Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009 is killing my system


  • This topic is locked This topic is locked
2 replies to this topic

#1 lauralmil27

lauralmil27

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Good ol' Eugene, Oregon
  • Local time:12:51 AM

Posted 22 January 2009 - 10:41 PM

I am not very knowledgeable in these things but usually I have been able to take care of these problems on my own--this time I am defeated. Firfox isn't working when I try to look-up or download anything that refers to getting rid of this thing. Explorer is even worse. Anything I was able to download and get on my machine will not work, or updates aren't being allowed so they are useless. I can not restart my laptop because it takes about 3 to 4 hours to get it to restart and which involves voodoo dancing, plenty of abusive language, followed abject apologizing...that some how works along with numerous battery pulling, pushing the button until it's off, and the pushing of various f keys. Not a healthy relationship at this point.

The last start I did I had gone into msconfig (I hope I am remembering this right) to force the computer to restart in safe mode. Please help me in safe if possible because I am not at all sure the machine will start again.

Please help me remove this from my computer
please assume that I know nothing and you are working with a dummy...well smart I hope but not super computer savvy.

Please let me know if you need more information.
Thanks Bleeping Angels


DDS (Ver_09-01-19.01) - NTFSx86 MINIMAL
Run by Laural Miller at 18:49:45.48 on Thu 01/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1696 [GMT -8:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated)
AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
D:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\laural miller\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [sysguard] c:\windows\sysguard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PalmTether] "c:\program files\palmtether\TetherApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
mRun: [BDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\laural~1\startm~1\programs\startup\clickt~1.lnk - c:\program files\sony\click to dvd 2\ctdatsvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138079319687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - file:///E:/mathplayer/deltacvx.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: sockspy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\laural~1\applic~1\mozilla\firefox\profiles\1hga4vyl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\laural miller\application data\mozilla\firefox\profiles\1hga4vyl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\laural miller\application data\mozilla\firefox\profiles\1hga4vyl.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\laural miller\application data\mozilla\firefox\profiles\1hga4vyl.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\laural miller\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\laural miller\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 111184]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-12-7 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-12-7 352920]
S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [2006-1-30 9728]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2007-9-13 8576]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-12-7 155160]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

=============== Created Last 30 ================

2009-01-22 15:45 131,840 a------- c:\windows\system32\OLD6.tmp
2009-01-22 15:45 2,066,048 a------- c:\windows\system32\OLD3.tmp
2009-01-22 15:45 2,189,184 a------- c:\windows\system32\OLD1.tmp
2009-01-21 23:16 <DIR> --d----- c:\program files\Trend Micro
2009-01-21 23:15 <DIR> --d----- c:\docume~1\laural~1\applic~1\Bitdefender
2009-01-21 22:42 81,984 a------- c:\windows\system32\bdod.bin
2009-01-21 22:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-21 22:37 <DIR> --d----- c:\program files\Softwin
2009-01-21 22:36 <DIR> --d----- c:\program files\common files\Softwin
2009-01-21 19:57 <DIR> --d----- c:\docume~1\laural~1\applic~1\Simply Super Software
2009-01-21 12:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-21 12:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 12:54 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-21 12:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 21:24 266,240 a------- c:\windows\sysguard.exe
2009-01-20 21:24 9,216 a------- c:\windows\system32\iehelper.dll
2009-01-20 21:24 <DIR> --dsh--- c:\windows\system32\twain32
2009-01-15 10:38 <DIR> --d----- c:\program files\2BrightSparks
2009-01-14 09:12 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-10 16:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 16:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 18:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 18:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 18:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 18:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-28 21:08 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-06 08:37 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-06 08:37 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-06 08:37 129,784 a------- c:\windows\system32\pxafs.dll
2008-11-06 08:37 120,056 -c------ c:\windows\system32\pxcpyi64.exe
2008-11-06 08:37 118,520 -c------ c:\windows\system32\pxinsi64.exe
2008-11-06 08:35 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-06 08:35 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-06 08:33 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-11-06 08:33 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-11-06 08:33 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-11-06 08:33 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-11-06 08:33 684,032 a------- c:\windows\system32\DivX.dll
2008-11-06 08:33 12,288 ac------ c:\windows\system32\DivXWMPExtType.dll
2008-05-05 07:31 0 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-01-28 19:56 17 ac------ c:\program files\Sims2Pack Clean Installer.ini
2007-11-16 10:33 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-02-02 11:16 73,880 -c------ c:\docume~1\laural~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-02 09:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat

============= FINISH: 18:51:37.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:51 AM

Posted 01 February 2009 - 08:19 AM

Hi

Sorry for late reply. Forums have been very busy. If you still need help with this post a fresh DDS report.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:51 AM

Posted 06 February 2009 - 01:56 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users