GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

spyware.ispynow removal plz

View previous topic View next topic Go down

Solved spyware.ispynow removal plz

Post by emericask8r92 on Sun Nov 30, 2008 8:24 pm

yesterday i was surfing the internet and i got a windows pop-up that said your computer is infected with spyware.ispynow, internet explorer is now shutting down. I did some research and figured out that the process of this spyware was dvvm.exe. so i ended that process and the pop-ups that were saying i was infected stopped popping up. But i am certain it is still on my computer somewhere and my virus scans arnt picking anything up. So here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:17 PM, on 11/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gateway Customer\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7789 bytes

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Sun Nov 30, 2008 8:25 pm

my uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3
Agere Systems HDA Modem
AppCore
Apple Mobile Device Support
Apple Software Update
Backup
BigFix
Bonjour
Browser Address Error Redirector
Camera Assistant Software for Gateway
ccCommon
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
Gateway Games
Gateway Recovery Center Installer
GearDrvs
GearDrvs
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
IDT Audio
iTunes
Java(TM) 6 Update 5
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.4)
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
SPBBC 32bit
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
System Requirements Lab
Update for Office 2007 (KB946691)
Ventrilo Client

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Belahzur on Sun Nov 30, 2008 9:13 pm

Hello.
Whatever you did to stop dvvm.exe worked, and deleted the run value too, but the file may still be present.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Sun Nov 30, 2008 9:44 pm

all i did was go to task manager and end the process
but here is the combo log:

ComboFix 08-11-30.01 - Gateway Customer 2008-11-30 3:37:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1769 [GMT -6:00]
Running from: c:\users\Gateway Customer\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 03:34 . 2008-11-30 03:34 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-11-30 03:32 . 2008-11-30 03:33 267,991,141 --a------ c:\windows\MEMORY.DMP
2008-11-29 23:00 . 2008-11-29 23:03 d-------- c:\users\Gateway Customer\AppData\Roaming\Ventrilo
2008-11-29 22:59 . 2008-11-29 22:59 d-------- c:\program files\Ventrilo
2008-11-29 22:59 . 2008-11-29 22:59 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-29 22:58 . 2008-11-29 22:58 d-------- c:\users\Gateway Customer\AppData\Roaming\SampleView
2008-11-29 15:52 . 2008-11-29 15:52 d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-29 15:52 . 2008-11-29 15:52 d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-29 15:51 . 2008-11-29 15:51 d-------- c:\users\Gateway Customer\AppData\Roaming\SUPERAntiSpyware.com
2008-11-29 15:51 . 2008-11-29 15:52 d-------- c:\program files\SUPERAntiSpyware
2008-11-29 15:51 . 2008-11-29 22:59 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-26 12:44 . 2008-10-20 23:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 12:44 . 2008-08-27 21:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 12:44 . 2008-08-27 21:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 12:44 . 2008-08-27 21:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 12:44 . 2008-10-21 21:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 22:08 . 2008-11-24 22:09 d-------- C:\AddOns
2008-11-24 20:59 . 2008-06-25 19:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-11-24 20:59 . 2008-06-25 19:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-11-24 20:58 . 2008-06-25 21:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-11-24 20:57 . 2008-08-05 03:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-24 20:57 . 2008-08-05 03:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-24 20:57 . 2008-08-05 03:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-24 20:57 . 2008-08-05 03:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-24 20:57 . 2008-08-05 03:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-24 20:57 . 2008-04-22 22:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-11-23 14:31 . 2008-11-23 14:31 d-------- c:\windows\System32\N360_BACKUP
2008-11-22 22:23 . 2008-11-22 22:23 d-------- c:\users\Gateway Customer\AppData\Roaming\Apple Computer
2008-11-22 22:22 . 2008-11-22 22:22 d-------- c:\program files\iTunes
2008-11-22 22:22 . 2008-11-22 22:22 d-------- c:\program files\iPod
2008-11-22 22:21 . 2008-11-22 22:21 d-------- c:\program files\Bonjour
2008-11-22 22:20 . 2008-11-22 22:22 d-------- c:\users\All Users\Apple Computer
2008-11-22 22:20 . 2008-11-22 22:22 d-------- c:\programdata\Apple Computer
2008-11-22 22:20 . 2008-11-22 22:21 d-------- c:\program files\QuickTime
2008-11-22 22:19 . 2008-11-22 22:19 d-------- c:\program files\Apple Software Update
2008-11-22 22:18 . 2008-11-22 22:18 d-------- c:\users\All Users\Apple
2008-11-22 22:18 . 2008-11-22 22:18 d-------- c:\programdata\Apple
2008-11-22 22:18 . 2008-11-22 22:22 d-------- c:\program files\Common Files\Apple
2008-11-22 01:17 . 2008-07-15 19:32 2,048 --a------ c:\windows\System32\tzres.dll
2008-11-22 00:33 . 2008-07-30 19:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-11-22 00:33 . 2008-03-07 22:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-11-22 00:33 . 2008-04-26 02:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-22 00:33 . 2008-04-11 21:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-11-22 00:33 . 2008-06-18 21:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-11-22 00:33 . 2008-04-04 19:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-11-22 00:33 . 2008-07-30 21:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll
2008-11-22 00:33 . 2008-04-04 21:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-11-22 00:31 . 2008-10-01 21:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-11-22 00:30 . 2008-10-01 19:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-11-22 00:10 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-22 00:10 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-22 00:10 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-22 00:10 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-22 00:09 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-22 00:09 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-22 00:09 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-22 00:09 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-22 00:09 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-21 23:58 . 2008-11-21 23:58 d----c--- c:\windows\System32\DRVSTORE
2008-11-21 23:58 . 2008-11-21 23:58 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 23:58 . 2008-11-21 23:58 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 23:58 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-11-21 23:58 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-21 19:17 . 2008-11-21 19:17 d-------- c:\program files\SystemRequirementsLab
2008-11-19 16:20 . 2008-11-19 16:20 d-------- c:\users\Gateway Customer\AppData\Roaming\ATI
2008-11-19 16:19 . 2008-11-19 16:19 dr------- c:\users\Gateway Customer\Videos
2008-11-19 16:19 . 2008-11-19 16:19 dr------- c:\users\Gateway Customer\Searches
2008-11-19 16:19 . 2008-11-22 14:36 dr------- c:\users\Gateway Customer\Saved Games
2008-11-19 16:19 . 2008-11-29 16:11 dr------- c:\users\Gateway Customer\Pictures
2008-11-19 16:19 . 2008-11-22 22:24 dr------- c:\users\Gateway Customer\Music
2008-11-19 16:19 . 2008-11-19 16:19 dr------- c:\users\Gateway Customer\Links
2008-11-19 16:19 . 2008-11-30 15:28 dr------- c:\users\Gateway Customer\Downloads
2008-11-19 16:19 . 2008-11-30 14:24 dr------- c:\users\Gateway Customer\Documents
2008-11-19 16:19 . 2008-11-19 16:19 dr------- c:\users\Gateway Customer\Contacts
2008-11-19 16:19 . 2008-11-22 21:46 d-------- c:\users\Gateway Customer\AppData\Roaming\Symantec
2008-11-19 16:19 . 2006-11-02 06:37 d-------- c:\users\Gateway Customer\AppData\Roaming\Media Center Programs
2008-11-19 16:19 . 2008-11-19 16:19 d--h----- c:\users\Gateway Customer\AppData
2008-11-19 16:19 . 2008-11-29 15:14 d-------- c:\users\Gateway Customer
2008-11-19 16:14 . 2008-11-19 16:14 dr------- c:\windows\System32\config\systemprofile\Contacts
2008-11-07 14:23 . 2008-11-07 14:23 32,000 --a------ c:\windows\System32\drivers\usbaapl.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Sun Nov 30, 2008 9:44 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 05:09 --------- d-----w c:\programdata\Symantec
2008-11-29 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 03:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 18:39 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-26 18:39 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-26 18:39 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-26 18:39 --------- d-----w c:\program files\Symantec
2008-11-22 22:01 --------- d-----w c:\program files\Norton 360
2008-11-22 20:16 --------- d-----w c:\program files\Windows Mail
2008-11-22 05:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 05:33 --------- d-----w c:\programdata\Napster
2008-11-19 22:15 --------- d-sh--w c:\programdata\Templates
2008-11-19 22:15 --------- d-sh--w c:\programdata\Start Menu
2008-11-19 22:15 --------- d-sh--w c:\programdata\Favorites
2008-11-19 22:15 --------- d-sh--w c:\programdata\Documents
2008-11-19 22:15 --------- d-sh--w c:\programdata\Desktop
2008-11-19 22:15 --------- d-sh--w c:\programdata\Application Data
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-08-29 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-12 03:39 443,392 ----a-w c:\windows\System32\win32spl.dll
2008-08-02 03:26 36,864 ----a-w c:\windows\System32\cdd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 638976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-12 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 c:\windows\sttray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-18 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-05-12 2342912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AE5E6306-4887-4C27-A314-DB26F658F201}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BEAF430-32EF-4E4A-BE2D-88539449A047}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{03EE79A7-0ADC-44B5-AD18-917B9C39F689}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E7DBFD0F-5581-4BBF-8AAF-3BC0C9198BF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B2ACAC4-6603-4DB0-8761-AE9A40ACB28C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{64710517-E287-4848-B5BF-23347F3B194B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0DB21706-A233-4036-AC8F-3A60BD3B37F6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{EB449709-71FC-43B6-AC30-72BC812431BE}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{77DA65C6-7EE3-4F69-8439-57F17A16F7D8}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2008-05-12 7680]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081127.001\IDSvix86.sys [2008-11-29 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-12 2600960]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
R3 RTL8187Se;Realtek RTL8187S Wireless LAN PCIE Network Adapter;c:\windows\system32\DRIVERS\RTL8187Se.sys [2008-05-12 280576]
R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2008-05-12 47616]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-12 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Gateway Customer\AppData\Roaming\Mozilla\Firefox\Profiles\7uyt985p.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-30 03:40:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-30 3:41:57
ComboFix-quarantined-files.txt 2008-11-30 09:41:54

Pre-Run: 185,780,936,704 bytes free
Post-Run: 185,769,349,120 bytes free

222 --- E O F --- 2008-11-27 05:47:23

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Belahzur on Sun Nov 30, 2008 9:49 pm

Hello.
Log looks clean, your logs didn't show any of the usual signs of ispynow.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 2:21 am

oh ok well i am not confident that it is off there, unless combo got it off.. But thanks a lot Balahzur

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Belahzur on Mon Dec 01, 2008 2:27 am

Actually, combofix only deleted an .inf file, but I don't see any malware in the combofix log.
What makes you think your still infected?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 2:29 am

well nothing wierd is happening it just seems to easy lol, but if you think its gone i trust you. Thanks a ton!

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 3:12 am

OK one of my passwords just got changed....!!!

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 4:36 am

help plz

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Jerry Parnell on Mon Dec 01, 2008 4:49 am

What do you mean? What password? Was it on your computer or on the internet?



Click the button below if you would like to give this website a good rating on stumbleapon.




[You must be registered and logged in to see this link.]

Jerry Parnell
Leader
Leader

Status :
Online
Offline

Posts : 670
Joined : 2008-08-04
Gender : Male
OS : Windows Vista Home Basic
Points : 30694
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 5:04 am

just my myspace password was changed. i think this virus is still on my computer somewere

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Belahzur on Mon Dec 01, 2008 11:54 am

I think the opposite.
I know many people who love to phish myspace accounts, you probably visited a fake login page.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 2:06 pm

And my world of warcraft account just had its password changed

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Belahzur on Mon Dec 01, 2008 2:30 pm

I think you may have been phished, not keylogged.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Doctor Inferno on Mon Dec 01, 2008 2:35 pm

I found an article which might be useful.

[You must be registered and logged in to see this link.]

I doubt the virus has got anything to do with hacking your accounts, which malware writer would want to hack a warcraft account?


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64
Points : 104574
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by emericask8r92 on Mon Dec 01, 2008 9:52 pm

i guess so, thanks a bunch Belahzur and Doctor Inferno

emericask8r92
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2008-11-30
OS : Vista
Points : 29250
# Likes : 0

View user profile

Back to top Go down

Solved Re: spyware.ispynow removal plz

Post by Doctor Inferno on Mon Dec 08, 2008 10:42 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please start a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64
Points : 104574
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum