Spyware.ISpynow Issue on Vista Computer

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:09 pm

Ok.. A very helpful member just helped fix my wifes laptop.

I am now concerned about my Desktop as my Internet Explorer Browsers and Firefox browsers are acting up. How do I scan this computer to ensure that I am not infected here with Spyware.ISpynow as I was doing the same activities that coused my Wifes laptop to get infected. I run Windows Vista.

Thanks

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:12 pm

Could you post a Hijack This log from this machine too?

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Spyware.ISpynow Issue on Vista Computer DXwU4

Spyware.ISpynow Issue on Vista Computer DXwU4

Spyware.ISpynow Issue on Vista Computer VvYDg

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:14 pm

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14, on 2008-11-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Mouse Driver\Mouse Driver\5.2\Mouse32A.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4172086135-3689951012-2788723220-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser18')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

--
End of file - 9116 bytes

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:24 pm

Log looks clean.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts, but select NO when about to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:33 pm

Ok. Here it is:

ComboFix 08-11-29.03 - Administrator 2008-11-29 18:26:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 18:11 . 2008-04-16 12:02 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys
2008-11-29 17:52 . 2008-11-29 17:59 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\All Users\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\ADMINI~1\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\progra~2\Malwarebytes
2008-11-29 17:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 17:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-29 12:47 . 2008-11-29 12:47 d-------- C:\cabs
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\Administrator\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\ADMINI~1\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 01:38 d-------- c:\program files\uTorrent
2008-11-25 15:07 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:07 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:07 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:07 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:07 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 15:03 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-25 15:03 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-25 15:03 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-25 15:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-25 15:03 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-25 15:03 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-25 15:03 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-25 15:03 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-25 15:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\users\All Users\PC Drivers HeadQuarters
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\progra~2\PC Drivers HeadQuarters
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\users\All Users\CounterPath
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\progra~2\CounterPath
2008-11-21 16:22 . 2008-11-21 16:22 d-------- c:\program files\CounterPath
2008-11-17 10:58 . 2008-11-17 10:58 236 --a------ C:\sqmdata03.sqm
2008-11-17 10:58 . 2008-11-17 10:58 200 --a------ C:\sqmnoopt03.sqm
2008-11-12 16:01 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:01 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:01 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 12:39 . 2008-11-10 12:39 9,019 --a------ c:\users\h_logo.gif
2008-11-08 17:08 . 2008-11-15 12:37 d-------- c:\program files\Article Submitter Pro
2008-11-05 22:53 . 2008-11-05 22:53 236 --a------ C:\sqmdata02.sqm
2008-11-05 22:53 . 2008-11-05 22:53 200 --a------ C:\sqmnoopt02.sqm
2008-11-04 22:03 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-04 22:03 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 22:03 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 22:03 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 22:03 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\Administrator\AppData\Roaming\Brother
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\ADMINI~1\AppData\Roaming\Brother
2008-11-03 18:43 . 2008-11-03 18:43 236 --a------ C:\sqmdata01.sqm
2008-11-03 18:43 . 2008-11-03 18:43 200 --a------ C:\sqmnoopt01.sqm
2008-11-03 18:42 . 2008-11-28 14:20 426 --a------ c:\windows\BRWMARK.INI
2008-11-03 18:41 . 2008-11-03 18:41 225 --a------ c:\windows\Brpfx04a.ini
2008-11-03 18:41 . 2008-11-03 18:41 93 --a------ c:\windows\brpcfx.ini
2008-11-03 18:41 . 2008-11-03 18:42 65 --a------ c:\windows\System32\bd7440n.dat
2008-11-03 18:40 . 2007-01-25 17:16 94,208 --a------ c:\windows\System32\BrDctF2.dll
2008-11-03 18:40 . 2007-01-26 16:13 54,784 --a------ c:\windows\System32\brinsstr.dll
2008-11-03 18:40 . 2007-01-15 21:54 12,288 --a------ c:\windows\System32\BrDctF2S.dll
2008-11-03 18:40 . 2007-01-15 16:09 12,288 --a------ c:\windows\System32\BrDctF2L.dll
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\Administrator\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\ADMINI~1\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\program files\Nuance
2008-11-03 18:39 . 2008-11-03 18:40 d-------- c:\program files\Brother
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\users\All Users\InstallShield
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\progra~2\InstallShield
2008-11-03 18:38 . 2006-10-24 14:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\users\All Users\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\progra~2\ScanSoft
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\users\All Users\Brother
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\progra~2\Brother
2008-10-30 16:54 . 2008-10-30 16:54 236 --a------ C:\sqmdata00.sqm
2008-10-30 16:54 . 2008-10-30 16:54 200 --a------ C:\sqmnoopt00.sqm
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\Administrator\AppData\Roaming\Apple Computer
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\ADMINI~1\AppData\Roaming\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:05 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 21:44 --------- d-----w c:\progra~2\Viewpoint
2008-11-25 05:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\CoffeeCup Software
2008-11-17 00:33 --------- d-----w c:\progra~2\Microsoft Help
2008-11-15 17:37 --------- d-----w c:\program files\Common Files\Astech
2008-11-13 00:41 --------- d-----w c:\users\Administrator\AppData\Roaming\FileZilla
2008-11-13 00:41 --------- d-----w c:\users\ADMINI~1\AppData\Roaming\FileZilla
2008-11-08 21:06 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-03 23:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 20:31 --------- d-----w c:\program files\Windows Live
2008-10-24 20:31 --------- d-----w c:\program files\Microsoft
2008-10-24 20:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-23 02:12 --------- d-----w c:\program files\iTunes
2008-10-23 02:12 --------- d-----w c:\program files\iPod
2008-10-23 02:12 --------- d-----w c:\progra~2\Apple Computer
2008-10-23 02:12 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 02:11 --------- d-----w c:\program files\QuickTime
2008-10-23 02:09 --------- d-----w c:\program files\Apple Software Update
2008-10-17 14:30 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-15 22:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 22:41 339,968 ----a-w c:\windows\System32\pythoncom25.dll
2008-09-22 22:41 2,117,632 ----a-w c:\windows\System32\python25.dll
2008-09-22 22:41 114,688 ----a-w c:\windows\System32\pywintypes25.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 16:26 1,332,197 ----a-w c:\windows\System32\pythondll.zip
2008-09-09 04:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-07-20 04:28 174 --sha-w c:\program files\desktop.ini
2008-05-29 14:24 56,912 ----a-w c:\users\Administrator\g2mdlhlpx.exe
2007-11-23 21:01 102,392 ----a-w c:\users\Administrator\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-11-23 21:01 102,392 ----a-w c:\users\ADMINI~1\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-20 06:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2008-09-02 22552576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LWBMOUSE"="c:\program files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE" [2001-11-09 356352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 c:\program files\AOL 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-07-16 16:54 961536 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 02:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 15:28 598016 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BE0F908-8E44-42D4-969A-035EF76121C7}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{87E3941E-7C46-45A6-BA18-3F9E8F3A893D}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{3726EC3C-A64E-4EB4-972B-EF3055B5B8E9}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{D7F46A65-353D-4D64-B478-B0BD0E362CB0}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{0CDCC2B2-BE42-47FF-9034-BEFDABA7BD0A}"= UDP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{B75F5C2B-F4E9-49C2-8289-E72D43DF753D}"= TCP:c:\program files\Common Files\aol\1183234732

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:33 pm

\ee\aolsoftware.exe:AOL Shared Components
"{CF005D1F-EC1E-4125-BA2F-C7C0C7B83505}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{26F3926A-B65E-4B9A-8E87-F8E21756308C}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{9B35FB2F-ABFA-421B-BE25-D3B45994E069}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BD2355BD-B617-42CC-82AA-3BD397643392}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{65641844-56CC-4CD5-9EB1-069F6952C613}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{CB064EE3-BF9F-4AAE-BA4F-8053DB9A51EF}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0D8F85A9-6F83-4C58-909C-DBFC6848BB83}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5DB7C3B0-1A50-48AB-8BF7-3414E22F42DD}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E761F8D5-CBA8-4AB8-9E17-CE6BCDB74E0B}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{DEFB3D4C-FEB2-4C17-9CA7-7868517F1CCE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{59A1A900-66DC-43CB-824C-4384F0C3789A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{7F58DA40-0997-49D4-AA4C-D727730FD186}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4C6D4146-FD3C-4207-8E71-FA87C9301389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{73D98EB5-4895-46F4-96A4-D5F65A64B051}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= UDP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"UDP Query User{4C169394-B4F5-46D6-B20C-41C378464D67}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= TCP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"{29BA6322-7915-4E94-AB66-E409DF46E2C8}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{24938BEA-8865-45B6-B2D3-CE4509EA43A1}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{12E779FE-9B8E-4046-B199-ACFBCB4D4C49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44598517-3607-4CBC-BFCD-399C4DC855A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{90DCA162-E18F-486F-B23E-50700291722B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B19F71E-739A-4B7F-A105-29C36EF49522}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{38250A48-3916-45F9-B29E-75FED3CD18C4}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{C81FB904-2195-4534-A6ED-05B06E7E05A3}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{77E921A0-057D-4F5D-B262-A775BB050E0F}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4FA0185E-E659-4BB7-8E4E-CA48B8D00EAC}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{1092FA29-A6A2-4B79-A925-4B9D893636B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{162F33DA-6493-4AB9-BA6E-3797EDD304A4}"= TCP:c:\program files\Microsoft Office\Office12
\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4F4F7BBF-B39C-4104-B36D-AE89FE398458}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{46142228-989A-4FD3-9D6E-FA6419933BAA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{00F6391B-6E19-4E38-9C98-202DDEF48D9C}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7BAF213E-A7DC-477C-9A34-7385C5E52EE2}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{3B078D35-B4E1-43E6-8944-09149EF344C3}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{386DC190-F248-4F79-B918-2976196DBFFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{27252682-AE06-4347-9A87-8C65438111C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{842572F7-5266-42E0-AB28-A3FD56F865DE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{771E3ED7-C1FB-43F2-9F51-805D5E53667E}"= UDP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{9597B370-A37C-4BBC-B7CB-B8991A03393C}"= TCP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{ADBEF1A8-19C4-4940-9929-2E70FA8B45BD}"= TCP:54925:Brother Network Scanner
"TCP Query User{E6275D83-F459-4068-B44D-E6B1E5763287}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"UDP Query User{9E7FCD50-5535-45A5-8C96-8B8ECBFA4AE4}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"{284FA8B1-4457-4267-93FA-638BB1D4F4D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AEE2479A-69E4-4C63-BBD3-52DA29AE1DAA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 []
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2008-07-14 39048]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-29 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d84c62-ba46-11dd-854a-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537e44eb-adaa-11dd-b70b-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\36ye4euc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\36ye4euc.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 18:29:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1292)
c:\program files\Mouse Driver\Mouse Driver\5.2\MOUDL32A.DLL
.
Completion time: 2008-11-29 18:31:02
ComboFix-quarantined-files.txt 2008-11-29 23:30:59

Pre-Run: 169,829,789,696 bytes free
Post-Run: 170,311,593,984 bytes free

283 --- E O F --- 2008-11-27 17:36:07

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:39 pm

Hello, I don't see anything serious.
I'm curious to one file, Google tells me it's related to Trend Micro, but I dont' see any signs of that.
Did you used to have Trend Micro on this machine?

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:41 pm

Hello yes, I did have TrendMicro once. I deleted it though because it slowed my computer down and I just use Free Virus scanners online.

Let me know if its an issue.

Thanks again

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:45 pm

Hello, okay.
We'll use CFScrippt just to get rid of a leftover of Trend.

The slowness may not be malware related.
Vista is a bigger OS than XP, and requires more RAM to run smoothly.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\System32\drivers\tmcomm.sys
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

Folder::
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Spyware.ISpynow Issue on Vista Computer Sfxdaw

Spyware.ISpynow Issue on Vista Computer Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:54 pm

Ok. Done:

ComboFix 08-11-29.03 - Administrator 2008-11-29 18:49:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1865 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\System32\drivers\tmcomm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\System32\drivers\tmcomm.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 17:52 . 2008-11-29 17:59 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\All Users\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 17:15 . 2008-11-29 17:15 d-------- c:\progra~2\Malwarebytes
2008-11-29 17:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 17:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-29 12:47 . 2008-11-29 12:47 d-------- C:\cabs
2008-11-29 01:38 . 2008-11-29 05:10 d-------- c:\users\Administrator\AppData\Roaming\uTorrent
2008-11-29 01:38 . 2008-11-29 01:38 d-------- c:\program files\uTorrent
2008-11-25 15:07 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:07 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:07 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:07 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:07 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 15:03 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-25 15:03 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-25 15:03 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-25 15:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-25 15:03 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-25 15:03 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-25 15:03 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-25 15:03 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-25 15:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\users\All Users\PC Drivers HeadQuarters
2008-11-25 00:36 . 2008-11-25 00:36 d-------- c:\progra~2\PC Drivers HeadQuarters
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\users\All Users\CounterPath
2008-11-21 16:23 . 2008-11-21 16:23 d-------- c:\progra~2\CounterPath
2008-11-21 16:22 . 2008-11-21 16:22 d-------- c:\program files\CounterPath
2008-11-12 16:01 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:01 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:01 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 12:39 . 2008-11-10 12:39 9,019 --a------ c:\users\h_logo.gif
2008-11-08 17:08 . 2008-11-15 12:37 d-------- c:\program files\Article Submitter Pro
2008-11-04 22:03 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-04 22:03 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 22:03 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 22:03 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 22:03 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 21:20 . 2008-11-03 21:20 dr------- c:\users\Administrator\AppData\Roaming\Brother
2008-11-03 18:42 . 2008-11-28 14:20 426 --a------ c:\windows\BRWMARK.INI
2008-11-03 18:41 . 2008-11-03 18:41 225 --a------ c:\windows\Brpfx04a.ini
2008-11-03 18:41 . 2008-11-03 18:41 93 --a------ c:\windows\brpcfx.ini
2008-11-03 18:41 . 2008-11-03 18:42 65 --a------ c:\windows\System32\bd7440n.dat
2008-11-03 18:40 . 2007-01-25 17:16 94,208 --a------ c:\windows\System32\BrDctF2.dll
2008-11-03 18:40 . 2007-01-26 16:13 54,784 --a------ c:\windows\System32\brinsstr.dll
2008-11-03 18:40 . 2007-01-15 21:54 12,288 --a------ c:\windows\System32\BrDctF2S.dll
2008-11-03 18:40 . 2007-01-15 16:09 12,288 --a------ c:\windows\System32\BrDctF2L.dll
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\users\Administrator\AppData\Roaming\InstallShield
2008-11-03 18:39 . 2008-11-03 18:39 d-------- c:\program files\Nuance
2008-11-03 18:39 . 2008-11-03 18:40 d-------- c:\program files\Brother
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\users\All Users\InstallShield
2008-11-03 18:38 . 2008-11-03 18:38 d-------- c:\progra~2\InstallShield
2008-11-03 18:38 . 2006-10-24 14:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\users\All Users\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\ScanSoft
2008-11-03 18:37 . 2008-11-03 18:37 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-03 18:37 . 2008-11-03 18:38 d-------- c:\progra~2\ScanSoft
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\users\All Users\Brother
2008-11-03 18:36 . 2008-11-03 18:36 d-------- c:\progra~2\Brother
2008-10-30 10:21 . 2008-10-30 10:21 d-------- c:\users\Administrator\AppData\Roaming\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:05 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 21:44 --------- d-----w c:\progra~2\Viewpoint
2008-11-25 05:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\CoffeeCup Software
2008-11-17 00:33 --------- d-----w c:\progra~2\Microsoft Help
2008-11-15 17:37 --------- d-----w c:\program files\Common Files\Astech
2008-11-13 00:41 --------- d-----w c:\users\Administrator\AppData\Roaming\FileZilla
2008-11-08 21:06 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-03 23:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 20:31 --------- d-----w c:\program files\Windows Live
2008-10-24 20:31 --------- d-----w c:\program files\Microsoft
2008-10-24 20:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-23 02:12 --------- d-----w c:\program files\iTunes
2008-10-23 02:12 --------- d-----w c:\program files\iPod
2008-10-23 02:12 --------- d-----w c:\progra~2\Apple Computer
2008-10-23 02:12 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 02:11 --------- d-----w c:\program files\QuickTime
2008-10-23 02:09 --------- d-----w c:\program files\Apple Software Update
2008-10-17 14:30 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-15 22:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 22:41 339,968 ----a-w c:\windows\System32\pythoncom25.dll
2008-09-22 22:41 2,117,632 ----a-w c:\windows\System32\python25.dll
2008-09-22 22:41 114,688 ----a-w c:\windows\System32\pywintypes25.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 16:26 1,332,197 ----a-w c:\windows\System32\pythondll.zip
2008-09-09 04:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-07-20 04:28 174 --sha-w c:\program files\desktop.ini
2008-05-29 14:24 56,912 ----a-w c:\users\Administrator\g2mdlhlpx.exe
2007-11-23 21:01 102,392 ----a-w c:\users\Administrator\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-20 06:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-20 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2008-09-02 22552576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LWBMOUSE"="c:\program files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE" [2001-11-09 356352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:55 pm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 c:\program files\AOL 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-07-16 16:54 961536 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 02:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 15:28 598016 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BE0F908-8E44-42D4-969A-035EF76121C7}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{87E3941E-7C46-45A6-BA18-3F9E8F3A893D}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{3726EC3C-A64E-4EB4-972B-EF3055B5B8E9}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{D7F46A65-353D-4D64-B478-B0BD0E362CB0}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{0CDCC2B2-BE42-47FF-9034-BEFDABA7BD0A}"= UDP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{B75F5C2B-F4E9-49C2-8289-E72D43DF753D}"= TCP:c:\program files\Common Files\aol\1183234732\ee\aolsoftware.exe:AOL Shared Components
"{CF005D1F-EC1E-4125-BA2F-C7C0C7B83505}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{26F3926A-B65E-4B9A-8E87-F8E21756308C}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{9B35FB2F-ABFA-421B-BE25-D3B45994E069}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BD2355BD-B617-42CC-82AA-3BD397643392}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{65641844-56CC-4CD5-9EB1-069F6952C613}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{CB064EE3-BF9F-4AAE-BA4F-8053DB9A51EF}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0D8F85A9-6F83-4C58-909C-DBFC6848BB83}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5DB7C3B0-1A50-48AB-8BF7-3414E22F42DD}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E761F8D5-CBA8-4AB8-9E17-CE6BCDB74E0B}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{DEFB3D4C-FEB2-4C17-9CA7-7868517F1CCE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{59A1A900-66DC-43CB-824C-4384F0C3789A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{7F58DA40-0997-49D4-AA4C-D727730FD186}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4C6D4146-FD3C-4207-8E71-FA87C9301389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{73D98EB5-4895-46F4-96A4-D5F65A64B051}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= UDP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"UDP Query User{4C169394-B4F5-46D6-B20C-41C378464D67}c:\\program files\\alibaba\\trademanager\\trademanager.exe"= TCP:c:\program files\alibaba\trademanager\trademanager.exe:TradeManager
"{29BA6322-7915-4E94-AB66-E409DF46E2C8}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{24938BEA-8865-45B6-B2D3-CE4509EA43A1}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{12E779FE-9B8E-4046-B199-ACFBCB4D4C49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44598517-3607-4CBC-BFCD-399C4DC855A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{90DCA162-E18F-486F-B23E-50700291722B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B19F71E-739A-4B7F-A105-29C36EF49522}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{38250A48-3916-45F9-B29E-75FED3CD18C4}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{C81FB904-2195-4534-A6ED-05B06E7E05A3}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{77E921A0-057D-4F5D-B262-A775BB050E0F}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4FA0185E-E659-4BB7-8E4E-CA48B8D00EAC}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{1092FA29-A6A2-4B79-A925-4B9D893636B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{162F33DA-6493-4AB9-BA6E-3797EDD304A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4F4F7BBF-B39C-4104-B36D-AE89FE398458}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{46142228-989A-4FD3-9D6E-FA6419933BAA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{00F6391B-6E19-4E38-9C98-202DDEF48D9C}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7BAF213E-A7DC-477C-9A34-7385C5E52EE2}"= UDP:990:LocalSubnet:LocalSubnet|IF={C16CFDDB-16C1-45F9-98D0-D64BB6BF3769}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{3B078D35-B4E1-43E6-8944-09149EF344C3}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{386DC190-F248-4F79-B918-2976196DBFFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{27252682-AE06-4347-9A87-8C65438111C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{842572F7-5266-42E0-AB28-A3FD56F865DE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{771E3ED7-C1FB-43F2-9F51-805D5E53667E}"= UDP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{9597B370-A37C-4BBC-B7CB-B8991A03393C}"= TCP:c:\program files\Brother\Brmfl07b\FAXRX.exe:FAXRX.EXE
"{ADBEF1A8-19C4-4940-9929-2E70FA8B45BD}"= TCP:54925:Brother Network Scanner
"TCP Query User{E6275D83-F459-4068-B44D-E6B1E5763287}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"UDP Query User{9E7FCD50-5535-45A5-8C96-8B8ECBFA4AE4}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam
"{284FA8B1-4457-4267-93FA-638BB1D4F4D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AEE2479A-69E4-4C63-BBD3-52DA29AE1DAA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 []
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2008-07-14 39048]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-29 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d84c62-ba46-11dd-854a-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537e44eb-adaa-11dd-b70b-00038a000015}]
\shell\AutoRun\command - I:\PortableRoboForm.exe
\shell\RoboForm2Go\command - I:\PortableRoboForm.exe

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 18:50:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(504)
c:\program files\Mouse Driver\Mouse Driver\5.2\MOUDL32A.DLL
.
Completion time: 2008-11-29 18:51:53
ComboFix-quarantined-files.txt 2008-11-29 23:51:50
ComboFix2.txt 2008-11-29 23:31:03

Pre-Run: 176,894,201,856 bytes free
Post-Run: 176,864,903,168 bytes free

272 --- E O F --- 2008-11-27 17:36:07

Re: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:58 pm

Hello.
Log looks clean, what problems remain?

Re: Spyware.ISpynow Issue on Vista Computer30th November 2008, 12:04 am

Everything is perfect. Thanks your your help once again. =)

Re: Spyware.ISpynow Issue on Vista Computer30th November 2008, 12:06 am

Because Vista is a bigger OS, keep your temp files clean.
Use this often:

Download ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Close ATF-Cleaner.exe.

Glad I could help. Smile...

Re: Spyware.ISpynow Issue on Vista Computer6th December 2008, 4:05 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

............................................................................................
Please be a GeekPolice fan on Facebook!

Spyware.ISpynow Issue on Vista Computer Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Spyware.ISpynow Issue on Vista Computer

descriptionSpyware.ISpynow Issue on Vista Computer29th November 2008, 11:09 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:12 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:14 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:24 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:33 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:33 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:39 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:41 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:45 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:54 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:55 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer29th November 2008, 11:58 pm

descriptionRe: Spyware.ISpynow Issue on Vista Computer30th November 2008, 12:04 am

descriptionRe: Spyware.ISpynow Issue on Vista Computer30th November 2008, 12:06 am

descriptionRe: Spyware.ISpynow Issue on Vista Computer6th December 2008, 4:05 am

descriptionRe: Spyware.ISpynow Issue on Vista Computer