PDA

View Full Version : MS Anti-Spyware 2009 problem.



HabsWarrior
2008-12-24, 22:37
Hi!

Need help on this one.

On my other computer, I got the infamous MS anti-Spyware 2009. Results including :

- Difficulty navigating (ie : Almost impossible)
- Cannot run any anti-spyware, anti-virus applications. (quite useful when trying to get rid of it)
- Can't install any new anti-spyware/virus software.

Plz help!

It seems to be a tougher one than I initially thought...

Another symptom, I get the following message when trying to run RegEdit: "Registry modification has been disabled by your administrator"

Managed to access the registry via RegAlyzer to figure out what was loading in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run where I found the running instructions for Antivirus 2009.

I deleted the entry, but that didn't fix my problem of not being able to go on the web, nor fixed the problem of not being able to run any anti-spyware/virus.

I noticed in my task manager 2 processes running "winloggn.exe" & "csrssc.exe". Since the only fixes I find on the internet are to use standard anti-spyware programs, I'm pretty much stuck. I can on the other hand run HighjackThis, wich you will find a report attached.

Please bare in mind i'm running Vista Home Premium French.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37, on 2008-12-25
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Users\Chantal\AppData\Local\Temp\winloggn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Chantal\AppData\Local\Temp\csrssc.exe
C:\Users\Chantal\Desktop\Benoit\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\Users\Chantal\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Chantal\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\Users\Chantal\AppData\Local\Temp\winloggn.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4409 bytes

Thanx!