Antispywaremaster and Spylocked

Computing.Net > Forums > Windows XP > Antispywaremaster and Spylocked

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Antispywaremaster and Spylocked

Name: WILDTURKEY
Date: May 15, 2008 at 05:23:33 Pacific
OS: Windows XP SP2
CPU/Ram: Intel centrino duo/1GB
Product: Dell inspirion E1505

Comment:

I can't get rid off Antispywaremaster and keep finding SpywareLocked. When I open IE7 I get another IE window popup for either general ads or it takes me to an Antispyware site. I've tried a number of software removal tools.

Sponsored Link

Ads by Google

Response Number 1

Name: jam
Date: May 15, 2008 at 05:36:30 Pacific

Reply:

Try disabling System Retsore (all restore points will be lost) & run your scans from safe mode.
"And that's the fishing line, because Sharkboy said so!"

Response Number 2

Name: WILDTURKEY
Date: May 15, 2008 at 05:51:21 Pacific

Reply:

I have No Adware, Spysweeper, Spyhunter3, XoftSpySE and SpywareDoctor, anything specific you would prefer?

Response Number 3

Name: Leroi
Date: May 15, 2008 at 07:54:34 Pacific

Reply:

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
The home of Spybot-S&D!

Response Number 4

Name: btk1w1
Date: May 15, 2008 at 23:40:47 Pacific

Reply:

These are rogue anti-spyware programs... let's get rid of them.
First go into control panel then look in add/remove programs...Antispywaremaster should be there but I'm not too sure about spylocked. Remove which-ever is in there.
Next download Smitfraudfix and save it to your desktop.
Click here to download Smitfraudfix by S!Ri
Once the tool has downloaded double click to run it.
Select option 1 and hit enter, it will create a report for you, paste the report back here.
If you can't see the report it can be found at C:\rapport.txt.
Only run option 1 for now, I need to check the log. Runnning the other options on an uninfected system can damage the desktop.

Response Number 5

Name: WILDTURKEY
Date: May 16, 2008 at 04:44:43 Pacific

Reply:

I used the SUPERantispyware, it clean out a bunch of junk, no more popups. Now when I open IE7, my home page loads slowly, but I can't get any other sites to fully load. I'm not getting any error messages, I just can't get past my home page. Thanks for the help!

windows xp keeps rebooting over and over process and thread difference service and controller app	The file system structure on the disk is corrupt and unusable. difference between cd and dvd reboot and select proper boot device or insert boot media in selected boot
See More

Response Number 6

Name: btk1w1
Date: May 16, 2008 at 05:08:47 Pacific

Reply:

SAS is a very good tool for smitfraud detection and removal... alot more than that actually.
Let's have a look to see if there is more malware which might be causing the lag you are experiencing.
Download the "HijackThis" Installer from this link:
http://www.trendsecure.com/portal/e...
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Post Hijackthis Log in your next reply.

Response Number 7

Name: WILDTURKEY
Date: May 16, 2008 at 06:20:15 Pacific

Reply:

Ran SUPERantispyware again, found and cleaned the issues reported, everything works good again, for now.
I'll run HJT anyway and post the log.

Response Number 8

Name: btk1w1
Date: May 16, 2008 at 06:46:30 Pacific

Reply:

Post your HJT log. There could be a couple of reasons why your system runs fine after a scan with SAS then slows down again.
We can fix that.

Response Number 9

Name: WILDTURKEY
Date: May 16, 2008 at 12:55:44 Pacific

Reply:

Here's the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:03 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\DOCUME~1\DJTURN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dell.myway.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [842e4502] "rundll32.exe" "C:\WINDOWS\system32\iohhhalr.dll",b
O4 - HKLM\..\Run: [BM871d769e] "Rundll32.exe" "C:\WINDOWS\system32\vjdrsafy.dll",s
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkHXQhi - jkkHXQhi.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10555 bytes

Response Number 10

Name: btk1w1
Date: May 16, 2008 at 15:48:02 Pacific

Reply:

Heya WILDTURKEY,
There's still a nasty lurking there called AntiSpySpider, this malware can disable some admin priveledges to make it difficult to remove.
You might want to print out these steps before continuing... It is important that you follow them correctly.
1. Download these 2 tools to your desktop and confirm they are there before continuing on to step 2. (Download and confirm only, don't run them just yet)

Click here for FixASS.reg
Click here for regallow.exe

2. Go into control panel -> add / remove programs and uninstall / remove "AntispySpider", when it is finished do not reboot if asked, close all windows.
3. Go to your desktop and double click regallow.exe, when it opens click on "enable registry tools" when the registry tools are enabled click "ok"
4. Go to your desktop and double click FixASS.reg, when asked too merge the information click "yes" then "ok"
5. Reboot your pc
6. Once your pc has rebooted navigate to these files and delete them:
c:\WINDOWS\homepage.html
c:\WINDOWS\index.html
c:\WINDOWS\promo1.html
c:\WINDOWS\promo2.html
c:\WINDOWS\promo3.html
c:\WINDOWS\promo4.html
c:\WINDOWS\promo5.html
c:\WINDOWS\promo6.html
c:\WINDOWS\promogif1.gif
c:\WINDOWS\promogif2.gif
c:\WINDOWS\promogif3.gif
c:\WINDOWS\system32\adult.txt
c:\WINDOWS\system32\finance.txt
c:\WINDOWS\system32\lt.res
c:\WINDOWS\system32\other.txt
c:\WINDOWS\system32\pharma.txt
c:\WINDOWS\system32\sft.res
c:\WINDOWS\system32\sn.txt
c:\WINDOWS\system32\sockins32.dll
%UserProfile%\Desktop\AntispySpider.lnk
%UserProfile%\Start Menu\Programs\AntispySpider\
C :\Program Files\AntispySpider\
Don't worry if they aren't all there just delete what is.
7. Run a fresh HJT log and post it here.

Sponsored Link

Ads by Google

IE pops up on every progr...

Windows XP will not insta...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: Antispywaremaster and Spylocked

XP theme and standy

Summary

www.computing.net/answers/windows-xp/xp-theme-and-standy/153631.html

AS-IFce1.ocx and tz antispam

Summary

www.computing.net/answers/windows-xp/asifce1ocx-and-tz-antispam/154432.html

Text appears small and desktop icons are gone

Summary

www.computing.net/answers/windows-xp/text-appears-small-and-desktop-icons-are-gone/180317.html

From the Geek Dictionary
www - www stands for World Wide Web and is usually found as the Hostname part of ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
VBA Code for next open application

I can't use my mobile remote control on HP

In Explorer certain sites won't load fully

possible nasty?

data transsion

All Awaiting Reply

Tom's News
Guy Quits Job With Error Message

News Corp Rivals Threaten to De-list from Google

Google, Tivo Team Up to Track Ad Viewing Habits

Verizon Takes on Sprint's 3G Network (And Wins)

New York Testing Console-Based Alert System

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE