MS Antivirus 2009 and Spyware Guard 2008

View previous topic View next topic Go down

Solved MS Antivirus 2009 and Spyware Guard 2008

Post by ssoozyn on 14th January 2009, 7:54 am

Hello please help me remove MS Antivirus 2009 & Spyware Guard 2008. I have tried various programs (Malwarebytes Anti-Malware, Spybot S&D) and although these programs install, they will not start or run. I cannot navigate online to any page involving antivirus (Trendmicro.com, AVG antivirus update or webpage). Here is a copy of my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:39 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator.COMPANY-8FB7B57\Application Data\Microsoft\Windows\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\csrssc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\hijack this\Hijack(GP)This.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Microsoft copyright - {32c620d6-cc10-4e6a-9715-bacacd5b0e61} - sxmg4.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\rwhbfb873unjdfdg.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Administrator.COMPANY-8FB7B57\Application Data\Microsoft\Windows\lsass.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBA82C0-097F-4BAF-B672-EF858205434A}: NameServer = 85.255.112.37,85.255.112.38
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: WIKI.DLL,mss.dll,avgrsstx.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O21 - SSODL: ieModule - {DA9F49B3-F49C-4C9A-801C-C69E9BAF4AFE} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {A5682970-08C7-4F16-806F-27DD61DA06A5} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ffxeparxvq.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7496 bytes



THANK YOU FOR YOUR TIME AND HELP.

ssoozyn
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-01-14
OS OS : win xp home
Points Points : 28840
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: MS Antivirus 2009 and Spyware Guard 2008

Post by Belahzur on 14th January 2009, 2:14 pm

Hello.
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: C:\WINDOWS\system32\rwhbfb873unjdfdg.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
    O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
    O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\winlogin.exe
    O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\csrssc.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Administrator.COMPANY-8FB7B57\Application Data\Microsoft\Windows\lsass.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBA82C0-097F-4BAF-B672-EF858205434A}: NameServer = 85.255.112.37,85.255.112.38
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
    O20 - AppInit_DLLs: WIKI.DLL,mss.dll,avgrsstx.dll
    O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
    O21 - SSODL: ieModule - {DA9F49B3-F49C-4C9A-801C-C69E9BAF4AFE} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    O21 - SSODL: InternetConnection - {A5682970-08C7-4F16-806F-27DD61DA06A5} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ffxeparxvq.dll
    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\rwhbfb873unjdfdg.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: MS Antivirus 2009 and Spyware Guard 2008

Post by ssoozyn on 15th January 2009, 4:07 am

Although i have spybot and Malwarebytes Antimalware installed, I cannot run either of these programs since i got this problem. I ended up uninstalling spybot to get rid of the teatimer per your previous instructions. I then ran Hijack this and made the corrections you listed above. However, I still cannot run the Malwarebytes Anti-malware program. I tried uninstalling it and then reinstalling it after the hijack this corrections, but it still did not work. Here is another log of HJT after i made the changes you directed.:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:21 AM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
C:\WINDOWS\system32\winscenter.exe
C:\Documents and Settings\Administrator.COMPANY-8FB7B57\Desktop\Hijack(GP)This.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spyware Guard 2008\spywareguard.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {32c620d6-cc10-4e6a-9715-bacacd5b0e61} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: mss.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4984 bytes

ssoozyn
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-01-14
OS OS : win xp home
Points Points : 28840
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: MS Antivirus 2009 and Spyware Guard 2008

Post by Belahzur on 15th January 2009, 4:27 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {32c620d6-cc10-4e6a-9715-bacacd5b0e61} - (no file)
    O20 - AppInit_DLLs: mss.dll
    O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\mss.dll
C:\WINDOWS\system32\rwhbfb873unjdfdg.dll
C:\Documents and Settings\Administrator.COMPANY-8FB7B57\Application Data\Microsoft\Windows\lsass.exe
C:\WINDOWS\system32\WIKI.DLL
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ffxeparxvq.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: MS Antivirus 2009 and Spyware Guard 2008

Post by Doctor Inferno on 18th April 2009, 10:45 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum