WiredWX Hobby Weather ToolsLog in

 


I have been infected with the Spyware.Ispynow

3 posters

descriptionSolvedI have been infected with the Spyware.Ispynow

more_horiz
yes, I too have been infected. Here is the Log Hijackthis came up with. Please tell me where I should go and what I should do from here thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:03 AM, on 11/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Perfect Defender 2009\pdmonitor.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Spencer\AppData\Roaming\Google\dvvm.exe
C:\Program Files\Perfect Defender 2009\pdfndr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\mspaint.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] "C:\Dell\E-Center\EULALauncher.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] "C:\Windows\OEM02Mon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "C:\Windows\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HPsetm] "C:\Users\Spencer\AppData\Roaming\Google\dvvm.exe"
O4 - HKCU\..\Run: [Perfect Defender 2009] "C:\Program Files\Perfect Defender 2009\pdfndr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10914 bytes

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [HPsetm] "C:\Users\Spencer\AppData\Roaming\Google\dvvm.exe"
    O4 - HKCU\..\Run: [Perfect Defender 2009] "C:\Program Files\Perfect Defender 2009\pdfndr.exe"


  • Press "Fix Checked"
  • Close Hijack This.


Delete these files/folder in bold:
C:\Users\Spencer\AppData\Roaming\Google\dvvm.exe <== file
C:\Program Files\Perfect Defender 2009 <== folder


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts, but select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
My computer will not allow me to delete dvvm.exe it keeps saying I have to have "permission" to delete it. Also, when I run a scan on Hijackthis, it says I have been denied access to the hosts files. please help.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Right click Hijack This executable > select Run as administrator
Try the fix again.

Can you try to run combofix?

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
sorry for the delay in responding, I had a meeting. Anyways I ran Hijackthis as administrator clicked to fix it, and then went toC:\Users\Spencer\AppData\Roaming\Google\dvvm.exe and it still tells me I need permission to delete it and it refuses to go away. IT is still stuck.

Last edited by Waywishes on 29th November 2008, 11:11 pm; edited 1 time in total

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Hello.
Okay, skip HJT.
Could you try to run combofix please?

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
ok. I have what appers to be combofix running and a blue box has appeared.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Okay.
I will be waiting.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
alright here is the log that combofix has come up with
ComboFix 08-11-29.03 - Spencer 2008-11-29 17:14:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.991 [GMT -6:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- c:\users\Default.LOG2
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- c:\users\Default.LOG1
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- C:\ProgramData.LOG2
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- C:\ProgramData.LOG1
2008-11-29 03:34 . 2008-11-29 03:34 d-------- c:\program files\Trend Micro
2008-11-28 19:39 . 2008-11-28 19:39 d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-28 19:39 . 2008-11-28 19:39 d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-28 19:38 . 2008-11-28 19:38 d-------- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
2008-11-28 19:38 . 2008-11-28 19:38 d-------- c:\program files\SUPERAntiSpyware
2008-11-28 19:37 . 2008-11-28 19:37 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-28 15:10 . 2008-11-29 03:52 d-a------ c:\users\All Users\TEMP
2008-11-28 15:10 . 2008-11-29 03:52 d-a------ c:\programdata\TEMP
2008-11-28 07:25 . 2008-11-28 07:25 d-------- C:\Binaries
2008-11-28 07:24 . 2008-11-28 07:24 d-------- c:\program files\AskSBar
2008-11-28 07:18 . 2008-11-28 07:18 164 --a------ C:\install.dat
2008-11-28 06:22 . 2008-11-29 10:17 d-------- c:\program files\Perfect Defender 2009
2008-11-25 18:47 . 2008-10-20 23:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:47 . 2008-08-27 21:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:47 . 2008-08-27 21:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:47 . 2008-08-27 21:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:47 . 2008-10-21 21:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:47 . 2008-10-21 21:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:47 . 2008-10-21 21:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-13 13:01 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-13 13:01 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-13 13:01 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-13 13:01 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-13 13:00 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-13 13:00 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-13 13:00 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-13 12:59 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-13 12:59 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-11 23:38 . 2008-09-09 21:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-11 23:38 . 2008-09-04 22:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-11 23:38 . 2008-08-25 19:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 23:38 . 2008-09-09 21:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-11 23:38 . 2008-09-04 22:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-10-29 01:56 . 2008-08-11 21:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 01:56 . 2008-08-11 21:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 22:58 --------- d-----w c:\users\Spencer\AppData\Roaming\LimeWire
2008-11-27 23:21 --------- d-----w c:\users\Spencer\AppData\Roaming\InstallShield
2008-10-26 01:19 --------- d-----w c:\program files\World of Warcraft
2008-10-26 00:42 --------- d-----w c:\programdata\Blizzard
2008-10-15 08:10 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 19:43 174 --sha-w c:\program files\desktop.ini
2008-05-09 18:35 858 ----a-w c:\users\Spencer\AppData\Roaming\wklnhst.dat
2008-01-18 22:09 76 --sh--r c:\windows\CT4CET.bin
2008-05-17 08:22 952 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-11-28 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-28 07:24 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"HPsetm"="c:\users\Spencer\AppData\Roaming\Google\dvvm.exe" [2008-11-27 107008]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-27 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-14 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-14 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-24 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-18 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C422A6F-BBD1-4F55-BDEF-5C4D6C06762C}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{706CD5C4-E695-4E57-82A4-00C249C2B8D7}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{FBAA2A3D-AAA2-44B4-B40F-73C0F093A531}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A78DA785-6A20-40B3-AEE6-011CF43CF04D}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{48775B5D-5475-48AB-A4F2-8B9F477A6C73}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{368DBEA0-7AB9-499D-A65A-D59F9C614282}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{78A20ACC-6B0F-42D9-8BEE-7E94A435464D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-18 73728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-01-18 111104]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-01-18 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-01-18 7424]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-18 29744]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2008-01-18 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run- - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\xecjmje7.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 17:19:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4160)
c:\program files\Perfect Defender 2009\pd.dll
.
Completion time: 2008-11-29 17:21:33
ComboFix-quarantined-files.txt 2008-11-29 23:21:28

Pre-Run: 51,810,607,104 bytes free
Post-Run: 51,783,012,352 bytes free

186 --- E O F --- 2008-11-26 09:01:22

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Hello.
This should kill it.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\users\Spencer\AppData\Roaming\Google\dvvm.exe

Folder::
c:\program files\Perfect Defender 2009

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPsetm"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
I have been infected with the Spyware.Ispynow Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
here is the first half

ComboFix 08-11-29.03 - Spencer 2008-11-29 17:30:57.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.967 [GMT -6:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\users\Spencer\AppData\Roaming\Google\dvvm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Perfect Defender 2009
c:\program files\Perfect Defender 2009\pd.dll
c:\program files\Perfect Defender 2009\pdmonitor.exe
c:\users\Spencer\AppData\Roaming\Google\dvvm.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- c:\users\Default.LOG2
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- c:\users\Default.LOG1
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- C:\ProgramData.LOG2
2008-11-29 04:09 . 2008-11-29 04:09 0 --ah----- C:\ProgramData.LOG1
2008-11-29 03:34 . 2008-11-29 03:34 d-------- c:\program files\Trend Micro
2008-11-28 19:39 . 2008-11-28 19:39 d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-28 19:39 . 2008-11-28 19:39 d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-28 19:38 . 2008-11-28 19:38 d-------- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
2008-11-28 19:38 . 2008-11-28 19:38 d-------- c:\program files\SUPERAntiSpyware
2008-11-28 19:37 . 2008-11-28 19:37 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-28 15:10 . 2008-11-29 03:52 d-a------ c:\users\All Users\TEMP
2008-11-28 15:10 . 2008-11-29 03:52 d-a------ c:\programdata\TEMP
2008-11-28 07:25 . 2008-11-28 07:25 d-------- C:\Binaries
2008-11-28 07:24 . 2008-11-28 07:24 d-------- c:\program files\AskSBar
2008-11-28 07:18 . 2008-11-28 07:18 164 --a------ C:\install.dat
2008-11-25 18:47 . 2008-10-20 23:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:47 . 2008-08-27 21:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:47 . 2008-08-27 21:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:47 . 2008-08-27 21:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:47 . 2008-10-21 21:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:47 . 2008-10-21 21:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:47 . 2008-10-21 21:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-13 13:01 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-13 13:01 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-13 13:01 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-13 13:01 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-13 13:00 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-13 13:00 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-13 13:00 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-13 12:59 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-13 12:59 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-11 23:38 . 2008-09-09 21:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-11 23:38 . 2008-09-04 22:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-11 23:38 . 2008-08-25 19:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 23:38 . 2008-09-09 21:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-11 23:38 . 2008-09-04 22:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-10-29 01:56 . 2008-08-11 21:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 01:56 . 2008-08-11 21:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 22:58 --------- d-----w c:\users\Spencer\AppData\Roaming\LimeWire
2008-11-27 23:21 --------- d-----w c:\users\Spencer\AppData\Roaming\InstallShield
2008-10-26 01:19 --------- d-----w c:\program files\World of Warcraft
2008-10-26 00:42 --------- d-----w c:\programdata\Blizzard
2008-10-15 08:10 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 19:43 174 --sha-w c:\program files\desktop.ini
2008-05-09 18:35 858 ----a-w c:\users\Spencer\AppData\Roaming\wklnhst.dat
2008-01-18 22:09 76 --sh--r c:\windows\CT4CET.bin
2008-05-17 08:22 952 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-29_17.20.27.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-29 23:19:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-29 23:36:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-11-29 23:19:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-29 23:36:43 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-29 22:59:54 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-29 23:34:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-29 22:59:54 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-29 23:34:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-29 22:59:54 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-29 23:34:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-29 22:59:37 8,228 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1998363468-347673385-3037537117-1000_UserData.bin
+ 2008-11-29 23:38:15 8,482 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1998363468-347673385-3037537117-1000_UserData.bin
- 2008-11-29 22:59:35 63,056 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-29 23:38:15 63,222 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-29 22:59:32 36,630 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-29 23:38:11 36,920 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-11-28 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-28 07:24 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-27 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-14 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-14 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-24 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-18 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
here is the second half
ComboFix 08-11-29.03 - Spencer 2008-11-29 17:30:57.2 - NTFSx86

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C422A6F-BBD1-4F55-BDEF-5C4D6C06762C}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{706CD5C4-E695-4E57-82A4-00C249C2B8D7}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{FBAA2A3D-AAA2-44B4-B40F-73C0F093A531}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A78DA785-6A20-40B3-AEE6-011CF43CF04D}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{48775B5D-5475-48AB-A4F2-8B9F477A6C73}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{368DBEA0-7AB9-499D-A65A-D59F9C614282}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{78A20ACC-6B0F-42D9-8BEE-7E94A435464D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 17:36:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\AEstSrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\McAfee\VirusScan\mcsysmon.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\McAfee\MSC\mcuimgr.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-11-29 17:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 23:42:25
ComboFix2.txt 2008-11-29 23:21:35

Pre-Run: 53,105,733,632 bytes free
Post-Run: 52,970,885,120 bytes free

223 --- E O F --- 2008-11-26 09:01:22

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Log looks clean, how is the machine running?

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
the machine is running great now. Thank you for your help, I would have pretty much went insane without it. I really appreciate that you took the time to help me with this. This forum is amazing. thank you so much =)

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 10.
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

descriptionSolvedRe: I have been infected with the Spyware.Ispynow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum