computer infected with spyware

**john** · 04-23-2008, 09:01 PM

I read the instructions over and over thought i did everything correct as for the program i might of hit an icon on the desktop while deleting some of them . I thank you very much for taking your time to help me .

**jholland1964** · 04-23-2008, 10:56 PM

Originally Posted by john

I read the instructions over and over thought i did everything correct as for the program i might of hit an icon on the desktop while deleting some of them . I thank you very much for taking your time to help me .

'John, not certain what in the world you mean by this...deleting them what? All you had to do was move that CFScript.txt into combofix and then click combofix. What were you deleting? You had to do nothing but move the CFScript.txt file. If you hit an icon while moving the file that wouldn't have made any difference UNLESS you hit an icon WHILE combofix was running.

Instructions for using the computer are very clear on that...

IMPORTANT:

Do not use your computer while Combofix is running......

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**jholland1964** · 04-23-2008, 11:46 PM

I am so sorry John, I made an error when I posted the CFScript for you. This is probably why the fix didn't work. Hope you come back to see this and try it again.
Judy

Do the following;
* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

File::
C:\WINDOWS\cuawsppw
C:\WINDOWS\ions.dll
C:\Documents and Settings\All Users\Application Data\slypcfwl

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Scbu"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Qnx"=

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please post the new ComboFix log in your next reply.

**john** · 04-24-2008, 03:54 PM

No problem im sure you looking at alot of these, mixup bound to happen. I hope i did wright this time

ComboFix 08-04-18.3 - HP_Administrator 2008-04-24 15:52:22.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1428 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\Documents and Settings\All Users\Application Data\slypcfwl
C:\WINDOWS\cuawsppw
C:\WINDOWS\ions.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ions.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 22:12 . 2007-12-02 11:33 114,688 --a------ C:\WINDOWS\Lavish.dll
2008-04-21 12:22 . 2008-04-21 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 01:49 . 2008-04-16 18:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-15 01:07 . 2008-04-15 01:07 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-15 00:55 . 2008-04-23 17:17 <DIR> d-------- C:\Downloads
2008-04-15 00:37 . 2008-04-15 00:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HPQ
2008-04-15 00:07 . 2008-04-16 06:29 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-15 00:00 . 2008-04-15 00:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 16:09 . 2008-04-13 16:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-13 11:40 . 2008-04-13 11:40 <DIR> d-------- C:\WINDOWS\cuawsppw
2008-04-13 11:40 . 2008-04-13 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\slypcfwl
2008-04-13 11:39 . 2008-04-13 11:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-03-28 18:53 . 2008-04-17 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-21 17:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 23:25 111,104 ----a-w C:\WINDOWS\system32\netdde.exe
2008-04-16 23:25 111,104 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe
2008-04-16 23:20 --------- d-----w C:\Program Files\microsoft money 2006
2008-03-28 23:54 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 23:53 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 19:20 --------- d-----w C:\Program Files\Rhapsody
2008-03-14 19:20 --------- d-----w C:\Program Files\Real
2008-03-01 23:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:32 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:32 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:32 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-11 14:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 14:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 18:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 13:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-11-07 01:46 4,946 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-03-18 23:40 1,348,242 ----a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_19.08.32.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 00:02:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 00:52:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-18 21:23 68856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [ ]
"Scbu"="C:\PROGRA~1\CROSOF~1\logonui.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Qnx"="C:\Program Files\Common Files\S?mantec\r?gedit.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 23:05 7557120]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 13:05 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent .exe" [2005-09-22 19:29 303104]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-31 09:33 180269]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-28 01:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 01:50 81920]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-17 08:35:58 107520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-03 01:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-09 23:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2007-10-30 21:57 1095256 C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-03-20 11:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-10-30 16:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 23:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-16 00:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-09-01 06:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2005-08-24 19:25 101080 C:\Program Files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-02-13 23:05 7557120 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-02-13 23:05 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-23 00:14 237568 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 04:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-18 21:23 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-31 09:33 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Quick Access]
--a------ 2006-09-14 11:15 225280 C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 19:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

S0 antispywarebot;antispywarebot;C:\WINDOWS\system32\ DRIVERS\antispywarebot.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 01

01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 15:54:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-24 15:55:53
ComboFix-quarantined-files.txt 2008-04-24 20:54:56
ComboFix2.txt 2008-04-24 02:34:02
ComboFix3.txt 2008-04-24 02:24:16
ComboFix4.txt 2008-04-23 22:40:35
ComboFix5.txt 2008-04-20 00:08:51

Pre-Run: 261,999,755,264 bytes free
Post-Run: 261,986,488,320 bytes free

244 --- E O F --- 2008-04-13 21:33:24

Thread: computer infected with spyware

Thread Tools

Display

An apology....

Thread Information

Users Browsing this Thread

Posting Permissions