WiredWX Hobby Weather ToolsLog in

 


Spyware.Ispynow

3 posters

descriptionSolvedRe: Spyware.Ispynow

more_horiz
I think that ugly popups gone

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSnbcb.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "TDSSserv.sys" disabled successfully.
Driver "TDSSserv.sys" deleted successfully.
File "C:\windows\system32\drivers\TDSSnbcb.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello.
The rootkit is gone now, you should be able to access combofix.

http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/spywareispynow-t4434.htm#22044

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello,
I need to send the combofix in 2 parts

ComboFix 08-12-01.03 - john 2008-12-02 21:37:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1301 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\temp.dmf
c:\users\john\nah_log.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\DelSelf.bat
c:\windows\system32\digeste.dll
c:\windows\system32\paso.el
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSntlv.dll
c:\windows\system32\TDSSrfpp.dll
c:\windows\system32\TDSSsbxq.log
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSwqsc.dat
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-01 04:30 . 2008-12-01 04:32 d-------- c:\users\All Users\Lavasoft
2008-12-01 04:30 . 2008-12-01 04:32 d-------- c:\programdata\Lavasoft
2008-12-01 04:30 . 2008-12-01 04:30 d-------- c:\program files\Lavasoft
2008-12-01 04:29 . 2008-12-01 04:29 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 00:36 . 2008-12-01 00:36 d-------- c:\program files\Panda Security
2008-12-01 00:36 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-11-30 06:33 . 2008-12-02 20:41 2,274 --a------ c:\windows\System32\TDSSfopt.dll
2008-11-27 14:33 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-27 14:33 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-27 14:33 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-27 14:33 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-27 14:32 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-27 12:39 . 2008-11-27 12:39 d-------- c:\users\All Users\CanonIJPLM
2008-11-27 12:39 . 2008-11-27 12:39 d-------- c:\programdata\CanonIJPLM
2008-11-27 12:33 . 2008-11-27 12:33 d--h----- c:\users\All Users\CanonBJ
2008-11-27 12:33 . 2008-11-27 12:33 d--h----- c:\programdata\CanonBJ
2008-11-27 12:32 . 2008-11-27 12:32 d--h----- c:\windows\System32\CanonIJ Uninstaller Information
2008-11-27 12:30 . 2008-11-27 12:30 d--h----- c:\program files\CanonBJ
2008-11-27 12:30 . 2008-11-27 12:39 d-------- c:\program files\Canon
2008-11-27 04:24 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-27 04:24 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-27 04:24 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-27 04:24 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-27 04:23 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-27 04:23 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-27 04:23 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-27 04:22 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-27 04:22 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-26 19:17 . 2008-11-30 19:28 d-------- c:\program files\Windows Live Safety Center
2008-11-23 05:49 . 2008-11-23 05:49 25,887 --a------ c:\windows\System32\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
2008-11-23 05:49 . 2008-11-23 05:49 19,775 --a------ c:\windows\System32\f04d289f-c60a-422b-8396-6c372047042e.cab
2008-11-23 05:17 . 2008-11-23 05:17 dr------- c:\users\john\Searches
2008-11-23 05:07 . 2008-11-25 03:08 d-------- C:\MGADiagToolOutput
2008-11-23 05:05 . 2008-11-23 05:05 d-------- c:\users\All Users\Office Genuine Advantage
2008-11-23 05:05 . 2008-11-23 05:05 d-------- c:\programdata\Office Genuine Advantage
2008-11-23 04:02 . 2008-11-23 04:02 d-------- c:\users\All Users\Windows Genuine Advantage
2008-11-20 01:10 . 2008-11-20 01:10 d-------- c:\users\john\Documents
2008-11-19 04:18 . 2008-11-19 04:18 0 --a------ c:\windows\ynh.dx
2008-11-15 14:49 . 2008-11-23 04:22 d-------- c:\program files\Flipz4Flash
2008-11-12 04:49 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 04:48 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 04:47 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:34 --------- d-----w c:\program files\ZipCentral
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Hewlett-Packard
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\EbkReader
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Earthlink
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Downloaded Installations
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\CyberLink
2008-11-29 14:44 --------- d-----w c:\program files\Google
2008-11-27 11:49 --------- d-----w c:\users\john\AppData\Roaming\uTorrent
2008-11-26 08:53 --------- d-----w c:\program files\Windows Mail
2008-11-26 08:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 23:02 --------- d-----w c:\program files\Directory Buzz
2008-11-23 17:02 --------- d-----w c:\program files\Norton Internet Security
2008-11-23 16:58 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-23 16:58 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-23 16:58 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-23 16:58 --------- d-----w c:\program files\Symantec
2008-11-22 18:38 737,280 ----a-w c:\windows\iun6002.exe
2008-10-11 01:45 --------- d-----w c:\program files\Directory Buzz2
2008-10-05 14:45 --------- d-----w c:\program files\earthlink totalaccess
2008-10-03 19:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 19:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 19:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 19:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 19:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 19:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 19:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 19:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-03 22:38 174 --sha-w c:\program files\desktop.ini
2008-04-07 22:15 514 ----a-w c:\users\john\AppData\Roaming\wklnhst.dat
.

descriptionSolvedRe: Spyware.Ispynow

more_horiz
part 2


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Wise-FTP Scheduler"="c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe" [2003-08-29 1246720]
"E6TaskPanel"="c:\program files\earthlink totalaccess\TaskPanl.exe" [2006-08-30 952088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-23 185896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-01-25 74672]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-02-13 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, msansspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{393AC102-C8B4-464D-82A7-D52ECDBFB020}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{34E9B1EE-BA15-4415-8429-2013856E6C86}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7C5897EC-486D-4495-ACFC-36ED124028A2}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{4EC2DDF9-2F89-4D8E-8743-05EC1D7E8E51}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{5F9FF86E-AB92-4E0A-A236-DF4567E16BB1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{9E4DAFD2-CAE2-45E2-983F-B5F63B4C5192}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{CBB4C67A-003A-456B-91B6-C5FAD6BC56BE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{937A54E9-5172-47F9-8DB2-94E3417C91B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{086D8BF5-C370-44CF-944D-FF5005DD0E76}"= UDP:8097:EarthLink UHP Modem Support
"{F382520D-A6A2-459D-82E8-96DB16BDBA0D}"= UDP:8097:EarthLink UHP Modem Support
"{3ECA3EF0-C387-43D1-8E96-E101504764D9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{A10C5D12-65FE-46C3-B03F-C1B03B761554}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0A90CAD5-5511-43B3-9480-55EE36A55208}"= UDP:c:\windows\explorer.exe:Windows Explorer
"{472C90F9-B81F-43A8-B06F-87FD639D32FA}"= TCP:c:\windows\explorer.exe:Windows Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-31 180272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-11-03 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - john.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 20:09]

2008-12-02 c:\windows\Tasks\User_Feed_Synchronization-{B6B33A22-9B8E-4651-87A4-EF9FFF42C9D0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HPseti - c:\users\john\AppData\Roaming\Google\dvvm.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\17trz7bn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.linkreferral.com/accountwel.pl?email=reply@cyberbookdepot.com&password=lr0000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 21:49:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2316)
c:\windows\system32\we.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Lexmark X1100 Series\LXBKbmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxbkcoms.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-02 21:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 02:54:55

Pre-Run: 61,183,066,112 bytes free
Post-Run: 62,535,438,336 bytes free

259 --- E O F --- 2008-11-29 12:13:09

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello.
Just a leftover to get.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\System32\TDSSfopt.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll,msansspc.dll,digeste.dll"


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Spyware.Ispynow - Page 2 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello,
I'm sending the combfix in 2 parts.


ComboFix 08-12-01.03 - john 2008-12-03 18:22:04.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1228 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
Command switches used :: c:\users\john\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\System32\TDSSfopt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\TDSSfopt.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-01 04:30 . 2008-12-01 04:32 d-------- c:\users\All Users\Lavasoft
2008-12-01 04:30 . 2008-12-01 04:32 d-------- c:\programdata\Lavasoft
2008-12-01 04:30 . 2008-12-01 04:30 d-------- c:\program files\Lavasoft
2008-12-01 04:29 . 2008-12-01 04:29 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 00:36 . 2008-12-01 00:36 d-------- c:\program files\Panda Security
2008-12-01 00:36 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-11-27 14:33 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-27 14:33 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-27 14:33 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-27 14:33 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-27 14:32 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-27 12:39 . 2008-11-27 12:39 d-------- c:\users\All Users\CanonIJPLM
2008-11-27 12:39 . 2008-11-27 12:39 d-------- c:\programdata\CanonIJPLM
2008-11-27 12:33 . 2008-11-27 12:33 d--h----- c:\users\All Users\CanonBJ
2008-11-27 12:33 . 2008-11-27 12:33 d--h----- c:\programdata\CanonBJ
2008-11-27 12:32 . 2008-11-27 12:32 d--h----- c:\windows\System32\CanonIJ Uninstaller Information
2008-11-27 12:30 . 2008-11-27 12:30 d--h----- c:\program files\CanonBJ
2008-11-27 12:30 . 2008-11-27 12:39 d-------- c:\program files\Canon
2008-11-27 04:24 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-27 04:24 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-27 04:24 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-27 04:24 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-27 04:23 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-27 04:23 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-27 04:23 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-27 04:22 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-27 04:22 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-26 19:17 . 2008-11-30 19:28 d-------- c:\program files\Windows Live Safety Center
2008-11-23 05:49 . 2008-11-23 05:49 25,887 --a------ c:\windows\System32\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
2008-11-23 05:49 . 2008-11-23 05:49 19,775 --a------ c:\windows\System32\f04d289f-c60a-422b-8396-6c372047042e.cab
2008-11-23 05:17 . 2008-11-23 05:17 dr------- c:\users\john\Searches
2008-11-23 05:07 . 2008-11-25 03:08 d-------- C:\MGADiagToolOutput
2008-11-23 05:05 . 2008-11-23 05:05 d-------- c:\users\All Users\Office Genuine Advantage
2008-11-23 05:05 . 2008-11-23 05:05 d-------- c:\programdata\Office Genuine Advantage
2008-11-23 04:02 . 2008-11-23 04:02 d-------- c:\users\All Users\Windows Genuine Advantage
2008-11-20 01:10 . 2008-11-20 01:10 d-------- c:\users\john\Documents
2008-11-19 04:18 . 2008-11-19 04:18 0 --a------ c:\windows\ynh.dx
2008-11-15 14:49 . 2008-11-23 04:22 d-------- c:\program files\Flipz4Flash
2008-11-12 04:49 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 04:48 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 04:47 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:34 --------- d-----w c:\program files\ZipCentral
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Hewlett-Packard
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\EbkReader
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Earthlink
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\Downloaded Installations
2008-11-30 11:37 --------- d-----w c:\users\john\AppData\Roaming\CyberLink
2008-11-29 14:44 --------- d-----w c:\program files\Google
2008-11-27 11:49 --------- d-----w c:\users\john\AppData\Roaming\uTorrent
2008-11-26 08:53 --------- d-----w c:\program files\Windows Mail
2008-11-26 08:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 23:02 --------- d-----w c:\program files\Directory Buzz
2008-11-23 17:02 --------- d-----w c:\program files\Norton Internet Security
2008-11-23 16:58 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-23 16:58 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-23 16:58 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-23 16:58 --------- d-----w c:\program files\Symantec
2008-11-22 18:38 737,280 ----a-w c:\windows\iun6002.exe
2008-10-11 01:45 --------- d-----w c:\program files\Directory Buzz2
2008-10-05 14:45 --------- d-----w c:\program files\earthlink totalaccess
2008-10-03 19:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 19:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 19:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 19:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 19:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 19:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 19:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 19:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-03 22:38 174 --sha-w c:\program files\desktop.ini
2008-04-07 22:15 514 ----a-w c:\users\john\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_21.54.12.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-03 02:46:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-03 23:05:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-03 02:46:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-03 23:05:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-03 02:49:44 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-03 23:08:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-03 02:49:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-03 23:08:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-03 02:10:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-03 23:21:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-03 02:10:48 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 23:21:16 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-03 02:10:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-03 23:21:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-03 02:50:09 10,912 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-111490406-3634019498-3922500362-1000_UserData.bin
+ 2008-12-03 23:08:04 10,936 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-111490406-3634019498-3922500362-1000_UserData.bin
- 2008-12-03 02:50:08 60,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-03 23:08:04 60,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-03 02:07:29 44,722 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-03 23:08:03 44,746 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.

descriptionSolvedRe: Spyware.Ispynow

more_horiz
part 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Wise-FTP Scheduler"="c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe" [2003-08-29 1246720]
"E6TaskPanel"="c:\program files\earthlink totalaccess\TaskPanl.exe" [2006-08-30 952088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-23 185896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-01-25 74672]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-02-13 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll,msansspc.dll,digeste.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{393AC102-C8B4-464D-82A7-D52ECDBFB020}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{34E9B1EE-BA15-4415-8429-2013856E6C86}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7C5897EC-486D-4495-ACFC-36ED124028A2}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{4EC2DDF9-2F89-4D8E-8743-05EC1D7E8E51}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{5F9FF86E-AB92-4E0A-A236-DF4567E16BB1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{9E4DAFD2-CAE2-45E2-983F-B5F63B4C5192}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{CBB4C67A-003A-456B-91B6-C5FAD6BC56BE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{937A54E9-5172-47F9-8DB2-94E3417C91B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{086D8BF5-C370-44CF-944D-FF5005DD0E76}"= UDP:8097:EarthLink UHP Modem Support
"{F382520D-A6A2-459D-82E8-96DB16BDBA0D}"= UDP:8097:EarthLink UHP Modem Support
"{3ECA3EF0-C387-43D1-8E96-E101504764D9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{A10C5D12-65FE-46C3-B03F-C1B03B761554}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0A90CAD5-5511-43B3-9480-55EE36A55208}"= UDP:c:\windows\explorer.exe:Windows Explorer
"{472C90F9-B81F-43A8-B06F-87FD639D32FA}"= TCP:c:\windows\explorer.exe:Windows Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-31 180272]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-11-03 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - john.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 20:09]

2008-12-03 c:\windows\Tasks\User_Feed_Synchronization-{B6B33A22-9B8E-4651-87A4-EF9FFF42C9D0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 18:26:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-03 18:27:43
ComboFix-quarantined-files.txt 2008-12-03 23:27:19
ComboFix2.txt 2008-12-03 02:55:27

Pre-Run: 62,128,734,208 bytes free
Post-Run: 62,114,426,880 bytes free

217 --- E O F --- 2008-11-29 12:13:09

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello.
Log looks clean, how is the machine running now?

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Hello,

All seems back to normal. Thank you for all your help!

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Delete this folder in bold:
C:\Qoobox


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionSolvedRe: Spyware.Ispynow

more_horiz
I deleted the C:\Qoobox and will follow up with your recommendations.
Thanks again, I appreciate all your help.
I was at my wits end and was thinking the nasty reF word when my son recommended your forum.

Best Regards!

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Was your son helped here too? LMBO or ROFL

descriptionSolvedRe: Spyware.Ispynow

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

descriptionSolvedRe: Spyware.Ispynow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum