WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedspyware.ispynow

more_horiz
spyware.ispynow Malware

I keep getting this popup message about spyware.ispynow. i've ran multiple virus scanners and it didnt pick anything up. can someone kindly help me out with this?

descriptionSolvedRe: spyware.ispynow

more_horiz
Please read this thread:
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm
And post a Hijack This log here.

descriptionSolvedRe: spyware.ispynow

more_horiz
ok, sorry about that. will do. thank you! Smile...

descriptionSolvedRe: spyware.ispynow

more_horiz
here's my hijackthis log:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:20 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Grant\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Grant\nah_uaoh.exe
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Grant\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5779 bytes

descriptionSolvedRe: spyware.ispynow

more_horiz
Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Grant\nah_uaoh.exe


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file in bold:
C:\Documents and Settings\Grant\nah_uaoh.exe

Next,


  • Download combofix from here, use the top links - combofix.exe
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    spyware.ispynow RcAuto1

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes

    spyware.ispynow Whatnext

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedRe: spyware.ispynow

more_horiz
here my combofix.txt:



ComboFix 08-11-28.02 - Grant 2008-11-28 19:35:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.444 [GMT -7:00]
Running from: c:\documents and settings\Grant\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danah Miles\Application Data\addon.dat
c:\documents and settings\Grant\Application Data\addon.dat
c:\documents and settings\Guest\Favorites\Online Security Test.url
c:\windows\system32\skinboxer43.dll
c:\windows\system32\unsvchosts.lzma

