Spyware.ISpyNow

View previous topic View next topic Go down

Solved Spyware.ISpyNow

Post by jZaMeS on 2nd December 2008, 7:32 am

yes i have been infected... i can't even go to certain sites on the net because they fail to load. it says it lost connection to the internet. the microsoft update page... the trendmicro page... mcafee, everything. basicly the virus or whatever it is i have won't let me download anything to fix it... the fake security center pop up keeps popping up... it has also corrupted my games... world of warcraft and combat arms.... luckily i already have HijackThis installed and it works. someone please help Smile.

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Doctor Inferno on 2nd December 2008, 7:39 am

Hello there, welcome to GeekPolice.

Please read this topic first:

[You must be registered and logged in to see this link.]

Followed by posting a HijackThis log.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by jZaMeS on 2nd December 2008, 7:44 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:26 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\david\Application Data\Google\ijdkq13324484.exe"
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 3595 bytes


uninstall log

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
Ares 2.0.9
ATI Control Panel
ATI Display Driver
Combat Arms
Dell Driver Reset Tool
Dell Support 3.1
DivX 5.0.2 Bundle
DivX Content Uploader
DivX Web Player
EducateU
ELIcon
GTOneCare
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Protection Service
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft WinUsb 1.0
Modem Event Monitor
Modem On Hold
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
PowerDVD 5.5
PX Engine
QuickTime
Registry Mechanic 8.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.1
TeamSpeak 2 RC2
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Ventrilo Server
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Live installer
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
World of Warcraft
Zune
Zune

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Belahzur on 2nd December 2008, 10:04 am

Hello.
There is malware showing, so lets get started.



  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\david\Application Data\Google\ijdkq13324484.exe"


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file in bold:
C:\Documents and Settings\david\Application Data\Google\ijdkq13324484.exe


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved combofix

Post by jZaMeS on 2nd December 2008, 2:43 pm

ComboFix 08-12-01.01 - david 2008-12-02 7:35:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.924 [GMT -7:00]
Running from: c:\program files\-Combo-Fix-.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\david\nah_log.dat
c:\documents and settings\david\nah_tdby.exe
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSthym.log
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 07:31 . 2008-12-02 07:36 d-------- C:\-Combo-Fix-
2008-12-02 06:56 . 2008-12-02 06:56 d-------- c:\program files\Windows Defender
2008-12-02 05:53 . 2008-12-02 05:53 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-02 04:42 . 2008-12-02 04:42 7,645,120 --a------ c:\program files\windows-kb890830-v2.4.exe
2008-12-02 03:15 . 2008-12-02 03:15 d-------- c:\program files\Lavasoft
2008-12-02 03:05 . 2008-12-02 03:41 3,056,371 -ra------ c:\program files\-Combo-Fix-.exe
2008-12-01 21:40 . 2008-04-13 17:11 1,689,088 ---h---t- c:\windows\system32\3a6e084.dll
2008-12-01 08:28 . 2008-12-01 08:28 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 05:27 . 2008-04-13 17:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-01 05:27 . 2004-08-10 04:00 113,222 --a------ c:\windows\system32\dllcache\zoneclim.dll
2008-12-01 05:27 . 2004-08-10 04:00 41,029 --a------ c:\windows\system32\dllcache\zcorem.dll
2008-12-01 05:27 . 2004-08-10 04:00 36,937 --a------ c:\windows\system32\dllcache\zclientm.exe
2008-12-01 05:27 . 2004-08-10 04:00 29,760 --a------ c:\windows\system32\dllcache\znetm.dll
2008-12-01 05:27 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-01 05:27 . 2008-04-13 17:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2008-12-01 05:27 . 2004-08-10 04:00 13,894 --a------ c:\windows\system32\dllcache\zonelibm.dll
2008-12-01 05:27 . 2004-08-10 04:00 4,677 --a------ c:\windows\system32\dllcache\zeeverm.dll
2008-12-01 05:26 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2008-12-01 05:26 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2008-12-01 05:26 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2008-12-01 05:26 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2008-12-01 05:25 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys
2008-12-01 05:25 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys
2008-12-01 05:25 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2008-12-01 05:25 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2008-12-01 05:25 . 2008-04-13 11:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2008-12-01 05:25 . 2008-04-13 17:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2008-12-01 05:23 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2008-12-01 05:22 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2008-12-01 05:21 . 2001-08-17 14:01 241,664 --a------ c:\windows\system32\dllcache\tosdvd02.sys
2008-12-01 05:21 . 2001-08-17 14:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys
2008-12-01 05:21 . 2001-08-17 12:14 123,995 --a------ c:\windows\system32\dllcache\tjisdn.sys
2008-12-01 05:21 . 2008-04-13 17:12 82,944 --a------ c:\windows\system32\dllcache\tp4mon.exe
2008-12-01 05:21 . 2001-08-17 22:35 42,496 --a------ c:\windows\system32\dllcache\tp4res.dll
2008-12-01 05:21 . 2001-08-17 12:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys
2008-12-01 05:21 . 2001-08-17 22:36 31,744 --a------ c:\windows\system32\dllcache\tp4.dll
2008-12-01 05:21 . 2001-08-17 12:10 28,232 --a------ c:\windows\system32\dllcache\tos4mo.sys
2008-12-01 05:20 . 2004-08-10 04:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll
2008-12-01 05:20 . 2008-04-13 11:40 149,376 --a------ c:\windows\system32\dllcache\tffsport.sys
2008-12-01 05:20 . 2001-08-17 12:51 138,528 --a------ c:\windows\system32\dllcache\tgiulnt5.sys
2008-12-01 05:20 . 2001-08-17 14:56 81,408 --a------ c:\windows\system32\dllcache\tgiul50.dll
2008-12-01 05:20 . 2004-08-10 04:00 19,464 --a------ c:\windows\system32\dllcache\tdspx.sys
2008-12-01 05:19 . 2001-08-17 12:13 37,961 --a------ c:\windows\system32\dllcache\tdk100b.sys
2008-12-01 05:19 . 2001-08-17 13:49 30,464 --a------ c:\windows\system32\dllcache\tbatm155.sys
2008-12-01 05:19 . 2004-08-10 04:00 21,896 --a------ c:\windows\system32\dllcache\tdipx.sys
2008-12-01 05:19 . 2001-08-17 12:13 17,129 --a------ c:\windows\system32\dllcache\tdkcd31.sys
2008-12-01 05:19 . 2004-08-10 04:00 13,192 --a------ c:\windows\system32\dllcache\tdasync.sys
2008-12-01 05:19 . 2001-08-17 13:52 7,040 --a------ c:\windows\system32\dllcache\tandqic.sys
2008-12-01 05:18 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2008-12-01 05:18 . 2001-08-17 22:36 94,293 --a------ c:\windows\system32\dllcache\sxports.dll
2008-12-01 05:18 . 2001-08-17 12:50 36,640 --a------ c:\windows\system32\dllcache\t2r4mini.sys
2008-12-01 05:17 . 2001-08-17 13:50 103,936 --a------ c:\windows\system32\dllcache\sx.sys
2008-12-01 05:17 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\sw_wheel.dll
2008-12-01 05:17 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpidflt.dll
2008-12-01 05:17 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpdflt2.dll
2008-12-01 05:17 . 2001-08-17 14:02 3,968 --a------ c:\windows\system32\dllcache\swusbflt.sys
2008-12-01 05:16 . 2001-08-17 22:36 155,648 --a------ c:\windows\system32\dllcache\stlnprop.dll
2008-12-01 05:16 . 2001-08-17 22:36 53,248 --a------ c:\windows\system32\dllcache\stlncoin.dll
2008-12-01 05:16 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll
2008-12-01 05:15 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys
2008-12-01 05:15 . 2001-08-17 13:51 16,896 --a------ c:\windows\system32\dllcache\stcusb.sys
2008-12-01 05:15 . 2004-08-10 04:00 16,896 --a------ c:\windows\system32\dllcache\status.dll
2008-12-01 05:14 . 2004-08-10 04:00 101,376 --a------ c:\windows\system32\dllcache\srusbusd.dll
2008-12-01 05:14 . 2001-08-17 22:36 99,328 --a------ c:\windows\system32\dllcache\srusd.dll
2008-12-01 05:14 . 2001-08-17 12:11 48,736 --a------ c:\windows\system32\dllcache\srwlnd5.sys
2008-12-01 05:13 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2008-12-01 05:13 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2008-12-01 05:13 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2008-12-01 05:12 . 2001-08-17 22:36 114,688 --a------ c:\windows\system32\dllcache\sonypi.dll
2008-12-01 05:12 . 2001-08-17 12:51 37,040 --a------ c:\windows\system32\dllcache\sonypi.sys
2008-12-01 05:12 . 2001-08-17 12:51 20,752 --a------ c:\windows\system32\dllcache\sonync.sys
2008-12-01 05:12 . 2001-08-17 13:53 9,600 --a------ c:\windows\system32\dllcache\sonymc.sys
2008-12-01 05:12 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2008-12-01 05:11 . 2001-08-17 12:51 58,368 --a------ c:\windows\system32\dllcache\smiminib.sys
2008-12-01 05:11 . 2004-08-10 04:00 15,872 --a------ c:\windows\system32\dllcache\smierrsm.dll
2008-12-01 05:11 . 2001-08-17 22:36 12,288 --a------ c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2008-12-01 05:11 . 2004-08-10 04:00 10,240 --a------ c:\windows\system32\dllcache\snmpstup.dll
2008-12-01 05:11 . 2008-04-13 11:40 7,552 --a------ c:\windows\system32\dllcache\sonyait.sys
2008-12-01 05:11 . 2001-08-17 22:36 7,168 --a------ c:\windows\system32\dllcache\EXCH_snprfdll.dll
2008-12-01 05:11 . 2001-08-17 13:53 7,040 --a------ c:\windows\system32\dllcache\snyaitmc.sys
2008-12-01 05:11 . 2004-08-10 04:00 5,632 --a------ c:\windows\system32\dllcache\smimsgif.dll
2008-12-01 05:11 . 2004-08-10 04:00 5,632 --a------ c:\windows\system32\dllcache\smierrsy.dll
2008-12-01 05:10 . 2001-08-17 14:56 147,200 --a------ c:\windows\system32\dllcache\smidispb.dll
2008-12-01 05:10 . 2001-08-17 12:10 35,913 --a------ c:\windows\system32\dllcache\smcirda.sys
2008-12-01 05:10 . 2001-08-17 12:12 25,034 --a------ c:\windows\system32\dllcache\smcpwr2n.sys
2008-12-01 05:10 . 2001-08-17 12:12 24,576 --a------ c:\windows\system32\dllcache\smc8000n.sys
2008-12-01 05:10 . 2008-04-13 11:36 6,912 --a------ c:\windows\system32\dllcache\smbclass.sys
2008-12-01 05:10 . 2001-08-17 13:57 6,784 --a------ c:\windows\system32\dllcache\smbhc.sys
2008-12-01 05:09 . 2001-08-17 22:36 45,568 --a------ c:\windows\system32\dllcache\smb3w.dll
2008-12-01 05:09 . 2001-08-17 22:36 33,792 --a------ c:\windows\system32\dllcache\smb0w.dll
2008-12-01 05:09 . 2004-08-10 04:00 31,744 --a------ c:\windows\system32\dllcache\smb6w.dll
2008-12-01 05:09 . 2004-08-10 04:00 31,744 --a------ c:\windows\system32\dllcache\sma3w.dll
2008-12-01 05:09 . 2008-04-13 11:36 16,000 --a------ c:\windows\system32\dllcache\smbbatt.sys
2008-12-01 05:07 . 2001-08-17 12:12 94,698 --a------ c:\windows\system32\dllcache\sk98xwin.sys
2008-12-01 05:07 . 2001-08-17 12:12 91,294 --a------ c:\windows\system32\dllcache\skfpwin.sys
2008-12-01 05:06 . 2001-08-17 22:36 238,592 --a------ c:\windows\system32\dllcache\sisgrv.dll
2008-12-01 05:06 . 2001-08-17 14:56 157,696 --a------ c:\windows\system32\dllcache\sisv256.dll
2008-12-01 05:06 . 2001-08-17 12:50 50,432 --a------ c:\windows\system32\dllcache\sisv.sys
2008-12-01 05:06 . 2004-08-03 22:31 32,768 --a------ c:\windows\system32\dllcache\sisnic.sys
2008-12-01 05:05 . 2001-08-17 14:56 150,144 --a------ c:\windows\system32\dllcache\sis6306v.dll
2008-12-01 05:05 . 2001-08-17 12:50 104,064 --a------ c:\windows\system32\dllcache\sisgrp.sys
2008-12-01 05:05 . 2001-08-17 12:50 68,608 --a------ c:\windows\system32\dllcache\sis6306p.sys
2008-12-01 05:04 . 2004-08-10 04:00 2,178,131 --a------ c:\windows\system32\dllcache\shvlres.dll
2008-12-01 05:04 . 2001-08-17 14:56 252,032 --a------ c:\windows\system32\dllcache\sis300iv.dll
2008-12-01 05:04 . 2001-08-17 12:50 101,760 --a------ c:\windows\system32\dllcache\sis300ip.sys
2008-12-01 05:04 . 2004-08-10 04:00 66,113 --a------ c:\windows\system32\dllcache\shvl.dll
2008-12-01 05:04 . 2004-08-10 04:00 42,573 --a------ c:\windows\system32\dllcache\shvlzm.exe
2008-12-01 05:03 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2008-12-01 05:03 . 2001-07-21 14:29 161,568 --a------ c:\windows\system32\dllcache\sgsmusb.sys
2008-12-01 05:03 . 2001-08-17 12:51 98,080 --a------ c:\windows\system32\dllcache\sgiulnt5.sys
2008-12-01 05:03 . 2001-07-21 14:29 18,400 --a------ c:\windows\system32\dllcache\sgsmld.sys
2008-12-01 05:02 . 2001-08-17 12:19 36,480 --a------ c:\windows\system32\dllcache\sfmanm.sys
2008-12-01 05:02 . 2001-08-17 22:36 26,112 --a------ c:\windows\system32\dllcache\EXCH_seos.dll
2008-12-01 05:02 . 2001-08-17 13:48 17,664 --a------ c:\windows\system32\dllcache\sermouse.sys
2008-12-01 05:02 . 2001-08-17 13:53 6,912 --a------ c:\windows\system32\dllcache\seaddsmc.sys
2008-12-01 05:02 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-01 05:01 . 2001-08-17 22:36 57,856 --a------ c:\windows\system32\dllcache\EXCH_scripto.dll
2008-12-01 05:01 . 2001-08-17 13:51 17,280 --a------ c:\windows\system32\dllcache\scr111.sys
2008-12-01 05:01 . 2001-08-17 13:51 16,640 --a------ c:\windows\system32\dllcache\scmstcs.sys
2008-12-01 05:01 . 2001-08-17 13:52 11,648 --a------ c:\windows\system32\dllcache\scsiprnt.sys
2008-12-01 05:01 . 2008-04-13 11:45 11,520 --a------ c:\windows\system32\dllcache\scsiscan.sys
2008-12-01 05:00 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2008-12-01 05:00 . 2008-04-13 11:40 43,904 --a------ c:\windows\system32\dllcache\sbp2port.sys
2008-12-01 05:00 . 2001-08-17 13:51 23,936 --a------ c:\windows\system32\dllcache\sccmusbm.sys
2008-12-01 05:00 . 2001-08-17 13:51 23,936 --a------ c:\windows\system32\dllcache\sccmn50m.sys

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved combofix (continued)

Post by jZaMeS on 2nd December 2008, 2:44 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 14:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 14:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 14:08 --------- d-----w c:\program files\SpywareBlaster
2008-12-02 13:11 90,112 ----a-w c:\windows\DUMP2c4f.tmp
2008-12-02 13:05 90,112 ----a-w c:\windows\DUMP4536.tmp
2008-12-02 12:46 90,112 ----a-w c:\windows\DUMP399e.tmp
2008-12-02 12:42 90,112 ----a-w c:\windows\DUMP3eed.tmp
2008-12-02 12:41 90,112 ----a-w c:\windows\DUMP38e2.tmp
2008-12-02 12:39 90,112 ----a-w c:\windows\DUMP3da5.tmp
2008-12-02 12:08 5,154,304 ----a-w c:\program files\WindowsDefender.msi
2008-12-02 10:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-02 05:09 --------- d-----w c:\program files\World of Warcraft
2008-12-01 15:28 --------- d-----w c:\program files\Java
2008-11-26 07:25 --------- d-----w c:\documents and settings\david\Application Data\Corel
2008-11-26 07:25 --------- d-----w c:\documents and settings\david\Application Data\Apple Computer
2008-11-26 07:25 --------- d-----w c:\documents and settings\david\Application Data\AdobeUM
2008-11-26 07:25 --------- d-----w c:\documents and settings\david\Application Data\AdobeAUM
2008-11-25 23:44 --------- d-----w c:\program files\Dell
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-21 20:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 06:47 --------- d-----w c:\program files\QuickTime
2008-10-20 06:46 --------- d-----w c:\program files\Common Files\Apple
2008-10-20 06:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-20 06:44 --------- d-----w c:\program files\Apple Software Update
2008-10-20 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-20 06:43 27,288,880 ----a-w c:\program files\QuickTimeInstaller.exe
2008-10-20 06:37 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 22:21 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-06 10:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-06 10:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-06 10:28 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-06 06:49 --------- d-----w c:\program files\Zune
2008-10-04 09:30 --------- d-----w c:\program files\Common Files\Real
2008-10-04 06:00 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-04 04:35 1,144,400 ----a-w c:\program files\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 20:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-02 12:53 --------- d-----w c:\documents and settings\david\Application Data\HouseCall 6.6
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-13 01:48 245,664 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-09-13 01:46 61,856 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-09-13 01:32 73,216 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-09-13 01:32 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-09-13 01:32 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-09-13 01:32 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-09-13 01:32 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-09-13 01:32 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
2008-09-11 10:39 7,520 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\dllcache\srv.sys
2008-09-06 06:23 508,411 ----a-w c:\program files\Decursive-2.2.0.zip
2008-09-05 11:47 1,206,366 ----a-w c:\program files\wrar371.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-08 07:21 2,400,784 ----a-w c:\program files\WLinstaller.exe
2008-07-27 17:13 812,344 ----a-w c:\program files\HJTInstall.exe
2008-07-27 15:00 2,869,536 ----a-w c:\program files\spywareblastersetup41.exe
2008-07-27 14:54 19,153,264 ----a-w c:\program files\aaw2008.exe
2008-07-27 14:53 15,083,520 ----a-w c:\program files\spybotsd160.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_ 6.43.09.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-02 10:59:10 64,200 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-02 13:42:23 64,200 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-02 10:59:20 407,670 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-02 13:42:23 407,670 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^david^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2008-07-29 23:59 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 13:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPsetm]
c:\documents and settings\david\Application Data\Google\ijdkq13324484.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2008-07-29 23:59 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2008-07-29 23:59 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2008-07-29 23:59 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
--a------ 2004-04-06 19:05 61440 c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 18:46 160160 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2008-07-30 00:00 339968 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Alerter"=3 (0x3)
"Messenger"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:wow2
"6999:TCP"= 6999:TCP:gggg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys []

*Newly Created Service* - WINDEFEND
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-USBToolTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\david\Application Data\Mozilla\Firefox\Profiles\8cm2vhdb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-02 07:36:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aawservice]
"ImagePath"="\"c:\program files\Lavasoft\Ad-Aware\aawservice.exe\""
.
Completion time: 2008-12-02 7:39:04
ComboFix-quarantined-files.txt 2008-12-02 14:38:22

Pre-Run: 34,509,049,856 bytes free
Post-Run: 34,489,331,712 bytes free

367 --- E O F --- 2008-11-13 04:10:31

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Belahzur on 2nd December 2008, 3:55 pm

Hello.
Looks good.
What problems remain?

Press Start > Control Panel > open "Add/remove programs"
Allow the list to load, and uninstall the following by selecting each one and pressing the "Remove" button on the right.

J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Viewpoint Media Player


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Thanks a bunch!

Post by jZaMeS on 2nd December 2008, 4:58 pm

seems to run good so far other than it still locks up pretty easily and goes to this blue screen saying something about a process or thread being terminated unexpectedly.... any advice on that?

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Belahzur on 2nd December 2008, 5:02 pm

Can you post more detail? like the stop error code?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by jZaMeS on 2nd December 2008, 5:16 pm

is there any way for me to get access to it without making my computer freeze again? Smile

jZaMeS
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-02
OS OS : xp media center edition sp3
Points Points : 29310
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Belahzur on 2nd December 2008, 5:20 pm

See if you can trigger the error again, otherwise we can try to see if the eventvwr will show why.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware.ISpyNow

Post by Doctor Inferno on 9th December 2008, 2:38 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum