I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

View previous topic View next topic Go down

Solved I might as well join the club: Spyware.ISpynow INFECTED = Help por favor

Post by Coby™` on 1st December 2008, 10:58 pm

I'm sure you know how this affects the PC, but I will list my problems anyway
Bring it on

It has shut down every one of my Spyware and Anti-Virus programs and will not allow me to access any of them. It is also showing me the typical Windows Firewall warning and it redirects me to Defender 2009 (along those lines) webpage to download their fake program. Also, it has slowed the poo out of my computer. Any help would be great! Thanks in advance guys and gals. Bow or Thanks


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:38 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\drivers\svchost.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINNT\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINNT\System32\routing.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9991 bytes




Uninstall List:

Ad-Aware 2007
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
AVI Movie Player
BitComet 0.91
Bonjour
eFax Messenger 4.3
Free Video to iPhone Converter version 1.3
GameSpy Arcade
Gateway Drivers and Applications Recovery
Gateway IE Customizations
Gateway User's Guide
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intel(R) 537EP Data Fax Modem
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
K-Lite Codec Pack 3.3.0 Basic
Learn2 Player (Uninstall Only)
LimeWire PRO 4.14.8
LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Halo
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.18)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Panda ActiveScan
Practice of Statistics
PSP Toolkit 1.1
QuickTime
RealPlayer Basic
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sony Media Manager 2.0
SpeechRedist
Spy Sweeper
SpywareBlaster v3.5.1
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
Uninstall 1.0.0.0
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
WinAVI Video Converter
Windows XP Service Pack 3
WinRAR archiver






Evil or enraged

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 1st December 2008, 11:11 pm

Hello.
Press Start > Control Panel > Open "Add/remove programs"
Uninstall these programs by selecting each by clicking on the name, and press the "Remove" on the right side.

Java 2 Runtime Environment, SE v1.4.2
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Also note: - You are running two P2P programs, this is how many users get infected in the first place. If you want to remove them also, please do:

BitComet 0.91
LimeWire PRO 4.14.8




  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 1st December 2008, 11:59 pm

Okay, sorry this took so long, and thanks for the quick response!

I deleted the requested programs. I also ran ComboFix and here is the log:



ComboFix 08-12-01.01 - Owner 2008-12-01 18:41:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.197 [GMT -6:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\google\runhh6110411.exe
c:\documents and settings\Owner.GATEWAY-J3YCCZ4\nah_nmed.exe
c:\winnt\Downloaded Program Files\setup.inf
c:\winnt\pwisys.ini
c:\winnt\system32\_003845_.tmp.dll
c:\winnt\system32\_003846_.tmp.dll
c:\winnt\system32\_003847_.tmp.dll
c:\winnt\system32\_003848_.tmp.dll
c:\winnt\system32\_003853_.tmp.dll
c:\winnt\system32\_003854_.tmp.dll
c:\winnt\system32\_003855_.tmp.dll
c:\winnt\system32\_003856_.tmp.dll
c:\winnt\system32\_003863_.tmp.dll
c:\winnt\system32\_003864_.tmp.dll
c:\winnt\system32\_003865_.tmp.dll
c:\winnt\system32\_003867_.tmp.dll
c:\winnt\system32\_003868_.tmp.dll
c:\winnt\system32\_003871_.tmp.dll
c:\winnt\system32\_003872_.tmp.dll
c:\winnt\system32\_003874_.tmp.dll
c:\winnt\system32\_003875_.tmp.dll
c:\winnt\system32\_003876_.tmp.dll
c:\winnt\system32\_003877_.tmp.dll
c:\winnt\system32\_003878_.tmp.dll
c:\winnt\system32\cjmokxgh.ini
c:\winnt\system32\comsa32.sys
c:\winnt\system32\drivers\svchost.exe
c:\winnt\system32\drivers\TDSSrfct.sys
c:\winnt\system32\drmgs.sys
c:\winnt\system32\hvyqkkcy.ini
c:\winnt\system32\Install.txt
c:\winnt\system32\jicucrrp.ini
c:\winnt\system32\jyasftmj.ini
c:\winnt\system32\ljosciow.ini
c:\winnt\system32\mbhkggmu.ini
c:\winnt\system32\mwisys32_071219.dll
c:\winnt\system32\nqtwa.bak2
c:\winnt\system32\nqtwa.tmp
c:\winnt\system32\rnegfwsp.ini
c:\winnt\system32\rtmwrjmj.ini
c:\winnt\system32\TDSSayoa.log
c:\winnt\system32\TDSSedwv.dll
c:\winnt\system32\TDSSfvfe.dll
c:\winnt\system32\TDSSghvw.log
c:\winnt\system32\TDSSgnaq.dll
c:\winnt\system32\TDSShrii.dll
c:\winnt\system32\TDSSniro.dat
c:\winnt\system32\TDSSnmxh.log
c:\winnt\system32\TDSSrfhc.dll
c:\winnt\system32\TDSSxbae.dll
c:\winnt\system32\xhuvhlkj.ini

c:\winnt\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 18:37 . 2008-12-01 18:53 d-------- C:\-Combo-Fix-
2008-11-12 03:39 . 2008-09-04 11:15 1,106,944 -----c--- c:\winnt\system32\dllcache\msxml3.dll
2008-11-12 03:39 . 2008-10-24 05:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
2008-11-02 15:19 . 2008-11-02 15:19 d-------- c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\InstallShield
2008-11-02 15:03 . 2008-11-03 08:18 d-------- c:\program files\Ascentive
2008-11-02 15:03 . 2008-04-29 13:14 208,896 --a------ c:\winnt\system32\ConTest.dll
2008-11-02 15:03 . 2007-07-03 11:48 20,480 --a------ c:\winnt\system32\SysRestore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 00:28 --------- d-----w c:\program files\Viewpoint
2008-12-02 00:28 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Viewpoint
2008-12-01 23:38 --------- d-----w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\AVG7
2008-12-01 03:51 295,424 ----a-w c:\winnt\system32\termsrv.dll
2008-11-02 21:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 18:41 --------- d-----w c:\program files\Apple Software Update
2008-10-24 11:21 455,296 ----a-w c:\winnt\system32\drivers\mrxsmb.sys
2008-10-24 05:19 --------- d-----w c:\program files\iTunes
2008-10-24 05:19 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-24 05:18 --------- d-----w c:\program files\iPod
2008-10-24 05:17 --------- d-----w c:\program files\QuickTime
2008-10-24 05:17 --------- d-----w c:\program files\Bonjour
2008-10-24 05:16 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 05:12 --------- d-----w c:\program files\Safari
2008-09-30 22:43 1,286,152 ----a-w c:\winnt\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\winnt\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\winnt\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\winnt\system32\msxml3.dll
2008-08-15 21:48 24 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\jagex_runescape_preferences.dat
2008-01-10 00:39 0 ----a-w c:\program files\temp01
2007-12-23 20:24 374 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb6334.dat
2007-11-22 00:14 555 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb8467.dat
2007-11-22 00:14 18,432 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb41.dat
2007-05-23 21:39 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2007-09-14 22:16 2 --shatr c:\winnt\winstart.bat
.

------- Sigcheck -------

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\winnt\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\winnt\ServicePackFiles\i386\termsrv.dll
2004-08-04 01:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\winnt\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\termsrv.dll
2008-11-30 21:51 295424 63999d0abd8dabfd76a9c07f6e104868 c:\winnt\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 1310720]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-06-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2007-06-22 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2007-06-22 118784]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-25 219136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-08-01 629248]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-05 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-05 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55000:TCP"= 55000:TCP:BitComet 55000 TCP
"55000:UDP"= 55000:UDP:BitComet 55000 UDP

S3 CV2K1;CommView Network Monitor;c:\winnt\system32\DRIVERS\cv2k1.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\","d:\" []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\Mozilla\Firefox\Profiles\pwvsmxdq.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-01 18:49:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\program files\iPod\bin\iPodService.exe
c:\winnt\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-01 18:58:06 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-02 00:57:40
ComboFix2.txt 2007-12-29 06:04:10

Pre-Run: 32,229,187,584 bytes free
Post-Run: 32,134,967,296 bytes free

216 --- E O F --- 2008-11-12 19:07:57

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 2nd December 2008, 12:05 am

Hello.
That got most of it, just the Viewpoint folders leftover.
Frist though, I want you to scan these two files in bold:
c:\winnt\system32\SysRestore.dll
c:\winnt\system32\ConTest.dll
Upload them to here for scan
[You must be registered and logged in to see this link.]
Copy and paste the results back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 2nd December 2008, 12:26 am

Yes it seems to be running a bit more smooth.


ConTest.dll Scan:

File: ConTest.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: fa51be2bd376f4b73d50ae883255e462
Packers detected: -


Scan taken on 02 Dec 2008 00:20:57 (GMT)
A-Squared
Found nothing
AntiVir
Found SPR/Fake.SpeedUp

ArcaVir
Found nothing
Avast
Found Win32:Trojan-gen {Other}

AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found Win32/Adware.Ascentive application

Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


SysRestore.dll Scan:

File: SysRestore.dll
Status: OK
MD5: 2c10b592da12118cfd3b9de0aed4540e
Packers detected: -

Scan taken on 02 Dec 2008 00:24:11 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 2nd December 2008, 12:30 am

Hello.
Thank you for the report, lets get rid of leftovers.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\winnt\winstart.bat
c:\winnt\system32\ConTest.dll

Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users.WINNT\Application Data\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 2nd December 2008, 1:16 am

Sorry it took so long again. I stepped away to eat supper.

