Jump to content

spywareguard removal problems


redhawk

Recommended Posts

I am also experiencing the same problems, got install to complete using the rename complete, though it hung at the "finishing installation" screen for a bit. will not run. Have tried installing to hard drive as well as flash to keep it off

I've gone through and "fixed" and deleted all the listed files and keys for the malware, but they keep coming back so there must be something more unlisted.

I get the windows send error dialog box when I try to run the superantspyware

StartupList report, 12/28/2008, 11:26:07 AM

StartupList version: 1.52.2

Started from : F:\HiJackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16762)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\Drivers\bwcsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\WINDOWS\system32\LMPDPUI.EXE

C:\WINDOWS\csrss.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Lexmark X125\LEX125SU.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

F:\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Bluetooth.lnk = ?

HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

(Default) =

SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

QPService = "C:\Program Files\HP\QuickPlay\QPService.exe"

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe

RecGuard = C:\Windows\SMINST\RecGuard.exe

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

LMPDPSRV = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

winlogon = C:\WINDOWS\csrss.exe

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

EEventManager = C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

qncdcuza.job

User_Feed_Synchronization-{04325060-88D3-49B4-9690-00DF0F69EA9D}.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[stagingUI Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx

CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab

[VerifyGMN Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll

CODEBASE = http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

[installation Support]

InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[MSN Games

Link to post
Share on other sites

  • Root Admin

I apologize for the delay but it is the Holiday Season and many of the helpers are off with their Family and Friends.

Please run the following.

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then run HJT and do a Scan Only and place a check mark on the following entries.

O21 - SSODL: ieModule - {D9799C8B-80A7-4C5D-B63B-2929F879A35C} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

O21 - SSODL: InternetConnection - {7DF229CE-33A7-4CA7-8F82-177B5B51BB51} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\zgnmwirujt.dll

Then click on "Fix checked"

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Update TrendMicro

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.