Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Spyware Guard 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 black cancer

black cancer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 13 January 2009 - 07:15 PM

I have been infected with a pop up of Spyware Guard 2009. It's the ad that promotes a $50 dollar malaware remover. I actually emailed them about removing it, but no reply. My Avast and Ad-aware programs, while normally effective, our useless against it. Please help me. Below is a DDS report, I hope this helps. My email is placeformyhead34@aol.com. Please email me when you respond to this or have any questions. Thank you.

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 18:59:49.48 on Tue 01/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1239 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Guard 2009\spywareguard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {60c7ed20-8c0f-4941-ae0a-a2268b1d8058} - c:\windows\system32\tuvTJDvT.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {76c25fb6-1276-69eb-1224-199667321b59}: {95b12376-6991-4221-be96-67216bf52c67} - c:\windows\system32\qeugoe.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Power2GoExpress] NA
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [spywareguard] c:\program files\spyware guard 2009\spywareguard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [c4b398f5] rundll32.exe "c:\windows\system32\sgntcjol.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Notify: pmnlljGW - pmnlljGW.dll
AppInit_DLLs: qeugoe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ieModule - {D8175D24-3694-48D0-9C64-352AB60ADDBE} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {DE982364-D744-49EE-95EA-5B6F5F9434FC} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\mhgjrtzzkt.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvTJDvT
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0u4fl7vz.default\
FF - HiddenExtension: XUL Cache: {CB850019-8659-4899-BFDD-67A8685DED72} - c:\windows\system32\config\systemprofile\local settings\application data\{cb850019-8659-4899-bfdd-67a8685ded72}\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-7 111184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-7 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-7 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-7 155160]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-12-11 69692]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-1-6 39048]
S3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\SPIXNEW.SYS [2002-3-7 95528]
S4 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2008-12-30 18690]

=============== Created Last 30 ================

2009-01-13 06:03 123,904 a------- c:\windows\system32\qeugoe.dll
2009-01-13 06:02 123,904 a------- c:\windows\system32\ncyunvhg.dll
2009-01-13 06:00 1,327,556 ---sh--- c:\windows\system32\lojctngs.ini
2009-01-13 05:59 79,872 a------- c:\windows\system32\sgntcjol.dll
2009-01-13 05:57 40,960 a------- c:\windows\system32\yphwekqm.dll
2009-01-12 16:09 31 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-01-12 16:09 <DIR> --d----- c:\windows\.jagex_cache_32
2009-01-11 21:52 1,256,329 ---sh--- c:\windows\system32\vjqcdpdk.ini
2009-01-11 21:52 80,896 a------- c:\windows\system32\kdpdcqjv.dll
2009-01-11 21:50 123,392 a------- c:\windows\system32\ckbtxp.dll
2009-01-11 21:50 123,392 a------- c:\windows\system32\lbqqnock.dll
2009-01-11 17:59 1,256,329 ---sh--- c:\windows\system32\hxmjrvxn.ini
2009-01-11 17:56 123,392 a------- c:\windows\system32\gltvvu.dll
2009-01-11 17:56 123,392 a------- c:\windows\system32\mfileqnl.dll
2009-01-10 17:56 1,256,329 ---sh--- c:\windows\system32\yxpkttyy.ini
2009-01-10 17:56 78,336 a------- c:\windows\system32\yyttkpxy.dll
2009-01-10 17:54 124,928 a------- c:\windows\system32\swfakg.dll
2009-01-10 17:54 124,928 a------- c:\windows\system32\fiodivdh.dll
2009-01-09 20:21 133,120 a------- c:\windows\system32\qpvjjf.dll
2009-01-09 20:21 133,120 a------- c:\windows\system32\tkifnyvr.dll
2009-01-09 20:13 1,248,432 ---sh--- c:\windows\system32\jivkfbeq.ini
2009-01-09 15:32 143 a------- c:\windows\system32\mcrh.tmp
2009-01-09 15:04 <DIR> --d----- c:\program files\Lavasoft
2009-01-09 15:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-09 04:05 133,120 a------- c:\windows\system32\tvrxge.dll
2009-01-09 04:05 133,120 a------- c:\windows\system32\ipeoirbu.dll
2009-01-09 04:02 1,326,815 ---sh--- c:\windows\system32\rvlpwyxh.ini
2009-01-09 04:02 90,624 a------- c:\windows\system32\hxywplvr.dll
2009-01-08 22:30 1,326,815 ---sh--- c:\windows\system32\beyqegnw.ini
2009-01-08 22:27 139,264 a------- c:\windows\system32\icjfnk.dll
2009-01-08 22:27 139,264 a------- c:\windows\system32\intcdvhu.dll
2009-01-07 21:22 129,536 a------- c:\windows\system32\sqfmws.dll
2009-01-07 21:22 129,536 a------- c:\windows\system32\xiqwdiow.dll
2009-01-07 20:49 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-07 20:43 384,000 a------- c:\windows\system32\winscenter.exe
2009-01-07 20:43 1,003,957 a------- c:\windows\sysexplorer.exe
2009-01-07 20:43 134,149 a------- c:\windows\reged.exe
2009-01-07 20:43 51,197 a------- c:\windows\spoolsystem.exe
2009-01-07 20:43 50,620 a------- c:\windows\sys.com
2009-01-07 20:43 47,872 a------- c:\windows\syscert.exe
2009-01-07 20:43 18,941 a------- c:\windows\vmreg.dll
2009-01-07 20:43 <DIR> --d----- c:\program files\Spyware Guard 2009
2009-01-07 20:42 1,326,815 ---sh--- c:\windows\system32\djcmywdn.ini
2009-01-07 20:40 59,904 a------- c:\windows\system32\drivers\TDSSoiqt.sys
2009-01-07 20:40 27,136 a------- c:\windows\system32\TDSSlrvd.dll
2009-01-07 20:40 29,189 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2009-01-07 20:40 173,568 a------- c:\windows\system32\snppvqyo.exe
2009-01-07 20:40 129,536 a------- c:\windows\system32\hhfytc.dll
2009-01-07 20:40 129,536 a------- c:\windows\system32\hgijfsip.dll
2009-01-07 20:37 1,320,830 ---sh--- c:\windows\system32\rfuerabq.ini
2009-01-06 20:46 0 a------- c:\windows\DVEdit.INI
2009-01-06 19:46 1,320,830 ---sh--- c:\windows\system32\iibewxkm.ini
2009-01-06 19:41 59,904 a------- c:\windows\system32\drivers\TDSSmqlt.sys
2009-01-06 19:41 229,376 a------- c:\windows\system32\editewjy.exe
2009-01-06 19:34 31,744 a------- c:\windows\system32\drivers\ICDSX.sys
2009-01-06 19:34 90,112 -------- c:\windows\snymsico.dll
2009-01-06 19:33 <DIR> --d----- c:\program files\SONY
2009-01-05 15:16 133,632 a------- c:\windows\system32\rmineghf.dll
2009-01-05 15:11 1,306,349 ---sh--- c:\windows\system32\hkdnhrpi.ini
2009-01-05 15:10 1,700,277 a--sh--- c:\windows\system32\TvDJTvut.ini2
2009-01-05 15:10 0 a--sh--- c:\windows\system32\TvDJTvut.ini
2009-01-05 15:10 289,280 a------- c:\windows\system32\tuvTJDvT.dll
2009-01-04 18:18 90,624 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2009-01-04 18:18 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2009-01-04 18:18 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-04 18:18 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-01-04 18:18 90,624 a------- c:\windows\system32\kswdmcap.ax
2009-01-04 18:18 61,952 a------- c:\windows\system32\kstvtune.ax
2009-01-04 18:18 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-01-04 18:18 28,672 a------- c:\windows\system32\vidcap.ax
2009-01-04 18:18 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2009-01-04 18:18 43,008 a------- c:\windows\system32\ksxbar.ax
2009-01-04 14:49 1,033,216 a------- c:\windows\system32\dllcache\explorer.exe
2009-01-01 12:58 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-01-01 12:58 19,569 a------- c:\windows\002703_.tmp
2009-01-01 12:40 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-01 12:04 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-01 12:04 208,744 a------- c:\windows\system32\muweb.dll
2009-01-01 12:04 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-31 17:44 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2008-12-31 17:44 <DIR> --d----- c:\program files\LimeWire
2008-12-31 17:41 <DIR> --d----- c:\documents and settings\owner\Contacts
2008-12-31 17:09 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-31 16:39 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-31 02:02 <DIR> --d----- C:\personal pics
2008-12-30 23:06 <DIR> --d----- C:\Various Artists
2008-12-30 23:05 <DIR> --d----- C:\Unknown Artist
2008-12-30 23:04 <DIR> --d----- C:\Three Days Grace
2008-12-30 23:01 <DIR> --d----- C:\System of a Down
2008-12-30 23:00 <DIR> --d----- C:\Soulfly
2008-12-30 22:58 <DIR> --d----- C:\Seether
2008-12-30 22:57 <DIR> --d----- C:\Rob Zombie
2008-12-30 22:55 <DIR> --d----- C:\Queen
2008-12-30 22:54 <DIR> --d----- C:\Pink Floyd
2008-12-30 22:50 <DIR> --d----- C:\Neil Young
2008-12-30 22:50 <DIR> --d----- C:\My Playlists
2008-12-30 22:49 <DIR> --d----- C:\Motörhead
2008-12-30 22:48 <DIR> --d----- C:\Michael Jackson
2008-12-30 21:39 178,997,248 a------- C:\[Kuroneko]_Zero No Tsukaima II - 10 [ED3EDE3A].avi
2008-12-30 21:14 4,506,256 a------- c:\program files\LimeWireWin.exe
2008-12-30 20:48 85 a--sh--- C:\desktop.ini
2008-12-30 15:13 <DIR> --d----- C:\NewFolder1
2008-12-30 14:17 <DIR> --d----- C:\.jagex_cache_32
2008-12-30 14:11 <DIR> --d----- c:\program files\Genesys Logic
2008-12-30 13:50 18,690 a------- c:\windows\system32\drivers\usbhsb.sys

==================== Find3M ====================

2009-01-04 14:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 21:30 0 a------- c:\windows\system32\drivers\EMACHINES_W3650_3.1_CGM85I0004781.MRK
2008-12-11 21:23 315,392 a------- c:\windows\HideWin.exe
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2007-12-27 10:17 341,465,088 a------- c:\program files\Honoo no Haramase Tenkousei Ue - Episode 1.avi

============= FINISH: 19:00:38.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 14 January 2009 - 04:02 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 21 January 2009 - 03:49 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users