New ComboFix Log:


ComboFix 08-12-01.01 - Owner 2008-12-01 19:36:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.80 [GMT -6:00]
Running from: c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\winnt\system32\ConTest.dll
c:\winnt\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINNT\Application Data\Viewpoint
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Manager\NotifyData\header.gif
c:\program files\Viewpoint\Viewpoint Manager\NotifyData\no.gif
c:\program files\Viewpoint\Viewpoint Manager\NotifyData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\NotifyData\updates.html
c:\program files\Viewpoint\Viewpoint Manager\NotifyData\yes.gif
c:\program files\Viewpoint\Viewpoint Manager\Read_Me.txt
c:\program files\Viewpoint\Viewpoint Manager\VETscriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\winnt\system32\ConTest.dll
c:\winnt\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 19:34 . 2008-12-01 19:42 d-------- C:\-Combo-Fix-
2008-11-12 03:39 . 2008-09-04 11:15 1,106,944 -----c--- c:\winnt\system32\dllcache\msxml3.dll
2008-11-12 03:39 . 2008-10-24 05:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
2008-11-02 15:19 . 2008-11-02 15:19 d-------- c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\InstallShield
2008-11-02 15:03 . 2008-11-03 08:18 d-------- c:\program files\Ascentive
2008-11-02 15:03 . 2007-07-03 11:48 20,480 --a------ c:\winnt\system32\SysRestore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 23:38 --------- d-----w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\AVG7
2008-12-01 03:51 295,424 ----a-w c:\winnt\system32\termsrv.dll
2008-11-02 21:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 18:41 --------- d-----w c:\program files\Apple Software Update
2008-10-24 11:21 455,296 ----a-w c:\winnt\system32\drivers\mrxsmb.sys
2008-10-24 05:19 --------- d-----w c:\program files\iTunes
2008-10-24 05:19 --------- d-----w c:\documents and settings\All Users.WINNT\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-24 05:18 --------- d-----w c:\program files\iPod
2008-10-24 05:17 --------- d-----w c:\program files\QuickTime
2008-10-24 05:17 --------- d-----w c:\program files\Bonjour
2008-10-24 05:16 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 05:12 --------- d-----w c:\program files\Safari
2008-09-30 22:43 1,286,152 ----a-w c:\winnt\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\winnt\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\winnt\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\winnt\system32\msxml3.dll
2008-08-15 21:48 24 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\jagex_runescape_preferences.dat
2008-01-10 00:39 0 ----a-w c:\program files\temp01
2007-12-23 20:24 374 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb6334.dat
2007-11-22 00:14 555 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb8467.dat
2007-11-22 00:14 18,432 ----a-w c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Application Data\internaldb41.dat
2007-05-23 21:39 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
.

------- Sigcheck -------

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\winnt\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\winnt\ServicePackFiles\i386\termsrv.dll
2004-08-04 01:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\winnt\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\termsrv.dll
2008-11-30 21:51 295424 63999d0abd8dabfd76a9c07f6e104868 c:\winnt\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 1310720]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-06-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2007-06-22 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2007-06-22 118784]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-25 219136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\Owner.GATEWAY-J3YCCZ4\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-08-01 629248]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-05 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-05 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55000:TCP"= 55000:TCP:BitComet 55000 TCP
"55000:UDP"= 55000:UDP:BitComet 55000 UDP

S3 CV2K1;CommView Network Monitor;c:\winnt\system32\DRIVERS\cv2k1.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2008-11-23 c:\winnt\Tasks\wrSpySweeper_LEE52406E41534572AD1EF99F1A205DEE.job
- c:\","d:\" []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-01 19:41:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\WRLogonNTF.dll
.
Completion time: 2008-12-01 19:48:20
ComboFix-quarantined-files.txt 2008-12-02 01:47:02
ComboFix2.txt 2008-12-02 00:58:12
ComboFix3.txt 2007-12-29 06:04:10

Pre-Run: 32,158,601,216 bytes free
Post-Run: 32,129,101,824 bytes free

216 --- E O F --- 2008-11-12 19:07:57

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 2nd December 2008, 1:17 am

Looks good, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 2nd December 2008, 1:18 am

Nothing, it seems clear. Thanks for all the help! I appreciate it!

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 2nd December 2008, 1:20 am

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 2nd December 2008, 1:21 am

There is Java SE Runtime Environment (JRE) 6 Update 11 at the top. Is that okay?

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Belahzur on 2nd December 2008, 1:23 am

Oh, new update. Didn't know, sorry.
Yes, update 11 please. I need to edit my speech to reflect the change.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Coby™` on 2nd December 2008, 1:46 am

Okay. I successfully installed Java Update 11. When I ran JavaRa and clicked to remove older versions and let it run, it ran through many folders and then stopped. I received an error message stating that JavaRa has encountered a problem and was prompted to send an error report.

Coby™`
Novice
Novice

Posts Posts : 10
Joined Joined : 2008-12-01
OS OS : XP
Points Points : 29300
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I might as well join the club: Spyware.ISpynow INFECTED =\ Help por favor

Post by Doctor Inferno on 10th December 2008, 4:36 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum