Spyware.ISpynow Issue on Vista Computer

View previous topic View next topic Go down

Solved Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:09 pm

Ok.. A very helpful member just helped fix my wifes laptop.

I am now concerned about my Desktop as my Internet Explorer Browsers and Firefox browsers are acting up. How do I scan this computer to ensure that I am not infected here with Spyware.ISpynow as I was doing the same activities that coused my Wifes laptop to get infected. I run Windows Vista.

Thanks

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sat Nov 29, 2008 11:12 pm

Could you post a Hijack This log from this machine too?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:14 pm

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14, on 2008-11-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Mouse Driver\Mouse Driver\5.2\Mouse32A.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4172086135-3689951012-2788723220-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser18')
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - [You must be registered and logged in to see this link.]
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

--
End of file - 9116 bytes

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sat Nov 29, 2008 11:24 pm

Log looks clean.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when about to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:33 pm

Ok. Here it is:

ComboFix 08-11-29.03 - Administrator 2008-11-29 18:26:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 18:11 . 2008-04-16 12:02 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys
2008-11-29 17:52 . 2008-11-29 17:59 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\All Users\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\ADMINI~1\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\progra~2\Malwarebytes
2008-11-29 17:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 17:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-29 12:47 . 2008-11-29 12:47 d-------- C:\cabs
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\Administrator\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\ADMINI~1\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 01:38 d-------- c:\program files\uTorrent
2008-11-25 15:07 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:07 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:07 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:07 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:07 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 15:03 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-25 15:03 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-25 15:03 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-25 15:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-25 15:03 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-25 15:03 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-25 15:03 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-25 15:03 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-25 15:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\users\All Users\PC Drivers HeadQuarters
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\progra~2\PC Drivers HeadQuarters
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\users\All Users\CounterPath
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\progra~2\CounterPath
2008-11-21 16:22 . 2008-11-21 16:22 d-------- c:\program files\CounterPath
2008-11-17 10:58 . 2008-11-17 10:58 236 --a------ C:\sqmdata03.sqm
2008-11-17 10:58 . 2008-11-17 10:58 200 --a------ C:\sqmnoopt03.sqm
2008-11-12 16:01 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:01 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:01 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 12:39 . 2008-11-10 12:39 9,019 --a------ c:\users\h_logo.gif
2008-11-08 17:08 . 2008-11-15 12:37 d-------- c:\program files\Article Submitter Pro
2008-11-05 22:53 . 2008-11-05 22:53 236 --a------ C:\sqmdata02.sqm
2008-11-05 22:53 . 2008-11-05 22:53 200 --a------ C:\sqmnoopt02.sqm
2008-11-04 22:03 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-04 22:03 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 22:03 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 22:03 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 22:03 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\Administrator\AppData\Roaming\Brother
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\ADMINI~1\AppData\Roaming\Brother
2008-11-03 18:43 . 2008-11-03 18:43 236 --a------ C:\sqmdata01.sqm
2008-11-03 18:43 . 2008-11-03 18:43 200 --a------ C:\sqmnoopt01.sqm
2008-11-03 18:42 . 2008-11-28 14:20 426 --a------ c:\windows\BRWMARK.INI
2008-11-03 18:41 . 2008-11-03 18:41 225 --a------ c:\windows\Brpfx04a.ini
2008-11-03 18:41 . 2008-11-03 18:41 93 --a------ c:\windows\brpcfx.ini
2008-11-03 18:41 . 2008-11-03 18:42 65 --a------ c:\windows\System32\bd7440n.dat
2008-11-03 18:40 . 2007-01-25 17:16 94,208 --a------ c:\windows\System32\BrDctF2.dll
2008-11-03 18:40 . 2007-01-26 16:13 54,784 --a------ c:\windows\System32\brinsstr.dll
2008-11-03 18:40 . 2007-01-15 21:54 12,288 --a------ c:\windows\System32\BrDctF2S.dll
2008-11-03 18:40 . 2007-01-15 16:09 12,288 --a------ c:\windows\System32\BrDctF2L.dll
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\Administrator\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\ADMINI~1\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\program files\Nuance
2008-11-03 18:39 . 2008-11-03 18:40 d-------- c:\program files\Brother
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\users\All Users\InstallShield
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\progra~2\InstallShield
2008-11-03 18:38 . 2006-10-24 14:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\users\All Users\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\progra~2\ScanSoft
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\users\All Users\Brother
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\progra~2\Brother
2008-10-30 16:54 . 2008-10-30 16:54 236 --a------ C:\sqmdata00.sqm
2008-10-30 16:54 . 2008-10-30 16:54 200 --a------ C:\sqmnoopt00.sqm
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\Administrator\AppData\Roaming\Apple Computer
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\ADMINI~1\AppData\Roaming\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:05 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 21:44 --------- d-----w c:\progra~2\Viewpoint
2008-11-25 05:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\CoffeeCup Software
2008-11-17 00:33 --------- d-----w c:\progra~2\Microsoft Help
2008-11-15 17:37 --------- d-----w c:\program files\Common Files\Astech
2008-11-13 00:41 --------- d-----w c:\users\Administrator\AppData\Roaming\FileZilla
2008-11-13 00:41 --------- d-----w c:\users\ADMINI~1\AppData\Roaming\FileZilla
2008-11-08 21:06 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-03 23:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 20:31 --------- d-----w c:\program files\Windows Live
2008-10-24 20:31 --------- d-----w c:\program files\Microsoft
2008-10-24 20:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-23 02:12 --------- d-----w c:\program files\iTunes
2008-10-23 02:12 --------- d-----w c:\program files\iPod
2008-10-23 02:12 --------- d-----w c:\progra~2\Apple Computer
2008-10-23 02:12 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 02:11 --------- d-----w c:\program files\QuickTime
2008-10-23 02:09 --------- d-----w c:\program files\Apple Software Update
2008-10-17 14:30 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-15 22:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 22:41 339,968 ----a-w c:\windows\System32\pythoncom25.dll
2008-09-22 22:41 2,117,632 ----a-w c:\windows\System32\python25.dll
2008-09-22 22:41 114,688 ----a-w c:\windows\System32\pywintypes25.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 16:26 1,332,197 ----a-w c:\windows\System32\pythondll.zip
2008-09-09 04:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-07-20 04:28 174 --sha-w c:\program files\desktop.ini
2008-05-29 14:24 56,912 ----a-w c:\users\Administrator\g2mdlhlpx.exe
2007-11-23 21:01 102,392 ----a-w c:\users\Administrator\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-11-23 21:01 102,392 ----a-w c:\users\ADMINI~1\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-20 06:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2008-09-02 22552576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LWBMOUSE"="c:\program files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE" [2001-11-09 356352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 c:\program files\AOL 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-07-16 16:54 961536 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 02:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 15:28 598016 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BE0F908-8E44-42D4-969A-035EF76121C7}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{87E3941E-7C46-45A6-BA18-3F9E8F3A893D}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{3726EC3C-A64E-4EB4-972B-EF3055B5B8E9}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{D7F46A65-353D-4D64-B478-B0BD0E362CB0}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{0CDCC2B2-BE42-47FF-9034-BEFDABA7BD0A}"= UDP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{B75F5C2B-F4E9-49C2-8289-E72D43DF753D}"= TCP:c:\program files\Common Files\aol\1183234732

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:33 pm

\ee\aolsoftware.exe:AOL Shared Components
"{CF005D1F-EC1E-4125-BA2F-C7C0C7B83505}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{26F3926A-B65E-4B9A-8E87-F8E21756308C}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{9B35FB2F-ABFA-421B-BE25-D3B45994E069}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BD2355BD-B617-42CC-82AA-3BD397643392}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{65641844-56CC-4CD5-9EB1-069F6952C613}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{CB064EE3-BF9F-4AAE-BA4F-8053DB9A51EF}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0D8F85A9-6F83-4C58-909C-DBFC6848BB83}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5DB7C3B0-1A50-48AB-8BF7-3414E22F42DD}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E761F8D5-CBA8-4AB8-9E17-CE6BCDB74E0B}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{DEFB3D4C-FEB2-4C17-9CA7-7868517F1CCE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{59A1A900-66DC-43CB-824C-4384F0C3789A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{7F58DA40-0997-49D4-AA4C-D727730FD186}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4C6D4146-FD3C-4207-8E71-FA87C9301389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{73D98EB5-4895-46F4-96A4-D5F65A64B051}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= UDP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"UDP Query User{4C169394-B4F5-46D6-B20C-41C378464D67}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= TCP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"{29BA6322-7915-4E94-AB66-E409DF46E2C8}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{24938BEA-8865-45B6-B2D3-CE4509EA43A1}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{12E779FE-9B8E-4046-B199-ACFBCB4D4C49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44598517-3607-4CBC-BFCD-399C4DC855A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{90DCA162-E18F-486F-B23E-50700291722B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B19F71E-739A-4B7F-A105-29C36EF49522}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{38250A48-3916-45F9-B29E-75FED3CD18C4}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{C81FB904-2195-4534-A6ED-05B06E7E05A3}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{77E921A0-057D-4F5D-B262-A775BB050E0F}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4FA0185E-E659-4BB7-8E4E-CA48B8D00EAC}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{1092FA29-A6A2-4B79-A925-4B9D893636B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{162F33DA-6493-4AB9-BA6E-3797EDD304A4}"= TCP:c:\program files\Microsoft Office\Office12
\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4F4F7BBF-B39C-4104-B36D-AE89FE398458}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{46142228-989A-4FD3-9D6E-FA6419933BAA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{00F6391B-6E19-4E38-9C98-202DDEF48D9C}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7BAF213E-A7DC-477C-9A34-7385C5E52EE2}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{3B078D35-B4E1-43E6-8944-09149EF344C3}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{386DC190-F248-4F79-B918-2976196DBFFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{27252682-AE06-4347-9A87-8C65438111C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{842572F7-5266-42E0-AB28-A3FD56F865DE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{771E3ED7-C1FB-43F2-9F51-805D5E53667E}"= UDP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{9597B370-A37C-4BBC-B7CB-B8991A03393C}"= TCP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{ADBEF1A8-19C4-4940-9929-2E70FA8B45BD}"= TCP:54925:Brother Network Scanner
"TCP Query User{E6275D83-F459-4068-B44D-E6B1E5763287}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"UDP Query User{9E7FCD50-5535-45A5-8C96-8B8ECBFA4AE4}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"{284FA8B1-4457-4267-93FA-638BB1D4F4D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AEE2479A-69E4-4C63-BBD3-52DA29AE1DAA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 []
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2008-07-14 39048]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-29 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d84c62-ba46-11dd-854a-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537e44eb-adaa-11dd-b70b-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\36ye4euc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [You must be registered and logged in to see this link.]
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\36ye4euc.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-29 18:29:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1292)
c:\program files\Mouse Driver\Mouse Driver\5.2\MOUDL32A.DLL
.
Completion time: 2008-11-29 18:31:02
ComboFix-quarantined-files.txt 2008-11-29 23:30:59

Pre-Run: 169,829,789,696 bytes free
Post-Run: 170,311,593,984 bytes free

283 --- E O F --- 2008-11-27 17:36:07

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sat Nov 29, 2008 11:39 pm

Hello, I don't see anything serious.
I'm curious to one file, Google tells me it's related to Trend Micro, but I dont' see any signs of that.
Did you used to have Trend Micro on this machine?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:41 pm

Hello yes, I did have TrendMicro once. I deleted it though because it slowed my computer down and I just use Free Virus scanners online.

Let me know if its an issue.

Thanks again

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sat Nov 29, 2008 11:45 pm

Hello, okay.
We'll use CFScrippt just to get rid of a leftover of Trend.

The slowness may not be malware related.
Vista is a bigger OS than XP, and requires more RAM to run smoothly.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\System32\drivers\tmcomm.sys
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

Folder::
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:54 pm

Ok. Done:

ComboFix 08-11-29.03 - Administrator 2008-11-29 18:49:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1865 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\System32\drivers\tmcomm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\System32\drivers\tmcomm.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 17:52 . 2008-11-29 17:59 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\All Users\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\progra~2\Malwarebytes
2008-11-29 17:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 17:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-29 12:47 . 2008-11-29 12:47 d-------- C:\cabs
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\Administrator\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 01:38 d-------- c:\program files\uTorrent
2008-11-25 15:07 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:07 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:07 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:07 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:07 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 15:03 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-25 15:03 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-25 15:03 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-25 15:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-25 15:03 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-25 15:03 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-25 15:03 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-25 15:03 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-25 15:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\users\All Users\PC Drivers HeadQuarters
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\progra~2\PC Drivers HeadQuarters
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\users\All Users\CounterPath
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\progra~2\CounterPath
2008-11-21 16:22 . 2008-11-21 16:22 d-------- c:\program files\CounterPath
2008-11-12 16:01 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:01 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:01 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 12:39 . 2008-11-10 12:39 9,019 --a------ c:\users\h_logo.gif
2008-11-08 17:08 . 2008-11-15 12:37 d-------- c:\program files\Article Submitter Pro
2008-11-04 22:03 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-04 22:03 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 22:03 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 22:03 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 22:03 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\Administrator\AppData\Roaming\Brother
2008-11-03 18:42 . 2008-11-28 14:20 426 --a------ c:\windows\BRWMARK.INI
2008-11-03 18:41 . 2008-11-03 18:41 225 --a------ c:\windows\Brpfx04a.ini
2008-11-03 18:41 . 2008-11-03 18:41 93 --a------ c:\windows\brpcfx.ini
2008-11-03 18:41 . 2008-11-03 18:42 65 --a------ c:\windows\System32\bd7440n.dat
2008-11-03 18:40 . 2007-01-25 17:16 94,208 --a------ c:\windows\System32\BrDctF2.dll
2008-11-03 18:40 . 2007-01-26 16:13 54,784 --a------ c:\windows\System32\brinsstr.dll
2008-11-03 18:40 . 2007-01-15 21:54 12,288 --a------ c:\windows\System32\BrDctF2S.dll
2008-11-03 18:40 . 2007-01-15 16:09 12,288 --a------ c:\windows\System32\BrDctF2L.dll
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\Administrator\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\program files\Nuance
2008-11-03 18:39 . 2008-11-03 18:40 d-------- c:\program files\Brother
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\users\All Users\InstallShield
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\progra~2\InstallShield
2008-11-03 18:38 . 2006-10-24 14:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\users\All Users\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\progra~2\ScanSoft
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\users\All Users\Brother
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\progra~2\Brother
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\Administrator\AppData\Roaming\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:05 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 21:44 --------- d-----w c:\progra~2\Viewpoint
2008-11-25 05:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\CoffeeCup Software
2008-11-17 00:33 --------- d-----w c:\progra~2\Microsoft Help
2008-11-15 17:37 --------- d-----w c:\program files\Common Files\Astech
2008-11-13 00:41 --------- d-----w c:\users\Administrator\AppData\Roaming\FileZilla
2008-11-08 21:06 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-03 23:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 20:31 --------- d-----w c:\program files\Windows Live
2008-10-24 20:31 --------- d-----w c:\program files\Microsoft
2008-10-24 20:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-23 02:12 --------- d-----w c:\program files\iTunes
2008-10-23 02:12 --------- d-----w c:\program files\iPod
2008-10-23 02:12 --------- d-----w c:\progra~2\Apple Computer
2008-10-23 02:12 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 02:11 --------- d-----w c:\program files\QuickTime
2008-10-23 02:09 --------- d-----w c:\program files\Apple Software Update
2008-10-17 14:30 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-15 22:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 22:41 339,968 ----a-w c:\windows\System32\pythoncom25.dll
2008-09-22 22:41 2,117,632 ----a-w c:\windows\System32\python25.dll
2008-09-22 22:41 114,688 ----a-w c:\windows\System32\pywintypes25.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 16:26 1,332,197 ----a-w c:\windows\System32\pythondll.zip
2008-09-09 04:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-07-20 04:28 174 --sha-w c:\program files\desktop.ini
2008-05-29 14:24 56,912 ----a-w c:\users\Administrator\g2mdlhlpx.exe
2007-11-23 21:01 102,392 ----a-w c:\users\Administrator\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-20 06:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2008-09-02 22552576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LWBMOUSE"="c:\program files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE" [2001-11-09 356352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sat Nov 29, 2008 11:55 pm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 c:\program files\AOL 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-07-16 16:54 961536 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 02:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 15:28 598016 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BE0F908-8E44-42D4-969A-035EF76121C7}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{87E3941E-7C46-45A6-BA18-3F9E8F3A893D}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{3726EC3C-A64E-4EB4-972B-EF3055B5B8E9}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{D7F46A65-353D-4D64-B478-B0BD0E362CB0}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{0CDCC2B2-BE42-47FF-9034-BEFDABA7BD0A}"= UDP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{B75F5C2B-F4E9-49C2-8289-E72D43DF753D}"= TCP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{CF005D1F-EC1E-4125-BA2F-C7C0C7B83505}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{26F3926A-B65E-4B9A-8E87-F8E21756308C}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{9B35FB2F-ABFA-421B-BE25-D3B45994E069}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BD2355BD-B617-42CC-82AA-3BD397643392}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{65641844-56CC-4CD5-9EB1-069F6952C613}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{CB064EE3-BF9F-4AAE-BA4F-8053DB9A51EF}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0D8F85A9-6F83-4C58-909C-DBFC6848BB83}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5DB7C3B0-1A50-48AB-8BF7-3414E22F42DD}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E761F8D5-CBA8-4AB8-9E17-CE6BCDB74E0B}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{DEFB3D4C-FEB2-4C17-9CA7-7868517F1CCE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{59A1A900-66DC-43CB-824C-4384F0C3789A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{7F58DA40-0997-49D4-AA4C-D727730FD186}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4C6D4146-FD3C-4207-8E71-FA87C9301389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{73D98EB5-4895-46F4-96A4-D5F65A64B051}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= UDP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"UDP Query User{4C169394-B4F5-46D6-B20C-41C378464D67}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= TCP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"{29BA6322-7915-4E94-AB66-E409DF46E2C8}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{24938BEA-8865-45B6-B2D3-CE4509EA43A1}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{12E779FE-9B8E-4046-B199-ACFBCB4D4C49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44598517-3607-4CBC-BFCD-399C4DC855A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{90DCA162-E18F-486F-B23E-50700291722B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B19F71E-739A-4B7F-A105-29C36EF49522}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{38250A48-3916-45F9-B29E-75FED3CD18C4}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{C81FB904-2195-4534-A6ED-05B06E7E05A3}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{77E921A0-057D-4F5D-B262-A775BB050E0F}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4FA0185E-E659-4BB7-8E4E-CA48B8D00EAC}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{1092FA29-A6A2-4B79-A925-4B9D893636B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{162F33DA-6493-4AB9-BA6E-3797EDD304A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4F4F7BBF-B39C-4104-B36D-AE89FE398458}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{46142228-989A-4FD3-9D6E-FA6419933BAA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{00F6391B-6E19-4E38-9C98-202DDEF48D9C}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7BAF213E-A7DC-477C-9A34-7385C5E52EE2}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{3B078D35-B4E1-43E6-8944-09149EF344C3}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{386DC190-F248-4F79-B918-2976196DBFFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{27252682-AE06-4347-9A87-8C65438111C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{842572F7-5266-42E0-AB28-A3FD56F865DE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{771E3ED7-C1FB-43F2-9F51-805D5E53667E}"= UDP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{9597B370-A37C-4BBC-B7CB-B8991A03393C}"= TCP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{ADBEF1A8-19C4-4940-9929-2E70FA8B45BD}"= TCP:54925:Brother Network Scanner
"TCP Query User{E6275D83-F459-4068-B44D-E6B1E5763287}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"UDP Query User{9E7FCD50-5535-45A5-8C96-8B8ECBFA4AE4}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"{284FA8B1-4457-4267-93FA-638BB1D4F4D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AEE2479A-69E4-4C63-BBD3-52DA29AE1DAA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 []
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2008-07-14 39048]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-29 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d84c62-ba46-11dd-854a-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537e44eb-adaa-11dd-b70b-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-29 18:50:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(504)
c:\program files\Mouse Driver\Mouse Driver\5.2\MOUDL32A.DLL
.
Completion time: 2008-11-29 18:51:53
ComboFix-quarantined-files.txt 2008-11-29 23:51:50
ComboFix2.txt 2008-11-29 23:31:03

Pre-Run: 176,894,201,856 bytes free
Post-Run: 176,864,903,168 bytes free

272 --- E O F --- 2008-11-27 17:36:07

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sat Nov 29, 2008 11:58 pm

Hello.
Log looks clean, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by dealah33 on Sun Nov 30, 2008 12:04 am

Everything is perfect. Thanks your your help once again. =)

dealah33
Novice
Novice

Status :
Online
Offline

Posts Posts : 17
Joined Joined : 2008-11-29
OS OS : windows xp

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Belahzur on Sun Nov 30, 2008 12:06 am

Because Vista is a bigger OS, keep your temp files clean.
Use this often:

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.


Glad I could help. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware.ISpynow Issue on Vista Computer

Post by Doctor Inferno on Sat Dec 06, 2008 4:05 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum