Spyware.Ispynow

View previous topic View next topic Go down

Solved Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 9:53 pm

Having the same problem with the security alert pop up. Am told that my firewall has detected unauthorized activity, but cannot help to remove viruses, keyloggers and other spyware thrreats.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:25 PM, on 11/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Opera\Opera.exe
C:\Users\Aubrey\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [HPseti] "C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10495 bytes

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 10:26 pm

Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [HPseti] "C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe"


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file in bold:
C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe
====

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved This is what was logged.

Post by aubreyxanne on Fri Nov 28, 2008 10:54 pm

ComboFix 08-11-28.02 - Aubrey 2008-11-28 17:41:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.757 [GMT -5:00]
Running from: c:\users\Aubrey\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-04-29 15:21 444 ----a-w c:\users\Aubrey\822.bat
2008-04-29 15:21 1,884,160 ----a-w c:\users\Aubrey\winlogon.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"HPseti"="c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe" [2008-11-28 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe




.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Aubrey\AppData\Roaming\Mozilla\Firefox\Profiles\x7ru4i3c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-28 17:45:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4016)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Aubrey\AppData\Roaming\Google\dpldpl.dll
.
Completion time: 2008-11-28 17:48:12
ComboFix-quarantined-files.txt 2008-11-28 22:47:03

Pre-Run: 72,990,982,144 bytes free
Post-Run: 74,179,067,904 bytes free

259 --- E O F --- 2008-11-28 21:25:48

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 10:55 pm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-96aa679d - c:\users\Aubrey\AppData\Local\Temp\ijlcrprf.dll
MSConfigStartUp-BM95995401 - c:\users\Aubrey\AppData\Local\Temp\rkstdiab.dll
MSConfigStartUp-Host Process - c:\users\Aubrey\svchost.exe

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 10:57 pm

Hello.
Please submit this file
c:\users\Aubrey\winlogon.exe
to here for a scan.
[You must be registered and logged in to see this link.]
Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:02 pm

Thank you for your help, I also tried to delete C:UsersAubreyAppDataRoamingGoogledvvm.exe and it told me that the action was denied. I'm logged in as administrator and was still unable to delete it.


Scan taken on 28 Nov 2008 23:00:42 (GMT)
A-Squared Found Virus.Win32.VB.FXE!IK
AntiVir Found TR/Spy.VB.ajb.2
ArcaVir Found nothing
Avast Found Win32:VB-FXE
AVG Antivirus Found BackDoor.VB.BOK
BitDefender Found Trojan.Dropper.VB.AQC
ClamAV Found nothing
CPsecure Found Troj.Dropper.W32.VB.hf
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Virus.Win32.VB.FXE
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Ircbot.AHLX
Panda Antivirus Found Generic
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 11:07 pm

Thanks.

Now open a new notepad file.
Input this into the notepad file:

File::
C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe
c:\users\Aubrey\822.bat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPseti"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


Last edited by Belahzur on Fri Nov 28, 2008 11:21 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:19 pm

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-04-29 15:21 444 ----a-w c:\users\Aubrey\822.bat
2008-04-29 15:21 1,884,160 ----a-w c:\users\Aubrey\winlogon.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"HPseti"="c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe" [2008-11-28 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:20 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-28 18:15:56
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5200)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Aubrey\AppData\Roaming\Google\dpldpl.dll
c:\users\Aubrey\AppData\Local\Temp\catchme.dll
.
Completion time: 2008-11-28 18:18:20
ComboFix-quarantined-files.txt 2008-11-28 23:17:01
ComboFix2.txt 2008-11-28 22:48:14

Pre-Run: 74,901,442,560 bytes free
Post-Run: 74,874,363,904 bytes free

251 --- E O F --- 2008-11-28 21:25:48

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 11:22 pm

Did you the CFScript or just another normal run? the files the CFScript would delete are still there.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:27 pm

I copied the links into the notepad and saved it. Then I dragged it over to the combofix icon and it ran again.

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 11:28 pm

Could you post the top of the log? You've post from the ((( files created within 30 days ))))

It should have a header, and then (((( other deletions )))))


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:36 pm

ComboFix 08-11-28.02 - Aubrey 2008-11-28 18:30:57.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.800 [GMT -5:00]
Running from: c:\users\Aubrey\Desktop\ComboFix.exe
Command switches used :: c:\users\Aubrey\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\users\Aubrey\822.bat
c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Aubrey\822.bat
c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:37 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-28 18:32:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-28 18:34:43
ComboFix-quarantined-files.txt 2008-11-28 23:33:45
ComboFix2.txt 2008-11-28 23:18:23
ComboFix3.txt 2008-11-28 22:48:14

Pre-Run: 73,982,767,104 bytes free
Post-Run: 73,947,770,880 bytes free

254 --- E O F --- 2008-11-28 21:25:48

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 11:39 pm

Hello.
Log looks clean, how is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by aubreyxanne on Fri Nov 28, 2008 11:47 pm

Hey, the pop up hasnt come back up so far!!! Woo hoo, you are so awesome! I could never have figured this out on my own. Thank You!

aubreyxanne
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-11-28
Gender Gender : Female
OS OS : vista
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Belahzur on Fri Nov 28, 2008 11:48 pm

Good. Smile

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by 1adam12jw on Sat Nov 29, 2008 6:10 pm

Log removed.
User has his/her own topic from a split, please use it.

1adam12jw
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2008-11-29
OS OS : windows xp home 2003
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.Ispynow

Post by Nightfire on Tue Dec 02, 2008 2:12 am

EDIT: Posted in the completely wrong place. My apologies, admins.

Nightfire
Novice
Novice

Posts Posts : 33
Joined Joined : 2008-12-02
OS OS : Microsoft Windows XP
Points Points : 29308
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Same issue with me

Post by greenraisin on Wed Dec 03, 2008 4:29 am

Log removed. Start your own topic please.
------------

Topic locked. Everyone else, please start your own topic here:

[You must be registered and logged in to see this link.]

greenraisin
Novice
Novice

Posts Posts : 31
Joined Joined : 2008-12-03
OS OS : windows xp
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum