files\Internet Explorer\iexplore.exe (2216)
______ C:\Windows\system32\wuauclt.exe (1068)
______ C:\Windows\System32\mobsync.exe (1348)
______ E:\Rooter.exe (3064)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:17179869184)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:17180917760 | Length:71415365632)
\Device\Harddisk0\Partition3 (Start_Offset:88596297216 | Length:71442975744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{88B7284F-FA8A-4263-B5C9-6C34C08FD7BF}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:12.46
.
C:\Rooter$\Rooter_1.txt - (13/11/2009 | 08:12.46)
 
Not looking at anything bad. Is it just this forum you can't log into or is it other sites also. Can you log into sites you use like say eBay or a shopping site ?
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7137986 bytes

User: cyrus
->Temp folder emptied: 92829 bytes
->Temporary Internet Files folder emptied: 4565916 bytes
->Java cache emptied: 25493256 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 22060 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.63 mb


OTM by OldTimer - Version 3.1.1.0 log created on 11142009_032040

Files moved on Reboot...

Registry entries deleted on Reboot...
 
Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\8636065b-fef0-4255-b14f-54639f7900a4

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Virtumonde.sdn: [SBI $70056CE6] Data (File, fixed)
C:\Windows\System32\tolevoto
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

DoubleClick: Tracking cookie (Internet Explorer: cyrus) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-11-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-11-10 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-10-13 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-27 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-11-10 Includes\Malware.sbi (*)
2009-11-10 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-20 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-11-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-11-10 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-11-10 Includes\Trojans.sbi (*)
2009-11-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

this is after running spybot
 
If you can't download this then your going to have to download it from a known clean computer and transfer by disk to the infected one. I was looking over your log and may have missed something. Lets check

Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
 
You must log in or register to reply here.
Back
Top