Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It started with spyware protect 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 gearheadtools

gearheadtools

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 14 March 2009 - 01:08 PM

I recieved spyware protect 2009 one day as a present. I am so lucky. I removed it by deleting sysquard.exe , No more pop ups, but now I get a pop up that says NT authority system has encountered a problem and will shutdown in 1:00 minute. I run shutdown -a to keep the computer from shutting down. I also get a pop up that says Google installer has encountered a problem and needs to shut down. I also get redirected when doing a search on google or yahoo.
I tried to download malwarebytes but had several problems doing so. It appears to finally be loaded but it will not run.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Carlos Ybarra at 12:52:17.06 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} -
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Trend Micro AntiVirus 2007] c:\program files\trend micro\antivirus 2007\tavui.exe -1 --delay 15
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\tmlsp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236972658093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-13 21:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-13 20:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-13 20:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 20:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-13 16:03 118 a------- c:\windows\system32\MRT.INI
2009-03-13 15:49 21,056 a------- c:\windows\system32\drivers\sskbfd.sys
2009-03-08 17:18 10,752 a------- c:\windows\DCEBoot.exe
2009-03-08 16:16 <DIR> --d----- c:\windows\pss
2009-03-08 16:14 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-08 14:23 260 a------- c:\windows\system32\ikhcore(3).cfg
2009-03-08 14:03 260 a------- c:\windows\system32\ikhcore(5).cfg
2009-03-08 14:03 260 a------- c:\windows\system32\ikhcore(2).cfg
2009-03-08 12:13 <DIR> --d----- C:\info
2009-03-08 12:11 10,533 a------- c:\windows\system32\drivers\tmcomm.cat
2009-03-08 12:11 2,544 a------- c:\windows\system32\drivers\vsapint.inf
2009-03-08 12:11 2,487 a------- c:\windows\system32\drivers\tmcomm.inf
2009-03-08 12:11 265,688 a------- c:\windows\system32\drivers\Tmfilter.sys
2009-03-08 12:11 10,088 a------- c:\windows\system32\drivers\tmfilter.cat
2009-03-08 12:11 3,444 a------- c:\windows\system32\drivers\tmpreflt.inf
2009-03-08 12:11 2,583 a------- c:\windows\system32\drivers\tmxpflt.inf
2009-03-08 12:11 <DIR> --d----- c:\windows\system32\drivers\AU_Backup
2009-03-08 12:09 260 a------- c:\windows\system32\ikhcore(4).cfg
2009-03-08 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-03-08 12:06 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-08 12:06 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-08 12:04 <DIR> --d----- c:\program files\Trend Micro
2009-03-08 10:39 <DIR> --dsh--- c:\windows\system32\lowsec
2009-03-03 19:38 0 a------- c:\windows\muveeapp.INI
2009-03-03 19:28 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-03-03 19:28 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-03-03 19:28 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-03-03 19:28 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-02-21 10:39 46,440 a---h--- c:\windows\system32\mlfcache.dat
2009-02-18 21:53 35,840 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-02-18 21:49 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-02-18 21:49 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-18 21:45 20,724 a------- c:\windows\hpoins01.dat
2009-02-18 21:45 16,618 -------- c:\windows\hpomdl01.dat
2009-02-18 21:41 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-18 15:50 <DIR> --d----- c:\program files\Paint.NET
2009-02-18 14:21 488 a------- C:\hpfr5550.xml
2009-02-18 14:02 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-02-18 13:51 <DIR> --d----- c:\temp\HP All-in-One Series Web Release

==================== Find3M ====================

2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-01 17:42 1,760 a------- c:\windows\EReg196.dat
2009-01-07 19:31 51,712 a------- c:\windows\wc98pp.dll
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-17 15:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-02 10:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111720081124\index.dat
2008-12-02 10:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

============= FINISH: 12:53:11.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:36 AM

Posted 25 March 2009 - 08:38 PM

Hello gearheadtools,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:36 AM

Posted 04 April 2009 - 06:12 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users