kmhn583 Posted January 6, 2009 Report Share Posted January 6, 2009 (edited) I APOLOGIZE, I HAVE POSTED IN THE WRONG SECTION... PLEASE DELETE THIS POST.Greetings,I got the Spyware Guard 2008 virus today...I've tried some basic procedures laid out in various forums (listed below) which have all failed. I understand I should be posting a hijack I am not knowledged in this field so please excuse my ignorance...1. first tried simply installing MBAM and running the scan. The first time it detects something it gives me an error with an identification number which varies each time. I OK it and the scan continues, but soon it gets shut down by Spyware Guard every time (that is my guess because Spyware Guard always opens up when MBAM shuts down).2. I have tried the method described here: http://www.besttechie.net/forums/index.php...mp;#entry122513but this has also failed...3. I have also tried Spy Hunter 3. It is able to run the scan and the removal process, but soon Spyware Guard is reinstalled.My hijackthis log(I run a japanese environment windows, hence some of the characters):Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:47:23, on 2009/01/06Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exeC:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Program Files\PeerGuardian2\pg2.exeC:\WINDOWS\system32\winscenter.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Synaptics\SynTP\Toshiba.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\SetPoint\SetPoint.exeC:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exeC:\Program Files\twc\medicsp2\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\system32\TODDSrv.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\System32\alg.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\yphb.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Spyware Guard 2008\spywareguard.exeC:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\ypho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dllO3 - Toolbar: The翻訳ツールバー - {FF278623-9AA4-489c-84CE-CF14D90CC70C} - c:\Program Files\TTI_V10LE\def_bar.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [solidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /schedulerO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exeO4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')O8 - Extra context menu item: Image Converter 2 で転送 - C:\Program Files\Sony\Image Converter 2\menu.htmO8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: The翻訳_ページ翻訳 - c:\Program Files\TTI_V10LE\addins\Ie\afi_pagetran.htmO8 - Extra context menu item: The翻訳_範囲指定翻訳 - c:\Program Files\TTI_V10LE\addins\Ie\afi_seltran.htmO8 - Extra context menu item: The翻訳_翻訳設定 - c:\Program Files\TTI_V10LE\addins\Ie\afi_setdlg.htmO8 - Extra context menu item: The翻訳_辞書参照 - c:\Program Files\TTI_V10LE\addins\Ie\ttp_showdic.htmO8 - Extra context menu item: Yahoo!ツールバーに追加 - res://C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll/script_search.htmO8 - Extra context menu item: Yahoo!検索で検索 - res://C:\Program Files\Yahoo!J\Toolbar\7_0_0_12\Modules\YahooToolBar.dll/script_yahoo.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: The翻訳_ページ翻訳 - {3009C231-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_pagetran.htmO9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {3009C231-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_pagetran.htmO9 - Extra button: (no name) - {3009C237-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\ttp_showdic.htmO9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {3009C237-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\ttp_showdic.htmO9 - Extra button: (no name) - {3009C238-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_seltran.htmO9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {3009C238-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_seltran.htmO9 - Extra button: (no name) - {3009C23A-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_setdlg.htmO9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {3009C23A-637C-4d4c-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\addins\Ie\afi_setdlg.htmO9 - Extra button: 辞書バー - {3009C23C-637C-4D4C-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\IeTbandTate.dllO9 - Extra button: 翻訳バー - {3009C23E-637C-4D4C-905F-4D6585D033CA} - c:\Program Files\TTI_V10LE\IeTbandYoko.dllO9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htmO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {3ADF17D2-F1A8-45E1-92BA-B72717779075} (あなたのdynabook.com) - http://dynabook.fresheye.com/TWAgent/TWAgent.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.195.183.143/activex/AMC.cabO21 - SSODL: ieModule - {60494D3D-DDB8-444B-B4AF-AD56D7C09054} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dllO21 - SSODL: InternetConnection - {3B1F9A2A-E01C-4DFB-B0D1-9B239B5CF350} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rykjgwvxpi.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Atheros 設定サービス (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exeO23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Remote Solver for COSMOSFloWorks 2008 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exeO23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe--End of file - 13997 bytes Edited January 6, 2009 by kmhn583 Link to post Share on other sites
Recommended Posts