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winlogon.exe


.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-27 20:07 . 2008-11-27 20:07 d-------- c:\documents and settings\All Users\Application Data\Uniblue
2008-11-27 20:07 . 2008-10-26 02:01 20,232 --a------ c:\windows\SYSTEM32\AntiSpyNative64.exe
2008-11-27 20:07 . 2008-10-26 02:01 16,648 --a------ c:\windows\SYSTEM32\AntiSpyNative32.exe
2008-11-26 18:24 . 2008-11-26 18:25 d-------- c:\documents and settings\Danah Miles\Application Data\U3
2008-11-26 17:39 . 2007-09-05 23:22 289,144 --a------ c:\windows\SYSTEM32\VCCLSID.exe
2008-11-26 17:39 . 2006-04-27 16:49 288,417 --a------ c:\windows\SYSTEM32\SrchSTS.exe
2008-11-26 17:39 . 2008-10-01 14:51 87,552 --a------ c:\windows\SYSTEM32\VACFix.exe
2008-11-26 17:39 . 2008-10-10 07:58 82,944 --a------ c:\windows\SYSTEM32\o4Patch.exe
2008-11-26 17:39 . 2008-05-18 20:40 82,944 --a------ c:\windows\SYSTEM32\IEDFix.exe
2008-11-26 17:39 . 2008-10-10 07:58 82,944 --a------ c:\windows\SYSTEM32\IEDFix.C.exe
2008-11-26 17:39 . 2008-08-18 11:19 82,432 --a------ c:\windows\SYSTEM32\404Fix.exe
2008-11-26 17:39 . 2004-07-31 17:50 51,200 --a------ c:\windows\SYSTEM32\dumphive.exe
2008-11-26 17:39 . 2007-10-03 23:36 25,600 --a------ c:\windows\SYSTEM32\WS2Fix.exe
2008-11-26 17:39 . 2008-11-26 17:39 980 --a------ c:\windows\SYSTEM32\tmp.reg
2008-11-26 00:56 . 2008-11-26 00:56 2,002 --a------ c:\windows\Sysvxd.exe
2008-11-12 03:00 . 2008-11-12 03:00 d-------- c:\program files\MSXML 4.0
2008-11-10 12:57 . 2008-11-10 12:57 d-------- c:\program files\KORG Legacy
2008-11-10 12:57 . 2008-11-10 12:57 d-------- c:\program files\Common Files\KORG
2008-11-10 12:57 . 2008-11-10 12:57 d-------- c:\documents and settings\All Users\Application Data\KORG
2008-11-01 21:47 . 2008-11-01 21:47 d-------- c:\documents and settings\Grant\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 02:38 502,272 ----a-w c:\windows\SYSTEM32\winlogon.exe
2008-11-29 02:38 502,272 ----a-w c:\windows\SYSTEM32\DLLCACHE\winlogon.exe
2008-11-28 05:25 --------- d-----w c:\program files\Trillian
2008-11-27 05:00 --------- d-----w c:\program files\Google
2008-11-26 06:21 --------- d-----w c:\documents and settings\Grant\Application Data\Applied Acoustics Systems
2008-11-26 06:21 --------- d-----w c:\documents and settings\Grant\Application Data\Apple Computer
2008-11-26 06:21 --------- d-----w c:\documents and settings\Grant\Application Data\Amazon
2008-11-26 06:21 --------- d-----w c:\documents and settings\Grant\Application Data\AdobeUM
2008-11-26 06:21 --------- d-----w c:\documents and settings\Grant\Application Data\.csound
2008-11-26 06:17 295,424 ----a-w c:\windows\SYSTEM32\termsrv.dll
2008-11-23 18:38 --------- d-----w c:\program files\VstPlugins
2008-11-23 18:37 --------- d-----w c:\program files\Native Instruments
2008-11-23 17:27 --------- d-----w c:\program files\Cycling '74
2008-11-23 17:27 --------- d-----w c:\program files\Common Files\Cycling '74
2008-11-22 04:45 --------- d-----w c:\program files\Common Files\Native Instruments
2008-11-21 00:41 --------- d-----w c:\documents and settings\Grant\Application Data\uTorrent
2008-11-17 02:52 --------- d-----w c:\program files\Soulseek
2008-10-27 22:13 --------- d-----w c:\program files\PSP SpringVerb CM
2008-10-27 22:12 286,720 ----a-w c:\windows\iun506.exe
2008-10-26 06:28 --------- d-----w c:\documents and settings\Grant\Application Data\FabFilter
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 03:32 --------- d-----w c:\documents and settings\Grant\Application Data\OpenOffice.org2
2008-10-23 03:30 410,976 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-10-23 03:30 --------- d-----w c:\program files\Java
2008-10-15 16:57 332,800 ----a-w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-13 20:52 --------- d-----w c:\program files\u-he
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-06-17 03:58 23,741 ---h--w c:\documents and settings\Danah Miles\Application Data\svchost.dat
2008-06-14 21:56 23,741 ---h--w c:\documents and settings\Grant\Application Data\svchost.dat
2005-08-10 03:05 184,808 ----a-w c:\documents and settings\Danah Miles\Application Data\shb.dat
2005-02-21 21:24 4,086 -c--a-w c:\program files\uninstal.log
2006-11-30 05:01 848 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"HPsetm"="c:\documents and settings\Grant\Application Data\Google\ijdkq13324484.exe" [2008-11-25 102912]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-10-26 1431816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-22 136600]

c:\documents and settings\Grant\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-09-21 3444008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-25 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-25 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"lxdc_device"=2 (0x2)
"lxdcCATSCustConnectService"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-21 97928]
R1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [2001-12-19 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-21 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-21 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-21 76040]
S3 FileObjInfo;STFileDriver; []
S3 UKS11LDR;M-Audio USB Keystation Loader; []
S3 USBKT1X1;M-Audio USB Keystation; []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C6CD287-8014-A45C-118B-A96EBA6516BF}]
c:\windows\system32\system32\vtimer.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD}]
c:\windows\system32\setup\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-24 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-08-16 08:02]

2008-08-26 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-08-16 08:02]

2008-11-28 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-26 02:01]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Grant\Application Data\Mozilla\Firefox\Profiles\egt2p3sd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npitunes.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npmusicn.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:41:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\IMAPI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\snmp.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2008-11-28 19:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 02:46:55

Pre-Run: 4,561,821,696 bytes free
Post-Run: 4,875,825,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

222 --- E O F --- 2008-11-27 21:29:00

descriptionSolvedRe: spyware.ispynow

more_horiz
Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

descriptionSolvedRe: spyware.ispynow

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

descriptionSolvedRe: spyware.ispynow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum