Jump to content


Photo

Cannot uninstall MarkAny ContentSafer


  • This topic is locked This topic is locked
4 replies to this topic

#1 donnie126

donnie126

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 September 2010 - 12:15 AM

I am running Windows Vista Home Basic 32-bit with Service Pack 2. Upon browsing my Program Files folder, I have discovered a strange tree of folders which I do not remember authorizing to be installed on my system. The tree is C:\Program Files\MarkAny\ContentSafer. The Programs and Features (Add/Remove Programs) control panel confirms that a program called "ContentSAFER for Wizmax" is installed on my machine. Upon researching this program, I discovered that it can manifest itself onto my machine when I plug in a Samsung MP3 player (such as a Q2, like one I have recently acquired). Most of what I have read about this program says it is a PUP -- Potentially Unwanted Program -- and some users even go so far as to label it as spyware. The only problem is, any attempt to uninstall it from Add/Remove Programs has absolutely no effect -- I click "Uninstall/Change" and the machine does absolutely nothing. What alternative method(s) would you suggest for removing this PUP?

Thank you.

Brandon Taylor

EDIT: Please read the FAQ and post a log... Our helpers can't help without details to review...

Edited by Budfred, 02 September 2010 - 06:19 AM.


#2 donnie126

donnie126

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 September 2010 - 02:58 AM

I am running Windows Vista Home Basic 32-bit with Service Pack 2. Upon browsing my Program Files folder, I have discovered a strange tree of folders which I do not remember authorizing to be installed on my system. The tree is C:\Program Files\MarkAny\ContentSafer. The Programs and Features (Add/Remove Programs) control panel confirms that a program called "ContentSAFER for Wizmax" is installed on my machine. Upon researching this program, I discovered that it can manifest itself onto my machine when I plug in a Samsung MP3 player (such as a Q2, like one I have recently acquired). Most of what I have read about this program says it is a PUP -- Potentially Unwanted Program -- and some users even go so far as to label it as spyware. The only problem is, any attempt to uninstall it from Add/Remove Programs has absolutely no effect -- I click "Uninstall/Change" and the machine does absolutely nothing. What alternative method(s) would you suggest for removing this PUP?

Thank you.

Brandon Taylor

EDIT: Please read the FAQ and post a log... Our helpers can't help without details to review...


As requested, here is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:14 AM, on 9/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE Session Manager - {0893E729-5E25-471B-9836-A1A708F8A3F2} - C:\Program Files\IE Session Manager\IESessionManager.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Administrator\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3767498533-36595516-2229111898-1009\..\Run: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Brandon')
O4 - S-1-5-21-3767498533-36595516-2229111898-1009 Startup: HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (User 'Brandon')
O4 - S-1-5-21-3767498533-36595516-2229111898-1009 User Startup: HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (User 'Brandon')
O4 - Startup: HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
O4 - Global Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.candystand.com
O15 - Trusted Zone: *.facebook.com
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/gs.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe
O23 - Service: dldn_device - - C:\Windows\system32\dldncoms.exe
O23 - Service: Google Update Service (gupdate1c98cead4c4906f) (gupdate1c98cead4c4906f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8941 bytes

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,487 posts

Posted 04 September 2010 - 12:17 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,281 posts

Posted 05 September 2010 - 10:30 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

In this topic it's suggested to use this Revo Uninstaller

http://forums.majorg...ad.php?t=208306
===

Hope it helps.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,281 posts

Posted 19 September 2010 - 08:02 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Google Mobile (1)
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button