Spyware Guard 2008 Removal

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Spyware Guard 2008 Removal

Post by zrawrxd on 21st December 2008, 2:00 am

Im currently trying to remove Spyware Guard 2008 from my computer.
i have try these methods so far
  • System Restore doesn't have any points. So i cant do system restore.

  • When i try using regedit it wont let me, says that admin wont let me(I'm on a admin account)

  • I tried running Malwarebytes Anti-Malware it didn't Run/Show up(Tried in both Normal Start up/Safe Mode)

  • I tried Spy no more, but i didn't have a license for it.


Is there any other ways to remove it? its really messing up my computer.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 21st December 2008, 2:04 am

Hello.
Please don't use/buy Spynomore. It is considered to be a rogue program, known for false positives to goad you into buying.

Before I can help, I need a Hijack This log, so read this topic and post a Hijack This log here.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 21st December 2008, 2:39 am

Srry for the wait

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:43 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Blazing Ice\Desktop\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Blazing Ice\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5848EBE6-5996-4479-AD78-AF7AFC30166F} - C:\WINDOWS\system32\opnkiGAq.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcDuUlL.dll
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Mfuzalude] rundll32.exe "C:\WINDOWS\Ekirokuqisalut.dll",e
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [Pkaxolayiza] rundll32.exe "C:\WINDOWS\ohuyuhax.dll",e
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - [You must be registered and logged in to see this link.]
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: ddcDuUlL - C:\WINDOWS\SYSTEM32\ddcDuUlL.dll
O21 - SSODL: ieModule - {AC8B4290-595C-4546-9257-66A41F81B849} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {61906D79-0C96-4A0E-9092-F76431A47DAB} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radialpoint Unicorn Update Service (rpsupdaterr) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13027 bytes

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 21st December 2008, 1:21 pm

Hello.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 21st December 2008, 4:35 pm

The program doesnt work for me it loads but nothing is on the screen, its on the process list tho

Edit : Also the internet for the computer keeps on saying the Link is broken for most of the links i go to.
Aim works tho.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 21st December 2008, 4:57 pm

Okay, it might have done something though.
Please post a NEW Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 12:51 am

HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:49 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Documents and Settings\Blazing Ice\Desktop\hijackgpthis.exe
C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\csrssc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcDuUlL.dll
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O2 - BHO: (no name) - {FCDBB945-2EE5-4ECB-8E52-4D73842056AA} - C:\WINDOWS\system32\opnkiGAq.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Mfuzalude] rundll32.exe "C:\WINDOWS\Ekirokuqisalut.dll",e
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [Pkaxolayiza] rundll32.exe "C:\WINDOWS\ohuyuhax.dll",e
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [e827f2c3] rundll32.exe "C:\WINDOWS\system32\taywxuem.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - [You must be registered and logged in to see this link.]
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: kgyecq.dll
O20 - Winlogon Notify: ddcDuUlL - C:\WINDOWS\SYSTEM32\ddcDuUlL.dll
O21 - SSODL: ieModule - {AC8B4290-595C-4546-9257-66A41F81B849} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {61906D79-0C96-4A0E-9092-F76431A47DAB} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radialpoint Unicorn Update Service (rpsupdaterr) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13087 bytes

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 12:51 am

And this is the Program uninstall list thing.
Action Replay Code Manager
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Aim Plugin for QQ Games
AllToAVI v4 r5394
AOLIcon
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
Bonjour
Broadcom Management Programs
Combined Community Codec Pack 2008-09-21 16:18
Conexant HDA D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Media Experience
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Download Updater (AOL LLC)
EducateU
Electronic Arts Game Updater
ELIcon
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Grand Chase
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Download Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.4.1.3
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 10
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
MapleStory
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
PDF Settings
PlayLinc
PowerDVD 5.7
PPSDKRedistributables
QQ BlackJack
QQ Bubble Arena
QQ Chess
QQ Games
QQ Hearts
QQ Match Master
QQ Pool
QQ Puzzle Dasher
QQ Robo
QQ Texas Hold'em
QQ Treasure Hunter
QuickSet
QuickTime
RealPlayer
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spyware Guard 2008
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URL Assistant
Veoh Web Player Beta
Verizon Broadband Toolbar
Verizon Online DSL
Verizon Online Help & Support
Verizon Online Help and Support
Verizon Servicepoint 1.5.20
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Imaging Component
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 1:06 am

Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcDuUlL.dll
    O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
    O2 - BHO: (no name) - {FCDBB945-2EE5-4ECB-8E52-4D73842056AA} - C:\WINDOWS\system32\opnkiGAq.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
    O4 - HKLM\..\Run: [Mfuzalude] rundll32.exe "C:\WINDOWS\Ekirokuqisalut.dll",e
    O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
    O4 - HKLM\..\Run: [Pkaxolayiza] rundll32.exe "C:\WINDOWS\ohuyuhax.dll",e
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [e827f2c3] rundll32.exe "C:\WINDOWS\system32\taywxuem.dll",b
    O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\winlogin.exe
    O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\BLAZIN~1\LOCALS~1\Temp\csrssc.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
    O20 - AppInit_DLLs: kgyecq.dll
    O20 - Winlogon Notify: ddcDuUlL - C:\WINDOWS\SYSTEM32\ddcDuUlL.dll
    O21 - SSODL: ieModule - {AC8B4290-595C-4546-9257-66A41F81B849} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    O21 - SSODL: InternetConnection - {61906D79-0C96-4A0E-9092-F76431A47DAB} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll
    O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll


  • Press "Fix Checked"
  • Close Hijack This.



1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\ddcDuUlL.dll
C:\WINDOWS\system32\opnkiGAq.dll
C:\WINDOWS\ohuyuhax.dll
C:\WINDOWS\system32\taywxuem.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll
C:\WINDOWS\system32\jkse73hedfdgf.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 2:44 am

I had 2 popups
Both are "RUNDLL"
*Error loading C:\WINDOWS\system32\taywxuem.dll
The specified module could not be found.
*Error loading C:\WINDOWS\ohuyuhax.dll
The specified module could not be found.

Other then that heres the avenger.txt
Code:
Files to delete:
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\ddcDuUlL.dll
C:\WINDOWS\system32\opnkiGAq.dll
C:\WINDOWS\ohuyuhax.dll
C:\WINDOWS\system32\taywxuem.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll
C:\WINDOWS\system32\jkse73hedfdgf.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008
[strike]pk3r0wn3r signed off at 9:40:18 PM.
pk3r0wn3r signed on at 9:42:48 PM.[/strike]
pk3r0wn3r: Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath:  \systemroot\system32\drivers\TDSSpqlt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\WINDOWS\system32\ntos.exe" deleted successfully.
File "C:\WINDOWS\system32\ddcDuUlL.dll" deleted successfully.
File "C:\WINDOWS\system32\opnkiGAq.dll" deleted successfully.
File "C:\WINDOWS\ohuyuhax.dll" deleted successfully.
File "C:\WINDOWS\system32\taywxuem.dll" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smzughelpw.dll" deleted successfully.
File "C:\WINDOWS\system32\jkse73hedfdgf.dll" deleted successfully.
Folder "C:\Program Files\Spyware Guard 2008" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Sorry about the signing in a off thing, had to copy and paste from AIM since IE on the Malwared labtop wasnt working that well.


Last edited by zrawrxd on 22nd December 2008, 3:34 am; edited 1 time in total

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 2:53 am

I think it still lefted some effects when i went on the internet it always gives me this on pictures untill i right click it and click show picture.


Edit:I was think of downloading some Products from malwarebytes.org, i would like to know if they are clean and works and also free.
Malwarebytes' Anti-Malware
Rogue Remover FREE
FileASSASSIN
AboutBuster

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 4:23 pm

Hello.
The avenger did it's job and disabled the rootkit.

You can access combofix now.
Please run it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 8:44 pm

ComboFix 08-12-21.04 - Blazing Ice 2008-12-22 3:28:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -6:00]
Running from: c:\documents and settings\Blazing Ice\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\dPI19
c:\windows\system32\drivers\npf.sys
c:\windows\system32\meuxwyat.ini
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qAGiknpo.ini
c:\windows\system32\qAGiknpo.ini2
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF
-------\Service_oreans32
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 14:45 . 2008-12-22 14:46 d-------- c:\program files\Paint.NET
2008-12-22 11:48 . c:\windows\LastGood.Tmp
2008-12-22 11:47 . 2008-12-22 11:47 d--hs---- c:\documents and settings\Blazing Ice\PrivacIE
2008-12-22 11:25 . 2008-12-22 11:27 d--h-c--- c:\windows\ie8
2008-12-22 11:05 . 2008-12-22 14:42 d--h----- C:\$AVG8.VAULT$
2008-12-22 02:15 . 2008-12-22 10:57 d-------- c:\windows\system32\drivers\Avg
2008-12-22 02:15 . 2008-12-22 02:15 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-22 02:15 . 2008-12-22 02:15 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-22 02:15 . 2008-12-22 02:15 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-22 00:54 . 2008-12-22 00:54 d-------- c:\program files\FileASSASSIN
2008-12-22 00:42 . 2008-12-22 00:42 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 00:42 . 2008-12-22 00:42 d-------- c:\documents and settings\Blazing Ice\Application Data\Malwarebytes
2008-12-22 00:42 . 2008-12-22 00:42 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 00:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 23:02 . 2008-12-21 23:02 d-------- c:\program files\CCleaner
2008-12-21 11:30 . 2008-12-21 11:30 103,424 --a------ c:\windows\system32\nnxkgkrr.dll
2008-12-20 19:09 . 2008-12-20 19:09 1,152 --a------ c:\windows\system32\windrv.sys
2008-12-20 19:08 . 2008-12-20 19:09 d-------- c:\program files\Common Files\Download Manager
2008-12-20 13:40 . 2008-12-20 13:41 d-------- c:\program files\Common Files\Scanner
2008-12-20 13:40 . 2008-12-20 13:40 d-------- c:\program files\Common Files\Authentium
2008-12-20 12:53 . 2008-12-22 02:14 d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-20 11:20 . 2008-12-20 11:20 2 --a------ C:\-400035220
2008-12-20 11:20 . 2008-12-20 19:40 0 --a------ c:\windows\system32\drivers\429507c3.sys
2008-12-20 11:20 . 2008-12-20 11:20 0 --a------ C:\rjyywg.exe
2008-12-20 11:20 . 2008-12-20 11:20 0 --a------ C:\eybdluq.exe
2008-12-20 11:13 . 2008-12-20 11:13 d-------- c:\program files\AVG
2008-12-20 00:29 . 2008-12-20 00:29 d-------- c:\program files\Tencent
2008-12-20 00:29 . 2008-12-20 00:29 d-------- c:\documents and settings\Blazing Ice\Application Data\Tencent
2008-12-20 00:29 . 2008-12-20 00:36 d-------- c:\documents and settings\Blazing Ice\Application Data\QQ Games
2008-12-15 14:07 . 2008-12-15 17:29 d-------- c:\program files\Misthalin-V1-Cache
2008-12-12 14:53 . 2008-12-12 14:53 d-------- c:\program files\Common Files\xing shared
2008-12-12 14:52 . 2008-12-12 14:52 d-------- c:\program files\Real
2008-12-08 17:50 . 2008-12-08 18:00 d-------- c:\program files\AllToAVI
2008-12-05 23:39 . 2008-12-05 23:40 d-------- c:\program files\iTunes
2008-12-05 23:39 . 2008-12-05 23:39 d-------- c:\program files\iPod
2008-12-05 23:39 . 2008-12-05 23:40 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 23:34 . 2008-12-05 23:35 d-------- c:\program files\QuickTime
2008-12-04 14:41 . 2008-12-04 14:41 d-------- c:\program files\Veoh Networks
2008-11-27 12:56 . 2008-11-27 12:56 d-------- c:\documents and settings\Blazing Ice\Application Data\acccore
2008-11-27 12:54 . 2008-11-27 12:54 d-------- c:\program files\Common Files\Software Update Utility
2008-11-27 12:54 . 2008-11-27 15:47 d-------- c:\program files\AIM Toolbar
2008-11-27 12:53 . 2008-12-20 00:31 d-------- c:\program files\AIM6
2008-11-26 20:40 . 2008-11-26 20:40 d-------- c:\program files\Lavasoft
2008-11-26 20:40 . 2008-11-26 20:40 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 20:39 . 2008-11-26 20:39 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-24 21:42 . 2008-04-13 13:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-24 21:42 . 2008-04-13 13:39 14,592 --a------ c:\windows\system32\dllcache\kbdhid.sys
2008-11-24 21:42 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-24 21:42 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-11-22 17:25 . 2008-11-22 17:25 d-------- C:\Ntreev

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 06:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 04:57 --------- d-----w c:\program files\Internet Download Manager
2008-12-22 04:57 --------- d-----w c:\documents and settings\Blazing Ice\Application Data\uTorrent
2008-12-22 04:57 --------- d-----w c:\documents and settings\Blazing Ice\Application Data\DMCache
2008-12-20 19:40 --------- d-----w c:\program files\verizon
2008-12-20 19:38 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-20 16:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-20 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-19 00:22 31 ----a-w c:\documents and settings\Blazing Ice\jagex_runescape_preferences.dat
2008-12-12 20:53 --------- d-----w c:\program files\Common Files\Real
2008-12-06 05:39 --------- d-----w c:\program files\Common Files\Apple
2008-12-06 05:27 --------- d-----w c:\documents and settings\Blazing Ice\Application Data\Twain
2008-12-04 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 13:22 --------- d-----w c:\program files\Java
2008-11-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-27 18:53 --------- d-----w c:\program files\Common Files\AOL
2008-11-27 02:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 00:36 --------- d-----w c:\program files\Google
2008-11-18 20:52 --------- d-----w c:\documents and settings\Blazing Ice\Application Data\Hamachi
2008-11-06 20:57 --------- d-----w c:\program files\Sun
2008-11-05 00:53 --------- d-----w c:\program files\Combined Community Codec Pack
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 05:05 --------- d-----w c:\documents and settings\Blazing Ice\Application Data\mIRC
2007-04-26 23:40 439,296 -c--a-w c:\documents and settings\huang\GoToAssist_phone__317_en.exe
2006-10-08 14:19 439,296 ----a-w c:\documents and settings\huang\remote.exe
2006-08-15 19:28 32 -c--a-r c:\documents and settings\All Users\hash.dat
2006-09-20 23:15 88 --sh--r c:\windows\system32\7CDFB2AAB5.sys
2008-07-16 20:59 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071620080717\index.dat
.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 8:45 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"A Verizon App"="c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 50744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Motive SmartBridge"="c:\progra~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-11-16 2065648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-12 185872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-07-11 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kgyecq.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-22 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-22 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-22 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-22 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-25 24652]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\kbdcap.sys [2007-02-21 109440]
S1 429507c3;429507c3;c:\windows\system32\drivers\429507c3.sys [2008-12-20 0]
S3 CookieCow1;CookieCow1;\??\c:\documents and settings\huang\Desktop\CookieCow Engine\CookieCow.sys []
S3 geebers12;geebers12;\??\c:\documents and settings\huang\Desktop\Buffy Engine\nvid888.sys []
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 iCheat1;iCheat1;\??\c:\documents and settings\huang\Desktop\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\docume~1\BLAZIN~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\United Engine\IlvMoney1236.sys []
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\huang\Desktop\Sago's Hack Pack II\kaspersky.sys []
S3 MooseKOPMA;MooseKOPMA;\??\c:\documents and settings\huang\Desktop\MooseKOPMA.sys []
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 եذꤤ1;եذꤤ1;\??\c:\documents and settings\huang\Desktop\gms041\nvid999.sys []
S3 phoenix1;phoenix1;\??\c:\documents and settings\huang\Desktop\Phoenix Engine\phoenix.sys []
S3 puma1;puma1;\??\c:\documents and settings\huang\Desktop\PumaByZ\puma.sys []
S3 Revolution1;Revolution1;\??\c:\documents and settings\huang\Desktop\Rev\SHAK3.sys []
S3 sejt1;sejt1;\??\c:\documents and settings\huang\Desktop\Akuma\sejt.sys []
S3 SoRa01;SoRa01;\??\c:\documents and settings\huang\Desktop\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;\??\c:\documents and settings\huang\Desktop\Spuc3ngine!\spuce.sys []
S3 toBzM;toBzM;\??\C:\toBzM.sys []
S3 TSHAK3T1;TSHAK3T1;\??\c:\documents and settings\huang\Desktop\RE 3.2\spuce.sys []
S3 xp1;xp1;\??\c:\documents and settings\huang\Desktop\xpengine\xp.sys []
S3 zenx1;zenx1;\??\c:\documents and settings\huang\Desktop\ZenxEngine_LATEST\zenx.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04F9B72B-5ABA-8512-0200-070002040608}]
c:\windows\system32\drvr.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-05-28 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []

2008-12-22 c:\windows\Tasks\pbnawhoi.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{83A03973-54BF-4884-B8FC-42C1B3009BF8} - c:\windows\system32\opnkiGAq.dll
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.]
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] -
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-22 03:33:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-22 14:39:56 - machine was rebooted [Blazing Ice]
ComboFix-quarantined-files.txt 2008-12-22 20:39:52

Pre-Run: 29,697,970,176 bytes free
Post-Run: 32,598,540,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

285 --- E O F --- 2008-12-22 17:49:16

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 8:45 pm

i have also ran mbam (Malwarebytes' Anti-Malware) before this.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 8:53 pm

Hello.
Bad news.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).


Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 9:45 pm

Ok, can you help me clean it?

I dont really have any accounts for anything excepts games and some forums which i can change easily after my computer is cleaned.
And for my Modem/Router i can change the password for that too.

Also i have a labtop which uses the Modem/Router is there any chance that it will get infected to?


Last edited by zrawrxd on 22nd December 2008, 9:48 pm; edited 1 time in total

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 9:46 pm

Okay.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
Viewpoint Manager Service
kbdcap
429507c3
CookieCow1
geebers12
hamachi_oem
iCheat1
IlvMoneyDRIVER53
kaspersky1
MooseKOPMA
եذꤤ1
phoenix1
puma1
Revolution1
sejt1
SoRa01
spuce1
toBzM
TSHAK3T1
xp1
zenx1

File::
c:\windows\system32\nnxkgkrr.dll
c:\windows\system32\windrv.sys
c:\windows\system32\drivers\429507c3.sys
C:\rjyywg.exe
C:\eybdluq.exe
c:\documents and settings\huang\GoToAssist_phone__317_en.ex
c:\documents and settings\huang\remote.exe
c:\documents and settings\All Users\hash.dat
c:\windows\Tasks\pbnawhoi.job

DirLook::
C:\Ntreev

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04F9B72B-5ABA-8512-0200-070002040608}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 9:56 pm

I have a quick question should i backup my files first? or ComboFix?
[You must be registered and logged in to see this link.]

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 9:59 pm

Wait.
No, your laptop shouldn't be infected.

Are you planning on formatting? or just generally backing up your stuff?

Either way, back everything up first, and then do combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 10:11 pm

I couldnt find the button for backup.


Im using windows xp home version 2002 service pack3

Also if i choose the backup everything. Will it backup my files like Notepads,Pictures,Videos?
And does also add the Trojan thing in the backup

edit: i dont have any disk/cd to store my files in

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 10:19 pm

If this machine and your laptop are on the same network, you should be able to just drag and drop any files you need.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 10:27 pm

Ok, is there a TuT on how to transfer it?
and what if the Folder im sending have a Backdoor/Trojan in it?
(some of the files have a Blue Text on them for there name.)

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 10:32 pm

Blue text means the files have been compressed by windows because they haven't been used very often.
Windows does this itself to save space on files that just sit on the hardrive and not being used.

Transfering files over a network is slow process though, it is much faster using a USB external drive.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 10:39 pm

Yea but how do i use it? The transfering files over a network. The computers both use the same wireless address.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 10:48 pm

Your laptop will need to be on for this and have a shared folder.

To create a shared folder on your laptop.
Open your C Drive > right click anywhere and open the "New" menu > Select "Folder" and a new folder will be made.
Now click anywhere to knock off the rename and then right click the new folder > Properties > Select the "Sharing" tab.
Then tick "Share this folder on the network", then tick "Allow network users to change my files"

Press okay and close the properties.

Now from this infected machine, press Start > My Computer.
Once the "My Computer" window has opened, drop down the adress list and select "My network places"
Select the folder of your laptop (will probably be named whatever your user account on the laptop is called)
Now you have access to your laptops folder. Start dragging over stuff you need.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 22nd December 2008, 11:10 pm

Ok i got some of the parts but not completely.
1)On the Labtop(Vista) i opened OS(C:)
2)Made a folder called TransferFiles
3)Right Clicked Properties and clicked "Share..."
4)Made it Everyone (All users in this list)
5)Clicked Share and Confirmed.

1)On infected computer i clicked on My Computers and When to My Networking Places
2)I didnt see no folders

or is it possible to put the folders i want to backup in "Backup (D:)" located at My Computer.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 22nd December 2008, 11:22 pm

Yes, use the D: Drive if you have to.
I will ask a colleague to look at this.

In the mean time, please run the CFSCript to take out the leftovers.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:10 am

Ok, i did it but i cant move the mouse on the Infected computer.Im at the Windows login page. It was working before i used the ComboFix with the CFScript.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 12:20 am

This might be the malwares damage.

I would prefer it that you format anyway because of the backdoor bot.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:25 am

How do i format? i dont think the Keyboard works and the mouse wont work ethier. i Even tried using a usb mouse. So im stuck on the Windows Login Page to get onto my account.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 12:27 am

If you have your XP disc, put it in, reboot your machine and boot from the disc.
Then select format on the blue screen.
Read my links on the second page top post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:29 am

I dont have a Disk. Is there any other ways?

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 12:38 am

You can buy an XP disc pretty cheap these days, not much for just a disc.

I will ask a colleague to look at this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:42 am

But i dont think it would work because the Keyboard and Mouse isnt working for the computer. So i wouldnt be able to do anything.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:46 am

Ok, nevermind the Keyboard works at when its starting up but it stops working later on.
Is it possible to do something like this
Press F8 till the screen goes to How you want to start up?

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 12:50 am

Ah, yes.
Does the mouse/keyboard work with safe mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:58 am

None it doesnt work in safe mode.
Theres another Option that i never seen before "Microsoft Windows Recovery Console"

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 1:07 am

That's the recovery console CF installed, it may come in use if we can find out what went wrong.
Leave it there and we'll see what happens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 1:11 am

So what should i do now?

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 1:17 am

My colleague should be online soon, give it maybe 2-3hrs and we may have an answer.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 1:22 am

Hold on, I have another idea.

Are you able to enter your profile, we may be able to use system restore.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 1:31 am

Nope i cant even login.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 1:39 am

Darn.
Okay, hold tight and we'll see what we can do with the recovery console.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 12:12 pm

Ok. ill be waiting.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 2:12 pm

Okay.
We have an idea.
During boot, press F12 instead of F8.

This is known as a refactory image.
Lets see if this works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 7:08 pm

Ok i pressed F12 the Options are
Internal HDD
CD/DVD/CD-RW Drive
Onboard NIC

BIOS Setup
Diagnostics

Which one should i Enter on?

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 7:19 pm

Hello.
Thanks for the options list, select internal HDD.

While we work on this, can I ask who was your supplier for this machine? Dell, etc


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by zrawrxd on 23rd December 2008, 7:31 pm

Yea it was DELL.

zrawrxd
Intermediate
Intermediate

Posts Posts : 107
Joined Joined : 2008-12-21
Gender Gender : Male
OS OS : Window XP [Labtop] / Windows Vista [Labtop]
Points Points : 29388
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Spyware Guard 2008 Removal

Post by Belahzur on 23rd December 2008, 7:33 pm

Great, now we have someone to blame. LOL Banner

Is this machine still on warranty? if so, phone them up and tell them to ship you an XP disc, because we may need it as a last resort.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum